security/hs-hackage-security - The NetBSD Packages Collection

Hackage security library

The hackage security library provides both server and client utilities
for securing the Hackage package server
(http://hackage.haskell.org/). It is based on The Update Framework
(http://theupdateframework.com/), a set of recommendations developed
by security researchers at various universities in the US as well as
developers on the Tor project (https://www.torproject.org/).

The current implementation supports only index signing, thereby
enabling untrusted mirrors. It does not yet provide facilities for
author package signing.

Build dependencies

pkgtools/mktools pkgtools/cwrappers

Runtime dependencies

lang/ghc98 converters/hs-base16-bytestring converters/hs-base64-bytestring security/hs-cryptohash-sha256 security/hs-ed25519 devel/hs-lukko net/hs-network net/hs-network-uri archivers/hs-tar archivers/hs-zlib lang/ghc98 converters/hs-base16-bytestring converters/hs-base64-bytestring security/hs-cryptohash-sha256 security/hs-ed25519 devel/hs-lukko net/hs-network net/hs-network-uri archivers/hs-tar archivers/hs-zlib

Binary packages

OSArchitectureVersion
NetBSD 10.0aarch64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 10.0aarch64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 10.0x86_64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 10.0x86_64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 9.0aarch64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 9.0x86_64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 9.0x86_64hs-hackage-security-0.6.2.6nb1.tgz
NetBSD 9.3x86_64hs-hackage-security-0.6.2.6nb1.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options

(none)

Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.


Problem reports, updates or suggestions for this package should be reported with send-pr.