# planet

## July 28, 2015

### Dan Frumin

#### Darcs rebase by example

July 28, 2015 10:40 AM UTC

Darcs is a patch-centric version control system. In Darcs, there is no “correct” linear history of a repository – rather, there is a poset of patches. That means that most of the time you are pushing and pulling changes you can cherry-pick patches without a problem. However, in some cases you cannot perform a pull (or some other operation on the repository) smoothly. Sometimes it is necessary to rewrite the “history” – i.e. modify a patch that is a dependency of one or more other patches. For those cases darcs rebase comes in handy. To put it in the words of the implementor “Rebase is a workaround for cases where commutation doesn’t do enough”.

A repository can change it’s state from rebase-in-progress back to normal if there are no suspended patches left. However, be aware that you cannot unsuspend a patch1 if you have unrecorded changes in the repository. In light of this, I suggest recording a temporary patch with current changes

darcs record -am DRAFT

You can suspend that patch at the beginning of your rebase process and apply it at the end.

# General overview of rebase

darcs rebase is an operation (or, rather, a family of operations) that allows one to make changes “deep down” in the repository history. One of the crucial things that allows for rebase to work is the fact that since darcs 2.10 patches can be suspended. When one performs any of the darcs rebase commands, the repository moves to a special rebase-in-progress state. In this state repository contains a pristine, a set of patches, a working copy, and — in addition to all the usual stuff — a set of suspended patches. Suspended patches are not active in the repository — that is, they are not applied.

Let’s go over the rebase subcommands

## rebase log/rebase changes

This is simple: list the suspended patches

## rebase suspend

Moves selected patches into the suspended state. Once the patch is suspended it is no longer active in the repository.

Note: once you suspend a patch, it changes its identity. That means that even if you suspend a patch and unsuspend it immediately, you will get a different repository that you have started with. Let this be a good reason (one of a couple!) for doing rebase on a separate branch.

> cat file
test
123
> darcs rebase suspend
Author: Daniil Frumin
Date:   Thu Jul 23 18:49:30 MSK 2015
* 123
Shall I suspend this patch? (1/5)  [ynW…], or ? for more options: y
patch cc54d7cf4b9e3d13a24ce0b1b77b76581d98d75d
Author: Daniil Frumin
Date:   Thu Jul 23 18:43:53 MSK 2015
* Test
Shall I suspend this patch? (2/5)  [ynW…], or ? for more options: d
Rebase in progress: 1 suspended patches
> darcs rebase log
Author: Daniil Frumin
Date:   Thu Jul 23 18:49:30 MSK 2015
* 123
Shall I view this patch? (1/?) [yN…], or ? for more options: y
[123
Daniil Frumin **20150723154930
Ignore-this: 43e09e6503ac74688e74441dc29bce25
] hunk ./file 2
+123
Rebase in progress: 1 suspended patches
> cat file
test

## rebase unsuspend

Does the opposite of suspend: applies a suspended patch to the repository and changes its state to normal.

> darcs rebase unsuspend
Author: Daniil Frumin
Date:   Thu Jul 23 18:49:30 MSK 2015
* 123
Shall I unsuspend this patch? (1/1)  [ynW…], or ? for more options: y
Do you want to unsuspend these patches? [Yglqk…], or ? for more options: y
Rebase finished!

## rebase apply

Rebase apply takes a patch bundle and tries to apply all the patches in the bundle to the current repository. If a patch from the bundle conflicts with a local patch, then the local patch gets suspended. You will thus have a chance to resolve the conflict by amending your conflicting patches, at a price of.. well, changing the identity of your local patches.

## rebase pull

Sort of like rebase apply, but instead of a patch bundle it obtains the patches from a remote repository.

Specifically, rebase pull applies all the remote patches, one-by-one, suspending any local patches that conflict. We will see more of rebase pull in the second example.

# Example 1: suspending local changes

Imagine the following situation: at point A you add a configuration file to your repository, then you record a patch B that updates the settings in the configuration file. After that you make some more records before you realize that you’ve included by accident your private password in patch A! You want to get rid of it in your entire history, but you can’t just unrecord A, because B depends on A, and possibly some other patches depend on B.

The contents of the configuration file after patch A:

port = 6667
host = irc.freenode.net
password = awesomevcs 

Patch B, diff:

@@ -1,3 +1,4 @@
-port = 6667
+port = 6697
+usessl = True
host = irc.freenode.net
password = awesomevcs

You cannot just amend patch A, because the patch B depends on A:

> darcs amend
patch 1925d640f1f3180cb5b9e64260c1b5f374fce4ca
Author: Daniil Frumin
Date:   Tue Jul 21 13:23:07 MSK 2015
* B

Shall I amend this patch? [yNjk…], or ? for more options: n

Skipping depended-upon patch:
patch 22d7c8da83141f8b1f80bdd3eff02064d4f45c6b
Author: Daniil Frumin
Date:   Tue Jul 21 13:22:24 MSK 2015
* A

Cancelling amend since no patch was selected.

What we will have to do is temporarily suspend patch B, amend patch A, and then unsuspend B.

> darcs rebase suspend
patch 1925d640f1f3180cb5b9e64260c1b5f374fce4ca
Author: Daniil Frumin
Date:   Tue Jul 21 13:23:07 MSK 2015
* B

Shall I suspend this patch? (1/2)  [ynW…], or ? for more options: y
patch 22d7c8da83141f8b1f80bdd3eff02064d4f45c6b
Author: Daniil Frumin
Date:   Tue Jul 21 13:22:24 MSK 2015
* A

Shall I suspend this patch? (2/2)  [ynW…], or ? for more options: d
Rebase in progress: 1 suspended patches

At this point, the state of our repository is the following: there is one (active) patch A, and one suspended patch B.

> darcs rebase changes -a
patch 4c5d45230dc146932b21964aea938e2a978523eb
Author: Daniil Frumin
Date:   Tue Jul 21 13:28:58 MSK 2015
* B

Rebase in progress: 1 suspended patches
> darcs changes -a
patch 21f56dfb425e4c49787bae5db4f8869e96787fb2
Author: Daniil Frumin
Date:   Tue Jul 21 13:28:49 MSK 2015
* A

