Closed sorki closed 4 years ago
sjakobi
commented
4 years ago For reference, getting rid of the libsodium system dependency would likely fix the missing haddocks issue for hnix-store-core (https://github.com/haskell-nix/hnix-store/issues/65) and downstream packages (https://github.com/haskell-nix/hnix/issues/538, https://github.com/dhall-lang/dhall-haskell/issues/1756).
Ericson2314
commented
4 years ago Bundling is bad, but maybe just enough can be spoofed so the docs for saltine can be built without the C library?
sjakobi
commented
4 years ago Bundling is bad
What's the problem with bundling? It seems quite widely used in the Haskell ecosystem.
Ericson2314
commented
4 years ago The intent of Cabal was always for something else to provide the C libraries, and Cabal packages to just use them.
sorki
commented
4 years ago From security perspective, bundling sounds bad and would need additional attention or automation to update the bundled lib.
I will take a peak at cryptonite to see how hard it would be to use that for signatures. Maybe even a wrapper type like Signed StorePathMetadata could work but I'm not big fan of CPP preprocessor that would be required to be able to build hnix-store with and without signature support.
sorki
commented
4 years ago @sjakobi thank you for the Hackage fix!
I've checked sodium packages cabal file and it has
pkgconfig-depends: libsodium >= 1.0.13So tools should pick this up automatically.
Closing.
Currently we're using
cryptohash-*andsaltinelibraries.saltineseems to cause issues on CIs like Hackage or Travis using MacOS builders due to requirement of native library.Previously we've used
cryptonitelibrary (removed due to #18) but it does haveEd25519implementation which could be used instead ofsaltineone for signature validation.Few options 1) persuade
saltinemaintainer to bundlelibsodium2) make signature validation optional like Nix does 3) switch tocryptoniteNeither of these is particularly appealing to me so I would like to know your opinion about this.