ZuriHac2015/Projects/hackage-security

From HaskellWiki
< ZuriHac2015‎ | Projects
Revision as of 11:01, 27 May 2015 by Mf (talk | contribs) (Created page with "<h3>Topic</h3> hackage-security is an effort to bring security to the cabal environment. It is based on The Update Framework (TUF) that has been inspired by tor's built-in so...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Topic

hackage-security is an effort to bring security to the cabal environment. It is based on The Update Framework (TUF) that has been inspired by tor's built-in software upgrade system. TUF is an implementation-independent spec backed by a number of scientific publications and a reference implementation in python. hackage-security is an effort to implement TUF for hackage/cabal, and has lead to a few improvements and clarifications in the standard on the way.

Tasks

  • Link hackage-server against hackage-security and deliver cryptographically hardened package index and hashes. A toy cabal-install that comes with hackage-security can be used to test this, so there is no need to touch cabal-install.
  • Link cabal-install against hackage-security and secure package download and installation. (A tool for running secure local hackage repositories comes with hackage-security, so there is no eneed to touch hackage-server.)
  • Add support for cryptographic credentials to cabal config parser.
  • hackage-server comes with a mirroring tool (MirrorClient.hs) for keeping to hackage servers in sync. Re-write the download and/or upload part so it provides TUF security guarantees for the mirror and its users.

Links

An introduction to hackage-security (slightly outdated, but links to further reading):

The code: