From e961238f3a4c17c42b05a5e78e07d1b7377f8581 Mon Sep 17 00:00:00 2001 From: Michael Snoyman Date: Wed, 14 Feb 2018 08:52:27 +0200 Subject: [PATCH] Include patched hackage-security for #3073 NOTE: This is included via an extra-dep, which would constitute the first time Stack would include a patched version of an upstream library. This is due to the fact that https://github.com/haskell/hackage-security/pull/203 is likely not going to be merged, despite fixing issues affecting Stack. This leaves us with (AFAICT) 4 choices at the Stack level: 1. Continue using the officially released upstream version of hackage-security, bugs and all 2. Fork hackage-security on Hackage, and depend on the fork 3. Inline the code from hackage-security into Stack itself, and drop the explicit dependency on hackage-security 4. Include hackage-security via an `extra-dep` pointing at a Git commit. Our official builds will use the patched version of hackage-security, and anyone building from Hackage will end up with the unpatched version This PR represents approach (4). If and when the PR is merged and released to Hackage, this becomes a non-issue. But generally speaking, we should have a policy in Stack for handling these kinds of upstream issues cases. --- ChangeLog.md | 6 ++++++ stack-nightly.yaml | 3 +++ stack.yaml | 3 +++ 3 files changed, 12 insertions(+) diff --git a/ChangeLog.md b/ChangeLog.md index 6309b21956..32f0ed083a 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -34,6 +34,12 @@ Bug fixes: we were forgetting to record the result, which meant that all tests always ran even if they had already passed before. See [#3770](https://github.com/commercialhaskell/stack/pull/3770). +* Includes a patched version of `hackage-security` which fixes both + some issues around asynchronous exception handling, and moves from + directory locking to file locking, making the update mechanism + resilient against SIGKILL and machine failure. See + [hackage-security #187](https://github.com/haskell/hackage-security/issues/187) + and [#3073](https://github.com/commercialhaskell/stack/issues/3073). ## v1.6.3 diff --git a/stack-nightly.yaml b/stack-nightly.yaml index 6e7e2c5e6a..f0da109e2b 100644 --- a/stack-nightly.yaml +++ b/stack-nightly.yaml @@ -7,3 +7,6 @@ nix: - http-client-tls-0.3.4 extra-deps: - hpack-0.26.0 +- archive: https://github.com/haskell/hackage-security/archive/3297b0f3f4285cb30321baaa7b54e3d22e1f6bd7.tar.gz + subdirs: + - hackage-security diff --git a/stack.yaml b/stack.yaml index 3371af5b98..0c1712865a 100644 --- a/stack.yaml +++ b/stack.yaml @@ -30,3 +30,6 @@ extra-deps: - ansi-terminal-0.7.1.1 - ansi-wl-pprint-0.6.8.1 - smallcheck-1.1.3 +- archive: https://github.com/haskell/hackage-security/archive/3297b0f3f4285cb30321baaa7b54e3d22e1f6bd7.tar.gz + subdirs: + - hackage-security