Making cabal-install SSL capable

Gershom B gershomb at gmail.com
Thu May 7 22:14:41 UTC 2015 

On my branch now, everything "should" work:
https://github.com/gbaz/Cabal/tree/https

By "should" I mean the refactor is in place, and we have support for curl,
wget, powershell, and insecure-http.

You can pass a global flag to set your preferred transport (and it will not
try insecure-http unless you explictly request it). If you use any
transport but insecure-http it will convert http to https urls
automatically.

Things that remain outstanding

1) ETags are not enabled on the new transports -- this is just some tedious
work to emit them from the programs and parse them out.
2) http-transport is a global option and can be passed, but it doesn't seem
to wind up in the documentation correctly. Not sure how to configure the
options properly.

3) Proxy support is not fully tested on curl/wget -- it _did_ work on my
machine at one point, but it lives behind a particularly perverse proxy and
ceased working in a way I can't diagnose and might just be due to a
hopeless proxy.
4) I haven't properly tested upload support on wget, which is fiddly since
it needs to do its own multipart encoding just like insecure-http.

5) Proxies are not enabled on powershell -- this is some tedious work to
automate parsing out the proxy settings better, since the "correct
powershell" way to handle proxies with user/passwords doesn't seem to
actually work.
6) Powershell also needs real escaping, in case package names/urls
perversely have quotation marks in them.

Anyway, this touched a bunch of stuff in small ways and could use some
review and _especially_ some testers across various platforms and
transports to see what's still missing,

If any brave souls want to try out the various transports, or pick up some
of the remaining work, please do! This was a nice exercise, but I could
really use another set or two of eyes/hands to take it to 100%.

(note that even though I branched before the digest fix, I ported it over
to this branch, so that the insecure-http transport _should_ be using
digest auth properly already).

--Gershom


On Thu, May 7, 2015 at 5:02 AM, Mikhail Glushenkov <
the.dead.shall.rise at gmail.com> wrote:

> Hi,
>
> On 6 May 2015 at 20:08, Thomas Tuegel <ttuegel at gmail.com> wrote:
> > The saved program configuration is not serialized in
> > `dist/setup-config`, [1] so it must be regenerated at runtime every
> > time, anyway.
>
> We don't want to configure all known built-in programs on each 'cabal
> upload', though, so we should introduce a 'configTransport' function
> to be used in 'uploadAction' instead of 'configCompiler'.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/cabal-devel/attachments/20150507/aa840025/attachment-0001.html>

More information about the cabal-devel mailing list