Rebase in progress: 1 suspended patches
> cat config
port = 6667
host = irc.freenode.net
> $EDITOR config # remove the password bit > darcs amend patch 22d7c8da83141f8b1f80bdd3eff02064d4f45c6b Author: Daniil Frumin Date: Tue Jul 21 13:22:24 MSK 2015 * A Shall I amend this patch? [yNjk…], or ? for more options: y hunk ./config 3 -password = awesomevcs Shall I record this change? (1/1) [ynW…], or ? for more options: y Do you want to record these changes? [Yglqk…], or ? for more options: y Finished amending patch: patch 21f56dfb425e4c49787bae5db4f8869e96787fb2 Author: Daniil Frumin Date: Tue Jul 21 13:28:49 MSK 2015 * A Rebase in progress: 1 suspended patches Now that we’ve removed the password from the history, we can safely unsuspend patch B (in this particular situation we actually know that applying B to the current state of the repository won’t be a problem, because B does not conflict with our modified A) > darcs rebase unsuspend patch 1925d640f1f3180cb5b9e64260c1b5f374fce4ca Author: Daniil Frumin Date: Tue Jul 21 13:23:07 MSK 2015 * B Shall I unsuspend this patch? (1/1) [ynW…], or ? for more options: y Do you want to unsuspend these patches? [Yglqk…], or ? for more options: y Rebase finished! And that’s done! > cat config port = 6697 usessl = True host = irc.freenode.net You may use this rebase strategy for removing sensitive information from the repository, for removing that 1GB binary .iso that you added to your repository by accident, or for combining two patches into one deep down in the patchset. # Example 2: developing against a changing upstream – rebase pull Imagine you have a fork R’ of a repository R that you are working on. You are implementing a feature that involves a couple of commits. During your work you record a commit L1 that refractors some common datum from modules A.hs and B.hs. You proceed with your work recording a patch L2. At this point you realise that after you forked R, the upstream recorded two more patches U1 and U2, messing with the common datum in A.hs. If you just pull U1 into your fork R’, you will have a conflict, that you will have to resolve by recording another patch on top.  S / \ / \ L1 U1 Note: if you run darcs rebase pull in R’, then the only patches that will be suspended are the ones which are already in R’. Because suspended patches gain new identity, make sure that you do not have other people’s conflicting patches present in R’. The way to solve this would be to first do darcs rebase pull, which would suspend the conflicting patches, and then start unsuspending the patches one by one, making sure that you fix any conflicts that may arise after each unsuspend. Consider a concrete example with two repositories rep1 and rep1_0. rep1_0 > darcs changes patch ebaccd5c36667b7e3ee6a49d25ef262f0c7edf2b Author: Daniil Frumin Date: Mon Jul 27 20:56:25 MSK 2015 * commit2 patch a7e0d92a53b0523d0224ef8ffae4362adf854485 Author: Daniil Frumin Date: Mon Jul 27 20:56:25 MSK 2015 * commit1 rep1_0 > darcs diff —from-patch=commit2 patch ebaccd5c36667b7e3ee6a49d25ef262f0c7edf2b Author: Daniil Frumin Date: Mon Jul 27 20:56:25 MSK 2015 * commit2 diff -rN -u old-rep1_0/dir1/file2 new-rep1_0/dir1/file2 — old-rep1_0/dir1/file2 1970-01-01 03:00:00.000000000 +0300 +++ new-rep1_0/dir1/file2 2015-07-28 12:25:54.000000000 +0300 @@ -0,0 +1 @@ +double whatsup rep1_0 > cd ../rep1 rep1 > darcs changes patch e3df0e23a3915910a81eb8181d7b3669e8f270a9 Author: Daniil Frumin Date: Tue Jul 28 12:27:55 MSK 2015 * commit2’ patch a7e0d92a53b0523d0224ef8ffae4362adf854485 Author: Daniil Frumin Date: Mon Jul 27 20:56:25 MSK 2015 * commit1 rep1 > darcs diff —from-patch=“commit2’” patch e3df0e23a3915910a81eb8181d7b3669e8f270a9 Author: Daniil Frumin Date: Tue Jul 28 12:27:55 MSK 2015 * commit2’ diff -rN -u old-rep1/dir1/file2 new-rep1/dir1/file2 — old-rep1/dir1/file2 1970-01-01 03:00:00.000000000 +0300 +++ new-rep1/dir1/file2 2015-07-28 12:28:39.000000000 +0300 @@ -0,0 +1 @@ +touch file2 \ No newline at end of file diff -rN -u old-rep1/file1 new-rep1/file1 — old-rep1/file1 2015-07-28 12:28:39.000000000 +0300 +++ new-rep1/file1 2015-07-28 12:28:39.000000000 +0300 @@ -1 +1 @@ -whatsup \ No newline at end of file +double whatsup \ No newline at end of file The patch commit2 from rep1_0 conflicts with commit2’ from rep1. rep1 > darcs rebase pull ../rep1_0 patch ebaccd5c36667b7e3ee6a49d25ef262f0c7edf2b Author: Daniil Frumin Date: Mon Jul 27 20:56:25 MSK 2015 * commit2 Shall I pull this patch? (1/1) [ynW…], or ? for more options: y Do you want to pull these patches? [Yglqk…], or ? for more options: y The following local patches are in conflict: patch e3df0e23a3915910a81eb8181d7b3669e8f270a9 Author: Daniil Frumin Date: Tue Jul 28 12:27:55 MSK 2015 * commit2’ Shall I suspend this patch? (1/1) [ynW…], or ? for more options: y Do you want to suspend these patches? [Yglqk…], or ? for more options: y Finished pulling. Rebase in progress: 1 suspended patches Now we have one patch — commit2’ — in the suspended state. We want to resolve the conflict by amending commit2’. We will do that by unsuspending it and manually editing out the conflicting lines. This will also make it depend on commit2. rep1 > darcs rebase unsuspend patch e3df0e23a3915910a81eb8181d7b3669e8f270a9 Author: Daniil Frumin Date: Tue Jul 28 12:27:55 MSK 2015 * commit2’ Shall I unsuspend this patch? (1/1) [ynW…], or ? for more options: y Do you want to unsuspend these patches? [Yglqk…], or ? for more options: d We have conflicts in the following files: ./dir1/file2 Rebase finished! rep1 > cat dir1/file2 v v v v v v v ============= double whatsup ************* touch file2 ^ ^ ^ ^ ^ ^ ^ rep1 >$EDITOR dir1/file2
rep1 > darcs amend -a
patch 40b3b4123c78dba6a6797feb619572072654a9cd
Author: Daniil Frumin
Date:   Tue Jul 28 12:32:56 MSK 2015
* commit2’
Shall I amend this patch? [yNjk…], or ? for more options: y
Finished amending patch:
patch c35867259f187c1bc30310f1cacb34c1bb2cce41
Author: Daniil Frumin
Date:   Tue Jul 28 12:34:30 MSK 2015
* commit2’
rep1 > darcs mark-conflicts
No conflicts to mark.

Another repository saved from conflicting patches, yay!

