From 0fc822f707ed6a49be70fe9a4712592f48f08e90 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 10 Sep 2025 13:21:06 -0400 Subject: [PATCH] Removed support for building with cryptonite, use crypton. cryptonite is not maintained and has security problems. Debian stable includes crypton by now. --- BuildFlags.hs | 4 ---- CHANGELOG | 1 + Utility/Hash.hs | 8 +------- debian/control | 2 +- git-annex.cabal | 12 ++---------- stack.yaml | 1 - 6 files changed, 5 insertions(+), 23 deletions(-) diff --git a/BuildFlags.hs b/BuildFlags.hs index 8724b94e45..0b306a09f4 100644 --- a/BuildFlags.hs +++ b/BuildFlags.hs @@ -85,11 +85,7 @@ dependencyVersions = map fmt $ sortBy (comparing (CI.mk . fst)) , ("bloomfilter", VERSION_bloomfilter) , ("http-client", VERSION_http_client) , ("persistent-sqlite", VERSION_persistent_sqlite) -#ifdef WITH_CRYPTON , ("crypton", VERSION_crypton) -#else - , ("cryptonite", VERSION_cryptonite) -#endif , ("aws", VERSION_aws) , ("DAV", VERSION_DAV) #ifdef WITH_TORRENTPARSER diff --git a/CHANGELOG b/CHANGELOG index be8cdacf1a..cb3a0e0c15 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -12,6 +12,7 @@ git-annex (10.20250829) UNRELEASED; urgency=medium flag, these leaks can still happen. * Improve performance when used with a local git remote that has a large working tree. + * Removed support for building with cryptonite, use crypton. -- Joey Hess Fri, 29 Aug 2025 12:34:06 -0400 diff --git a/Utility/Hash.hs b/Utility/Hash.hs index a80ed1c2b3..3cd1d7601f 100644 --- a/Utility/Hash.hs +++ b/Utility/Hash.hs @@ -1,4 +1,4 @@ -{- Convenience wrapper around cryptonite's hashing. +{- Convenience wrapper around crypton's hashing. - - Copyright 2013-2024 Joey Hess - @@ -7,7 +7,6 @@ {-# LANGUAGE BangPatterns, PackageImports #-} {-# LANGUAGE RankNTypes #-} -{-# LANGUAGE CPP #-} module Utility.Hash ( sha1, @@ -78,13 +77,8 @@ import qualified Data.ByteString.Lazy as L import qualified Data.Text as T import qualified Data.Text.Encoding as T import Data.IORef -#ifdef WITH_CRYPTON import "crypton" Crypto.MAC.HMAC hiding (Context) import "crypton" Crypto.Hash -#else -import "cryptonite" Crypto.MAC.HMAC hiding (Context) -import "cryptonite" Crypto.Hash -#endif sha1 :: L.ByteString -> Digest SHA1 sha1 = hashlazy diff --git a/debian/control b/debian/control index d258304e29..3ae6084609 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Build-Depends: libghc-split-dev, libghc-data-default-dev, libghc-hslogger-dev, - libghc-cryptonite-dev, + libghc-crypton-dev, libghc-memory-dev, libghc-deepseq-dev, libghc-attoparsec-dev, diff --git a/git-annex.cabal b/git-annex.cabal index af69ee14dc..b1cbdf60aa 100644 --- a/git-annex.cabal +++ b/git-annex.cabal @@ -169,9 +169,6 @@ Flag TorrentParser Flag MagicMime Description: Use libmagic to determine file MIME types -Flag Crypton - Description: Use the crypton library rather than the no longer maintained cryptonite - Flag Servant Description: Use the servant library, enabling using annex+http urls and git-annex p2phttp @@ -284,7 +281,8 @@ Executable git-annex network (>= 3.0.0.0), network-bsd, git-lfs (>= 1.2.0), - clock (>= 0.3.0) + clock (>= 0.3.0), + crypton CC-Options: -Wall GHC-Options: -Wall -fno-warn-tabs -Wincomplete-uni-patterns Default-Language: Haskell2010 @@ -311,12 +309,6 @@ Executable git-annex if os(linux) || os(freebsd) GHC-Options: -optl-Wl,--as-needed - if flag(Crypton) - Build-Depends: crypton - CPP-Options: -DWITH_CRYPTON - else - Build-Depends: cryptonite (>= 0.23) - if flag(Servant) Build-Depends: servant, diff --git a/stack.yaml b/stack.yaml index 3d187cdd0f..58a44a292b 100644 --- a/stack.yaml +++ b/stack.yaml @@ -9,7 +9,6 @@ flags: dbus: false debuglocks: false benchmark: true - crypton: true servant: true ospath: true packages: -- 2.30.2