Import security/hs-hackage-security.

Not yet wired to the build. ok sthen@, jca@. The hackage security library provides both server and client utilities for securing the Hackage package server (http://hackage.haskell.org/). It is based on The Update Framework (http://theupdateframework.com/), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (https://www.torproject.org/). The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.
2017-11-03 14:48:11 +00:00 · 2017-11-03 14:48:11 +00:00 · bf65662f05
commit bf65662f05
parent 84ffdb12eb
4 changed files with 227 additions and 0 deletions
--- a/security/hs-hackage-security/Makefile
+++ b/security/hs-hackage-security/Makefile
@ -0,0 +1,32 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2017/11/03 14:48:11 kili Exp $
+
+# used by cabal-install
+
+COMMENT=		hackage security library
+
+DISTNAME=		hackage-security-0.5.2.2
+CATEGORIES=		security
+
+# BSD3
+PERMIT_PACKAGE_CDROM =	Yes
+
+MODULES=		lang/ghc
+
+MODGHC_BUILD =          cabal hackage haddock register
+
+MODGHC_PACKAGE_KEY =	8JKMlcbbllrBcXw2VuzwB7
+
+RUN_DEPENDS =		archivers/hs-zlib>=0.5,<0.7 \
+			devel/hs-base16-bytestring>=0.1.1,<0.2 \
+			devel/hs-base64-bytestring>=1.0,<1.1 \
+			devel/hs-mtl>=2.2,<2.3 \
+			devel/hs-network>=2.6,<2.7 \
+			devel/hs-network-uri>=2.6,<2.7 \
+			devel/hs-parsec>=3.1,<3.2 \
+			devel/hs-tar>=0.5,<0.6 \
+			security/hs-cryptohash-sha256>=0.11,<0.12 \
+			security/hs-ed25519
+
+BUILD_DEPENDS =		${RUN_DEPENDS}
+
+.include <bsd.port.mk>
--- a/security/hs-hackage-security/distinfo
+++ b/security/hs-hackage-security/distinfo
@ -0,0 +1,2 @@
+SHA256 (ghc/hackage-security-0.5.2.2.tar.gz) = UHqDeFEmSndMj01AD3mMPaxb4R3EKP5y0z71lMpTPEE=
+SIZE (ghc/hackage-security-0.5.2.2.tar.gz) = 83131
--- a/security/hs-hackage-security/pkg/DESCR
+++ b/security/hs-hackage-security/pkg/DESCR
@ -0,0 +1,10 @@
+The hackage security library provides both server and client utilities
+for securing the Hackage package server (http://hackage.haskell.org/).
+It is based on The Update Framework (http://theupdateframework.com/),
+a set of recommendations developed by security researchers at various
+universities in the US as well as developers on the Tor project
+(https://www.torproject.org/).
+
+The current implementation supports only index signing, thereby
+enabling untrusted mirrors. It does not yet provide facilities for
+author package signing.
--- a/security/hs-hackage-security/pkg/PLIST
+++ b/security/hs-hackage-security/pkg/PLIST
@ -0,0 +1,183 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2017/11/03 14:48:11 kili Exp $
+lib/ghc/${DISTNAME}/
+lib/ghc/${DISTNAME}/HS${DISTNAME}-${MODGHC_PACKAGE_KEY}.o
+lib/ghc/${DISTNAME}/Hackage/
+lib/ghc/${DISTNAME}/Hackage/Security/
+lib/ghc/${DISTNAME}/Hackage/Security/Client/
+lib/ghc/${DISTNAME}/Hackage/Security/Client.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Formats.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Formats.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/Cache.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/Cache.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/HttpLib.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/HttpLib.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/Local.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/Local.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/Remote.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Repository/Remote.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Verify.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Client/Verify.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/JSON.hi
+lib/ghc/${DISTNAME}/Hackage/Security/JSON.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Key/
+lib/ghc/${DISTNAME}/Hackage/Security/Key.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Key.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Key/Env.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Key/Env.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Server.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Server.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/
+lib/ghc/${DISTNAME}/Hackage/Security/TUF.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Common.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Common.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/FileInfo.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/FileInfo.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/FileMap.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/FileMap.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Header.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Header.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/Cache.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/Cache.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/Index.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/Index.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/Repo.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Layout/Repo.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Mirrors.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Mirrors.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Paths.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Paths.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Patterns.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Patterns.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Root.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Root.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Signed.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Signed.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Snapshot.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Snapshot.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Targets.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Targets.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Timestamp.hi
+lib/ghc/${DISTNAME}/Hackage/Security/TUF/Timestamp.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Trusted/
