stackage
ring
Our great sponsors
stackage | ring | |
---|---|---|
13 | 28 | |
520 | 3,560 | |
-0.4% | - | |
9.9 | 9.8 | |
6 days ago | 5 days ago | |
Dockerfile | Assembly | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
stackage
-
Revisiting Haskell after 10 years
Writing Haskell programs that rely on third-party packages is still an issue when it’s a not actively maintained package. They get out of date with the base library (Haskell’s standard library), and you might see yourself in a situation where you need to downgrade to an older version. This is not exclusive to Haskell, but it happens more often than I’d like to assume. However, if you only rely on known well-maintained libraries/frameworks such as Aeson, Squeleto, Yesod, and Parsec, to name a few, it’s unlikely you will face troubles at all, you just need to be more mindful of what you add as a dependency. There’s stackage.org now, a repository that works with Stack, providing a set of packages that are proven to work well together and help us to have reproducible builds in a more manageable way—not the solution for all the cases but it’s good to have it as an option.
-
Leaving Haskell Behind
> That is fine, as far as it goes, but obviously this will, at some point, be at odds with the interests of programmers looking to use Haskell as a practical, stable tool.
That's what Stackage is.
Stackage provides consistent sets of Haskell packages, known to build together and pass their tests before becoming Stackage Nightly snapshots and LTS (Long Term Support) releases. [1]
Java will never get this.
[1] https://www.stackage.org/
-
Haskell IDE setup
makefile_dir := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) export PATH := $(makefile_dir):$(PATH) project_name ?= project_main ?= src/.hs retag_file ?= $(project_main) stack.yaml: @test -f stack.yaml || (echo -e "This makefile requires a 'stack.yaml' for your project.\nYou don't need to use 'stack' to build your project.\nYou just need a 'stack.yaml' specifying a resolver compatible with your GHC version.\nSee https://www.stackage.org/" && exit 1) stack: stack.yaml @which stack || (echo -e "This makefile requires 'stack' to be on your path. Use GHCup to install it.\nSee https://www.haskell.org/ghcup/" && exit 1) .PHONY: stack warning.txt: -@uname -a | grep -q Darwin && echo "WARNING: On Mac, you must alias 'make' to 'gmake' in your shell config file (e.g. ~/.bashrc or ~/.zshrc). Symbolic links will not work." | tee warning.txt @echo "Add 'warning.txt' to your .gitignore file if you never want to see this message again." hasktags: warning.txt stack @echo 'stack exec -- hasktags' > hasktags @chmod +x hasktags @echo "You might like to add 'hasktags' to your .gitignore file." format: stack @stack exec -- fourmolu --stdin-input-file $(project_main) .PHONY: format retag: warning.txt stack @stack exec -- haskdogs -i $(retag_file) --hasktags-args "-x -c -a" | sort -u -o tags tags .PHONY: retag tags: warning.txt hasktags stack @stack exec -- haskdogs .PHONY: tags ghcid: stack @stack exec -- ghcid \ --command 'stack repl --ghc-options "-fno-code -fno-break-on-exception -fno-break-on-error -v1 -ferror-spans -j"' \ --restart stack.yaml \ --restart $(project_name).cabal \ --warnings \ --outputfile ./ghcid.txt .PHONY: ghcid
- stack
-
Most current materials for learning Haskell
(why lts-18.28? it's the latest 8.10 release on https://www.stackage.org/ )
-
Monthly Hask Anything (March 2022)
I don't see way community maintenance can change the GHC for nightly.
-
Is it possible to install C libraries before building on Hackage?
It makes total sense that it fails since at no point I requested that the library be installed, which makes me wonder: Is there any way to request Hackage to install SDL and GLEW before attempting the build? I see Stackage has debian-bootstrap.sh. Does something similar exist for Hackage?
-
No idea how to add packages
At this point, you can try a Stack snapshot that uses an older version of GHC. Looking at Stackage, you can see that the latest version before 8.10.* is 8.8.4 (using LTS 16.31). Starting over with that snapshot, you find that the packages that you need are in the snapshot and work.
