Making cabal-install SSL capable

Mon May 4 06:31:08 UTC 2015

Just a little update on this. I pinged the author of publicsuffixlist
(necessary for proper cookie domain handling) about removing the
data-default dependency, and after discussion we decided to just merge the
code into http-client instead. With that change, the full dependency list
for http-client-openssl is in fact smaller that http-streams:

cabal install --dry-run --package-db=clear --package-db=global
http-client-openssl
Resolving dependencies...
In order, the following would be installed (use -v for more details):
base64-bytestring-1.0.0.1
data-default-class-0.0.1
network-2.6.0.2
HsOpenSSL-0.11.1.1
random-1.1
stm-2.4.4
text-1.2.0.4
blaze-builder-0.4.0.1
cookie-0.4.1.5
hashable-1.2.3.2
case-insensitive-1.2.0.4
http-types-0.8.6
mime-types-0.1.0.6
transformers-0.4.3.0
mtl-2.2.1
parsec-3.1.9
network-uri-2.6.0.3
transformers-compat-0.4.0.4
exceptions-0.8.0.2
zlib-0.6.1.0
streaming-commons-0.1.12
http-client-0.4.11.2
http-client-openssl-0.2.0.1

On Tue, Apr 28, 2015 at 11:08 AM Herbert Valerio Riedel <hvriedel at gmail.com>
wrote:

> On 2015-04-28 at 06:08:38 +0200, Michael Snoyman wrote:
>
> [...]
>
> > I offered Duncan last week that I'd port cabal-install over to
> > http-client/http-client-tls to add SSL support. That offer still stands.
>
> I did a quick check trying to find out the additional dependencies
> (relative to what 'cabal-install' currently depends on) http-client-tls
> would pull in (it seems http-client and tls each roughly account for
> half the ~50 deps below):
>
>   async-2.0.2
>   base64-bytestring-1.0.0.1
>   blaze-builder-0.4.0.1
>   byteable-0.1.1
>   cereal-0.4.1.1
>   clock-0.4.5.0
>   cryptohash-0.11.6
>   data-default-class-0.0.1
>   data-default-instances-base-0.0.1
>   data-default-instances-containers-0.0.1
>   data-default-instances-old-locale-0.0.1
>   dlist-0.7.1.1
>   data-default-instances-dlist-0.0.1
>   data-default-0.5.3
>   cookie-0.4.1.4
>   hashable-1.2.3.2
>   case-insensitive-1.2.0.4
>   hourglass-0.2.9
>   asn1-types-0.3.0
>   asn1-encoding-0.9.0
>   asn1-parse-0.9.0
>   crypto-pubkey-types-0.4.3
>   http-types-0.8.6
>   mime-types-0.1.0.6
>   pem-0.2.2
>   primitive-0.6
>   securemem-0.1.7
>   crypto-cipher-types-0.0.9
>   cipher-aes-0.2.10
>   cipher-des-0.0.6
>   cipher-rc4-0.1.4
>   socks-0.5.4
>   streaming-commons-0.1.12
>   transformers-compat-0.4.0.4
>   exceptions-0.8.0.2
>   utf8-string-1
>   publicsuffixlist-0.1
>   http-client-0.4.11.1
>   vector-0.10.12.3
>   crypto-random-0.0.9
>   crypto-numbers-0.2.7
>   crypto-pubkey-0.2.8
>   x509-1.5.0.1
>   x509-store-1.5.0
>   x509-system-1.5.0
>   x509-validation-1.5.1
>   tls-1.2.17
>   connection-0.2.4
>   http-client-tls-0.2.2
>
> In contrast, I was surprised to see, that extending the HTTP package (or
> maybe just writing a 'HTTPS'-companion package) to use HsOpenSSL seems
> to pull in 'HsOpenSSL' as the only additional package...
>
> For comparision here's what http-streams (which I'm not suggesting right
> now, as I think going the 'HTTP'+'HsOpenSSL'-route would be better
> currently) would pull in (which could have a few deps less if it didn't
> pull in 'aeson'...):
>
>   HsOpenSSL-0.11.1.1
>   base64-bytestring-1.0.0.1
>   blaze-builder-0.4.0.1
>   bytestring-builder-0.10.6.0.0
>   dlist-0.7.1.1
>   hashable-1.2.3.2
>   case-insensitive-1.2.0.4
>   primitive-0.6
>   scientific-0.3.3.8
>   attoparsec-0.12.1.6
>   syb-0.4.4
>   unordered-containers-0.2.5.1
>   http-common-0.8.2.0
>   vector-0.10.12.3
>   aeson-0.8.0.2
>   zlib-bindings-0.1.1.5
>   io-streams-1.3.0.0
>   openssl-streams-1.2.1.0
>   http-streams-0.8.3.1
>
> Cheers,
>   hvr
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/cabal-devel/attachments/20150504/e9b73b65/attachment.html>