+lib/ghc/${DISTNAME}/Hackage/Security/Trusted.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Trusted.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Trusted/TCB.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Trusted/TCB.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Base64.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Base64.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Checked.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Checked.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/IO.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/IO.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/JSON.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/JSON.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Lens.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Lens.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Path.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Path.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Pretty.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Pretty.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Some.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Some.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Stack.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/Stack.p_hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/TypedEmbedded.hi
+lib/ghc/${DISTNAME}/Hackage/Security/Util/TypedEmbedded.p_hi
+lib/ghc/${DISTNAME}/Prelude.hi
+lib/ghc/${DISTNAME}/Prelude.p_hi
+lib/ghc/${DISTNAME}/Text/
+lib/ghc/${DISTNAME}/Text/JSON/
+lib/ghc/${DISTNAME}/Text/JSON/Canonical.hi
+lib/ghc/${DISTNAME}/Text/JSON/Canonical.p_hi
+lib/ghc/${DISTNAME}/libHS${DISTNAME}-${MODGHC_PACKAGE_KEY}.a
+lib/ghc/${DISTNAME}/libHS${DISTNAME}-${MODGHC_PACKAGE_KEY}_p.a
+lib/ghc/${DISTNAME}/register.sh
+share/doc/hs-${DISTNAME}/
+share/doc/hs-${DISTNAME}/LICENSE
+share/doc/hs-${DISTNAME}/html/
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Formats.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Repository-Cache.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Repository-HttpLib.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Repository-Local.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Repository-Remote.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Repository.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client-Verify.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Client.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-JSON.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Key-Env.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Server.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-TUF-FileMap.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Trusted.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Util-Checked.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Util-IO.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Util-Lens.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Util-Path.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Util-Pretty.html
+share/doc/hs-${DISTNAME}/html/Hackage-Security-Util-Some.html
+share/doc/hs-${DISTNAME}/html/Text-JSON-Canonical.html
+share/doc/hs-${DISTNAME}/html/doc-index-33.html
+share/doc/hs-${DISTNAME}/html/doc-index-60.html
+share/doc/hs-${DISTNAME}/html/doc-index-A.html
+share/doc/hs-${DISTNAME}/html/doc-index-All.html
+share/doc/hs-${DISTNAME}/html/doc-index-B.html
+share/doc/hs-${DISTNAME}/html/doc-index-C.html
+share/doc/hs-${DISTNAME}/html/doc-index-D.html
+share/doc/hs-${DISTNAME}/html/doc-index-E.html
+share/doc/hs-${DISTNAME}/html/doc-index-F.html
+share/doc/hs-${DISTNAME}/html/doc-index-G.html
+share/doc/hs-${DISTNAME}/html/doc-index-H.html
+share/doc/hs-${DISTNAME}/html/doc-index-I.html
+share/doc/hs-${DISTNAME}/html/doc-index-J.html
+share/doc/hs-${DISTNAME}/html/doc-index-K.html
+share/doc/hs-${DISTNAME}/html/doc-index-L.html
+share/doc/hs-${DISTNAME}/html/doc-index-M.html
+share/doc/hs-${DISTNAME}/html/doc-index-N.html
+share/doc/hs-${DISTNAME}/html/doc-index-O.html
+share/doc/hs-${DISTNAME}/html/doc-index-P.html
+share/doc/hs-${DISTNAME}/html/doc-index-R.html
+share/doc/hs-${DISTNAME}/html/doc-index-S.html
+share/doc/hs-${DISTNAME}/html/doc-index-T.html
+share/doc/hs-${DISTNAME}/html/doc-index-U.html
+share/doc/hs-${DISTNAME}/html/doc-index-V.html
+share/doc/hs-${DISTNAME}/html/doc-index-W.html
+share/doc/hs-${DISTNAME}/html/doc-index.html
+share/doc/hs-${DISTNAME}/html/frames.html
+share/doc/hs-${DISTNAME}/html/hackage-security.haddock
+share/doc/hs-${DISTNAME}/html/haddock-util.js
+share/doc/hs-${DISTNAME}/html/hslogo-16.png
+share/doc/hs-${DISTNAME}/html/index-frames.html
+share/doc/hs-${DISTNAME}/html/index.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Formats.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Repository-Cache.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Repository-HttpLib.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Repository-Local.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Repository-Remote.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Repository.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client-Verify.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Client.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-JSON.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Key-Env.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Server.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-TUF-FileMap.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Trusted.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Util-Checked.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Util-IO.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Util-Lens.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Util-Path.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Util-Pretty.html
+share/doc/hs-${DISTNAME}/html/mini_Hackage-Security-Util-Some.html
+share/doc/hs-${DISTNAME}/html/mini_Text-JSON-Canonical.html
+share/doc/hs-${DISTNAME}/html/minus.gif
+share/doc/hs-${DISTNAME}/html/ocean.css
+share/doc/hs-${DISTNAME}/html/plus.gif
+share/doc/hs-${DISTNAME}/html/synopsis.png
+@exec /usr/bin/env HOME=/nonexistent %D/lib/ghc/${DISTNAME}/register.sh -v0
+@unexec /usr/bin/env HOME=/nonexistent %D/lib/ghc/${DISTNAME}/unregister.sh -v0 --force
+lib/ghc/${DISTNAME}/unregister.sh