-
[GHC Proposals] GHC Maintainer preview
On the contrary, I think this is standard practice for packages which are part of stackage. When stackage nightly switches to a new version of ghc, all the packages which are incompatible with the new ghc are dropped from nightly. My understanding is that maintainers are then expected to fix their packages, at which point more and more packages are included in the nightly snapshot. The next lts to include that version of ghc is only released later, once most packages have been added back, so unlike ghc users who diligently upgrade to the latest ghc, stackage users who diligently upgrade the latest lts snapshot shouldn't see a big drop in the number of compatible packages.
-
Setup dev container with language server out of the box
I found the latest stack lts version, and it's associated ghc version here: https://www.stackage.org/
ring
-
AWS Libcrypto for Rust
Again, this is just a temporary situation, and a matter of burning down a list of small tasks. Not that the OpenSSL license issue is a big deal for most anyway. Feel free to help; see this issue filed by Josh Triplett: https://github.com/briansmith/ring/issues/1318#issuecomment-...
- Boletín AWS Open Source, Christmas Edition
- Libsodium: A modern, portable, easy to use crypto library
-
A brief guide to choosing TLS crates
Note also that rustls depends on ring, which has architecture-dependent code in it that is not as widely compatible as eg. OpenSSL/GnuTLS/Mbed-TLS. For example, MIPS is not supported by ring.
- Data-driven performance optimization with Rust and Miri
-
Releasing Rust Binaries with GitHub Actions - Part 2
The AWS Rust library we were using as a dependency depended on a cryptography library called ring. This library leverages C and assembly code to implement its cryptographic primitives. Unfortunately, cross compiling when C is involved can add complexity to the build process. While it might've been possible to overcome these issues I decided that it wasn't worth digging into more.
-
Urgent Upcoming OpenSSL release patches critical vulnerability
That'd be great. Thanks Brian. Re: making ring portable to all platforms: IBM have been graciously maintaining a up to date patchset for Ring for years now and there's an outstanding PR here you may not have seen since they filed it in 2020... https://github.com/briansmith/ring/pull/1057
-
OpenSSL Security Advisory [5 July 2022]
Beyond the simple matter of Rust being much newer than OpenSSL, one concern for some cryptographic primitives is the timing side-channel.
https://en.wikipedia.org/wiki/Timing_attack
In high level languages like Rust, the compiler does not prioritise trying to emit machine code which executes in constant time for all inputs. OpenSSL has implementations for some primitives which are known to be constant time, which can be important.
One option if you're working with Rust anyway would be use something like Ring:
https://github.com/briansmith/ring
Ring's primitives are just taken from BoringSSL which is Google's fork of OpenSSL, they're a mix of C and assembly language, it's possible (though fraught) to write some constant time algorithms in C if you know which compiler will be used, and of course it's possible (if you read the performance manuals carefully) to write constant time assembly in many cases.
In the C / assembly language code of course you do not have any safety benefits.
It can certainly make sense to do this very tricky primitive stuff in dangerous C or assembly, but then write all the higher level stuff in Rust, and that's the sort of thing Ring is intended for. BoringSSL for example includes code to do X.509 parsing and signature validation in C, but those things aren't sensitive, a timing attack on my X.509 parsing tells you nothing of value, and it's complicated to do correctly so Rust could make sense.
-
Rust's Option and Result. In Python.
machine learning, neural networks, image processing, cryptography (though it is getting better), font shaping/rendering (though it is getting better), CPU/software rendering (though it is getting better)
- Mega: Malleable Encryption Goes Awry
What are some alternatives?
cblrepo - Tool to simplify managing a consistent set of Haskell packages for distributions.
rust-crypto - A (mostly) pure-Rust implementation of various cryptographic algorithms.
cargo-crev - A cryptographically verifiable code review system for the cargo (Rust) package manager.
ed25519-dalek - Fast and efficient ed25519 signing and verification in Rust.
Cabal - Official upstream development repository for Cabal and cabal-install
rust-openssl - OpenSSL bindings for Rust
stackage-curator
orion - Usable, easy and safe pure-Rust crypto [Moved to: https://github.com/orion-rs/orion]
cabal2nix - Generate Nix build instructions from a Cabal file
rustls - A modern TLS library in Rust
stackage-upload - A more secure version of cabal upload which uses HTTPS
sodiumoxide - [DEPRECATED] Sodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)