-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
opam
42 lines (39 loc) · 1.89 KB
/
opam
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
opam-version: "2.0"
homepage: "https://github.com/hannesm/conex"
dev-repo: "git+https://github.com/hannesm/conex.git"
bug-reports: "https://github.com/hannesm/conex/issues"
doc: "https://hannesm.github.io/conex/doc"
maintainer: ["Hannes Mehnert <hannes@mehnert.org>"]
license: "BSD-2-Clause"
build: [
["dune" "subst"] {dev}
["dune" "build" "-p" name "-j" jobs]
["dune" "runtest" "-p" name "-j" jobs] {with-test}
]
depends: [
"ocaml" {>= "4.03.0"}
"dune"
"alcotest" {with-test}
"cmdliner"
"conex" {= version}
"cstruct" {>= "1.6.0" & <"5.0.0"}
"nocrypto" {>= "0.5.4"}
"x509" {>= "0.4.0" & < "0.7.0"}
"logs"
"fmt"
"rresult"
]
synopsis: "Establish trust in community repositories"
description: """
Conex is a utility for verify and attest release integrity and authenticity of community repositories through the use of cryptographic signatures (RSA-PSS-SHA256). It is based on [the update framework](https://theupdateframework.github.io/), especially on their [CCS 2010 paper](https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf), and adapted to the requirements of the [opam](https://ocaml.opam.org) [repository](https://github.com/ocaml/opam-repository).
The developer sign their release checksums and build instructions. A quorum (with a configurable threshold) of repository maintainers signs the package name to developer key relation. These repository maintainers are enrolled by a quorum of offline root keys.
The [TUF spec](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md) has a good overview of attacks and threat model, both of which are shared by conex."""
authors: "Hannes Mehnert <hannes@mehnert.org>"
url {
src:
"https://github.com/hannesm/conex/releases/download/0.10.1/conex-0.10.1.tbz"
checksum: [
"sha256=8e92a9fce2133fa44f7d81211790e911a1e011a138ca56da48af50d612ed4b81"
"md5=1e09e8e28c4b26d5a22b3a5afd1fdc5c"
]
}