this repo has no description
anil.recoil.org
1opam-version: "2.0"
2homepage: "https://github.com/hannesm/conex"
3dev-repo: "git+https://github.com/hannesm/conex.git"
4bug-reports: "https://github.com/hannesm/conex/issues"
5doc: "https://hannesm.github.io/conex/doc"
6maintainer: ["Hannes Mehnert <hannes@mehnert.org>"]
7license: "BSD-2-Clause"
8
9build: [
10 ["dune" "subst"] {dev}
11 ["dune" "build" "-p" name "-j" jobs]
12]
13
14depends: [
15 "ocaml" {>= "4.03.0" & < "5.0.0"}
16 "dune"
17 "cmdliner"
18 "opam-file-format" {>= "2.0.0~rc2"}
19]
20synopsis: "Establish trust in community repositories"
21description: """
22Conex is a utility for verify and attest release integrity and authenticity of community repositories through the use of cryptographic signatures (RSA-PSS-SHA256). It is based on [the update framework](https://theupdateframework.github.io/), especially on their [CCS 2010 paper](https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf), and adapted to the requirements of the [opam](https://ocaml.opam.org) [repository](https://github.com/ocaml/opam-repository).
23
24The developer sign their release checksums and build instructions. A quorum (with a configurable threshold) of repository maintainers signs the package name to developer key relation. These repository maintainers are enrolled by a quorum of offline root keys.
25
26The [TUF spec](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md) has a good overview of attacks and threat model, both of which are shared by conex."""
27authors: "Hannes Mehnert <hannes@mehnert.org>"
28url {
29 src:
30 "https://github.com/hannesm/conex/releases/download/0.10.0/conex-0.10.0.tbz"
31 checksum: [
32 "sha256=536163045d3624009c4a2ec678a1b531be9485db233f5db43613b3809180a1a9"
33 "md5=39cdb4e3a550703e61b2f56d20323fdd"
34 ]
35}