Hi Neil,

I was reading your instructions on the GHC wiki page,
http://hackage.haskell.org/trac/ghc/wiki/Building/Windows, and they are
wonderful - exactly what I wanted. However, they don't work. When
downloading Cygwin you are told to add haskell.org/ghc/cygwin as a path
so it can pick up the setup.ini file. However, in the latest version of
Cygwin it obvious wants signatures for all the .ini files:

---------------------------
Cygwin Setup
---------------------------
Unable to get http://www.haskell.org/ghc/cygwin/setup.ini.sig from
<http://www.haskell.org/ghc/cygwin>
---------------------------
OK ---------------------------

Could someone please add the appropriate signature file?

Grr, not just the Haskell Cabal keeps marching on. Apparently, that is a change in last month's setup.exe:

   Updated: Setup.exe updated to version 2.573.2.3
   http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html

If I understand the implications correctly, one would need a
three point change to adapt properly:

- sign the setup.ini file with a key, in place
- put up a public key to check against, somewhere else
- point setup.exe to the location of the public key

Given that all we want are the dependencies (the package
is empty), this is starting to look ridiculous (one has to put in
more administrative information than one saves from not having
to specify the dependencies by hand..).

Meanwhile, there is apparently a command-line option to bypass the check, when using setup.exe on this repository:

   -X --no-verify                         Don't verify setup.ini signatures

You can easily check the package contents yourself before/after
downloading (because it is empty, only the setup.ini text matters;-).

Of course, I wouldn't recommend using that switch while you're also sourcing from another repository (the verification has been added for a reason), so one would have to recommend running setup.exe twice, once with verification for the main stuff, once without for ghc-depends?
But setup.exe will presumably want to run the check on both
downloading and installing, and since the dependencies ought to
be installed with verification, it isn't quite clear to me whether there
is a successful sequence of calling setup.exe, unless ghc-depends
is signed and an additional key is provided..

GHC HQ: unless you want to sign that package, and provide
a key to check against, I don't know what to do about this.

Please remember to update the log on the wiki page when you succeed - the value of this log comes from being applied from
scratch (when just updating, it is easy to miss something).

Thanks,
Claus


_______________________________________________
Glasgow-haskell-users mailing list
Glasgow-haskell-users@haskell.org
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users

Reply via email to