Commit cf789ea3 authored by Herbert Valerio Riedel's avatar Herbert Valerio Riedel 🕺 Committed by Mikhail Glushenkov
Browse files

Swap `cryptohash`/`byteable` dep with `cryptohash-sha256`/`base16-bytestring`

See well-typed/hackage-security#152 for rationale

(cherry picked from commit b9a5c376)
parent 0e50ec48
......@@ -40,13 +40,14 @@ import Distribution.Text
import Distribution.Client.Types
( InstalledPackageId )
import qualified Crypto.Hash.SHA256 as SHA256
import qualified Data.ByteString.Base16 as Base16
import qualified Data.ByteString.Char8 as BS
import qualified Data.ByteString.Lazy.Char8 as LBS
import qualified Crypto.Hash as Hash
import qualified Data.Byteable as Hash
import qualified Data.Set as Set
import Data.Set (Set)
import Control.Monad (unless)
import Data.Maybe (catMaybes)
import Data.List (sortBy, intercalate)
import Data.Function (on)
......@@ -203,22 +204,22 @@ renderPackageHashInputs PackageHashInputs{
-- there is some value in preventing intentional hash collisions in installed
-- package ids.
newtype HashValue = HashValue (Hash.Digest Hash.SHA256)
newtype HashValue = HashValue BS.ByteString
deriving (Eq, Show)
instance Binary HashValue where
put (HashValue digest) = put (Hash.toBytes digest)
put (HashValue digest) = put digest
get = do
bs <- get
case Hash.digestFromByteString bs of
Nothing -> fail "HashValue: bad digest"
Just digest -> return (HashValue digest)
digest <- get
unless (BS.length digest == 32) $ -- NB: valid for SHA256
fail "HashValue: bad digest"
return (HashValue digest)
hashValue :: LBS.ByteString -> HashValue
hashValue = HashValue . Hash.hashlazy
hashValue = HashValue . SHA256.hashlazy
showHashValue :: HashValue -> String
showHashValue (HashValue digest) = BS.unpack (Hash.digestToHexByteString digest)
showHashValue (HashValue digest) = BS.unpack (Base16.encode digest)
readFileHashValue :: FilePath -> IO HashValue
readFileHashValue tarball =
......
......@@ -239,12 +239,12 @@ executable cabal
async >= 2.0 && < 3,
array >= 0.4 && < 0.6,
base >= 4.5 && < 5,
base16-bytestring >= 0.1.1 && < 0.2,
binary >= 0.5 && < 0.9,
byteable >= 0.1 && < 0.2,
bytestring >= 0.9 && < 1,
Cabal >= 1.25 && < 1.26,
containers >= 0.4 && < 0.6,
cryptohash >= 0.11 && < 0.12,
cryptohash-sha256 >= 0.11 && < 0.12,
filepath >= 1.3 && < 1.5,
hashable >= 1.0 && < 2,
HTTP >= 4000.1.5 && < 4000.4,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment