Removed support for building with cryptonite, use crypton.

cryptonite is not maintained and has security problems.
Debian stable includes crypton by now.

diff --git a/BuildFlags.hs b/BuildFlags.hs
index 8724b94e45e86af522b757d7faccdb80b52cc10a..0b306a09f4c94620e48b71236c6c7bbc14e37cf1 100644 (file)
--- a/BuildFlags.hs
+++ b/BuildFlags.hs
@@ -85,11 +85,7 @@ dependencyVersions = map fmt $ sortBy (comparing (CI.mk . fst))
        , ("bloomfilter", VERSION_bloomfilter)
        , ("http-client", VERSION_http_client)
        , ("persistent-sqlite", VERSION_persistent_sqlite)
-#ifdef WITH_CRYPTON
        , ("crypton", VERSION_crypton)
-#else
-       , ("cryptonite", VERSION_cryptonite)
-#endif
        , ("aws", VERSION_aws)
        , ("DAV", VERSION_DAV)
 #ifdef WITH_TORRENTPARSER

diff --git a/CHANGELOG b/CHANGELOG
index be8cdacf1afeba568cbaf7e35db9b3ff1f28b0d4..cb3a0e0c153152777e9baf98d5756ac67e761aea 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ git-annex (10.20250829) UNRELEASED; urgency=medium
     flag, these leaks can still happen.
   * Improve performance when used with a local git remote that has a
     large working tree.
+  * Removed support for building with cryptonite, use crypton.
 
  -- Joey Hess <id@joeyh.name>  Fri, 29 Aug 2025 12:34:06 -0400
 

diff --git a/Utility/Hash.hs b/Utility/Hash.hs
index a80ed1c2b33c09f2f82a9c2ac8adfb15783dd433..3cd1d7601fe374d0957184043fe96980c973e65d 100644 (file)
--- a/Utility/Hash.hs
+++ b/Utility/Hash.hs
@@ -1,4 +1,4 @@
-{- Convenience wrapper around cryptonite's hashing.
+{- Convenience wrapper around crypton's hashing.
  -
  - Copyright 2013-2024 Joey Hess <id@joeyh.name>
  -
@@ -7,7 +7,6 @@
 
 {-# LANGUAGE BangPatterns, PackageImports #-}
 {-# LANGUAGE RankNTypes #-}
-{-# LANGUAGE CPP #-}
 
 module Utility.Hash (
        sha1,
@@ -78,13 +77,8 @@ import qualified Data.ByteString.Lazy as L
 import qualified Data.Text as T
 import qualified Data.Text.Encoding as T
 import Data.IORef
-#ifdef WITH_CRYPTON
 import "crypton" Crypto.MAC.HMAC hiding (Context)
 import "crypton" Crypto.Hash
-#else
-import "cryptonite" Crypto.MAC.HMAC hiding (Context)
-import "cryptonite" Crypto.Hash
-#endif
 
 sha1 :: L.ByteString -> Digest SHA1
 sha1 = hashlazy

diff --git a/debian/control b/debian/control
index d258304e29f7a28de450396c9cd9e00703355097..3ae6084609072d5a44ddb4e32069559765098d4f 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Build-Depends:
        libghc-split-dev,
        libghc-data-default-dev,
        libghc-hslogger-dev,
-       libghc-cryptonite-dev,
+       libghc-crypton-dev,
        libghc-memory-dev,
        libghc-deepseq-dev,
        libghc-attoparsec-dev,

diff --git a/git-annex.cabal b/git-annex.cabal
index af69ee14dc204849d0a713198cb6d6c162171fa6..b1cbdf60aa4efda1e4a5df081e2cf180e9122159 100644 (file)
--- a/git-annex.cabal
+++ b/git-annex.cabal
@@ -169,9 +169,6 @@ Flag TorrentParser
 Flag MagicMime
   Description: Use libmagic to determine file MIME types
 
-Flag Crypton
-  Description: Use the crypton library rather than the no longer maintained cryptonite
-
 Flag Servant
   Description: Use the servant library, enabling using annex+http urls and git-annex p2phttp
 
@@ -284,7 +281,8 @@ Executable git-annex
    network (>= 3.0.0.0),
    network-bsd,
    git-lfs (>= 1.2.0),
-   clock (>= 0.3.0)
+   clock (>= 0.3.0),
+   crypton
   CC-Options: -Wall
   GHC-Options: -Wall -fno-warn-tabs  -Wincomplete-uni-patterns
   Default-Language: Haskell2010
@@ -311,12 +309,6 @@ Executable git-annex
   if os(linux) || os(freebsd)
     GHC-Options: -optl-Wl,--as-needed
 
-  if flag(Crypton)
-    Build-Depends: crypton
-    CPP-Options: -DWITH_CRYPTON
-  else
-    Build-Depends: cryptonite (>= 0.23)
-
   if flag(Servant)
     Build-Depends:
       servant,

diff --git a/stack.yaml b/stack.yaml
index 3d187cdd0f131f3c946b44c330df4ee17533ee59..58a44a292b1b3a51fd3d0b294b38673c2783a59b 100644 (file)
--- a/stack.yaml
+++ b/stack.yaml
@@ -9,7 +9,6 @@ flags:
     dbus: false
     debuglocks: false
     benchmark: true
-    crypton: true
     servant: true
     ospath: true
 packages: