this repo has no description
anil.recoil.org
1opam-version: "2.0"
2homepage: "https://github.com/hannesm/conex"
3dev-repo: "git+https://github.com/hannesm/conex.git"
4bug-reports: "https://github.com/hannesm/conex/issues"
5doc: "https://hannesm.github.io/conex/doc"
6maintainer: ["Hannes Mehnert <hannes@mehnert.org>"]
7license: "BSD-2-Clause"
8
9build: [
10 ["dune" "subst"] {dev}
11 ["dune" "build" "-p" name "-j" jobs]
12 ["dune" "runtest" "-p" name "-j" jobs] {with-test}
13]
14depends: [
15 "ocaml" {>= "4.03.0"}
16 "dune"
17 "alcotest" {with-test}
18 "cmdliner"
19 "conex" {= version}
20 "cstruct" {>= "1.6.0" & <"5.0.0"}
21 "nocrypto" {>= "0.5.4"}
22 "x509" {>= "0.4.0" & < "0.7.0"}
23 "logs"
24 "fmt"
25 "rresult"
26]
27synopsis: "Establish trust in community repositories"
28description: """
29Conex is a utility for verify and attest release integrity and authenticity of community repositories through the use of cryptographic signatures (RSA-PSS-SHA256). It is based on [the update framework](https://theupdateframework.github.io/), especially on their [CCS 2010 paper](https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf), and adapted to the requirements of the [opam](https://ocaml.opam.org) [repository](https://github.com/ocaml/opam-repository).
30
31The developer sign their release checksums and build instructions. A quorum (with a configurable threshold) of repository maintainers signs the package name to developer key relation. These repository maintainers are enrolled by a quorum of offline root keys.
32
33The [TUF spec](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md) has a good overview of attacks and threat model, both of which are shared by conex."""
34authors: "Hannes Mehnert <hannes@mehnert.org>"
35url {
36 src:
37 "https://github.com/hannesm/conex/releases/download/0.10.1/conex-0.10.1.tbz"
38 checksum: [
39 "sha256=8e92a9fce2133fa44f7d81211790e911a1e011a138ca56da48af50d612ed4b81"
40 "md5=1e09e8e28c4b26d5a22b3a5afd1fdc5c"
41 ]
42}
43flags: deprecated