1. See this discussion for details

## July 12, 2015

### Dan Frumin

#### Darcs 2.10.1 (Mac OSX build)

July 12, 2015 06:13 PM UTC

Darcs 2.10.1 has been released!

Citing the official release notes

> The darcs team is pleased to announce the release of darcs 2.10.1 !
> ..
>
> # What's new in 2.10.1 (since 2.10.0) #
>
> - generalized doFastZip for darcsden support
> - support terminfo 0.4, network 2.6, zlib 0.6, quickcheck 2.8 and
> attoparsec 0.13
> - errorDoc now prints a stack trace (if profiling was enabled) (Ben Franksen)
> - beautified error messages for command line and default files (Ben Franksen)
> - fixed the following bugs:
>       - issue2449: test harness/shelly: need to handle
> mis-encoded/binary data (Ganesh Sittampalam)
>       - issue2423: diff only respecting --diff-command when a diff.exe
> is present (Alain91)
>       - issue2447: get contents of deleted file (Ben Franksen)
> 'darcs help markdown' (Dan Frumin)
>       - issue2461: darcs log --repo=remoterepo creates and populates
> _darcs (Ben Franksen)
>       - issue2459: cloning remote repo fails to use packs if cache is
> on a different partition (Ben Franksen)
>
> # Feedback #
>
> If you have an issue with darcs 2.10.0, you can report it on
> http://bugs.darcs.net/ . You can also report bugs by email to
> bugs at darcs.net, or come to #darcs on irc.freenode.net.


I’ve updated Mac OS to version 2.10.1. You can install it with

brew install http://darcs.covariant.me/darcs.rb

## July 11, 2015

### Dan Frumin

#### HTTP Basic auth in Snap

July 11, 2015 09:27 AM UTC

Recently, I’ve implemented HTTP Basic auth for darcsden and wrote a simple wreq test for it. In this post I would like to outline the main technical details.

# Server side

## Transient storage

A lot of darcsden code is (especially the parts that are closer to the users’ web browser — handlers, pages, so on) is written around sessions. Sessions are stored in a special storage — implemented by the DarcsDen.Backend.Transient, but if we abstract away from the details we have a Session datatype. Authorization and authentication information is handled by sessions using functions setUser :: (BTIO bt) => Maybe User -> Session -> Snap Session, notice :: (BTIO bt) => String -> Session -> Snap () (display a message to the user) and others. The BTIO bt part is just a synonym for

type BTIO bt = (BackendTransient bt, ?backendTransient :: bt, MonadIO (BackendTransientM bt))

Which basically says that we are operating with a transient backend that supports all of necessary operations, and we can also do IO in it. Right now there are only two transient backends (read: two ways of storing sessions): Redis and in-process memory.

## Running sessions

If we have a piece of Snap code that we want to “sessionify” we use the following interface:

withSession :: (BTIO bt) => (Session -> Snap ()) -> Snap ()

What this does is it basically checks for a cookie — in case it is present it grabs the session information from the storage (in accordance with the cookie); if the cookie is not present it creates a new session and stores it in a cookie.

If we have a page of a type Session -> Snap (), we might want to give user an option to do HTTP authentication on that page. We introduce another function

withBasicAuth :: (BP bp, BTIO bt)
=> (Session -> Snap ())
-> (Session -> Snap ())
withBasicAuth act s = do
rq  do
rawHeader <- maybe throwChallenge return $getHeader “Authorization” rq let (Just (usr,pw)) = getCredentials rawHeader c errorPage “Unknown user” Just u -> if checkPassword (fromBS pw) u then doLogin (fromBS usr) else errorPage “Bad password” _ -> act s So, what is going on in here? First of all, we check if the “login” parameter is set to “true”. If it does, we try to get the “Authorization” header, de-encode it, and check whether the credentials are good. throwChallenge :: Snap a throwChallenge = do modifyResponse$ (setResponseStatus 401 “Unauthorized”) .
getResponse >>= finishWith

If the response header is present, it is of a form Basic x, where x is a base64 encoded string user:password. We can extract the credentials from the header like this:

import qualified Data.ByteString          as B
import qualified Data.ByteString.Base64   as B
…
getCredentials :: B.ByteString  — ^ Header
then fmap extract (hush (B.decode (B.drop 6 header)))
else Nothing
where
extract cred = case (B.breakByte (c2w ‘:’) cred) of
(usr, pw) -> (usr, safeTail pw)

# On the client

The tests that I am currently writing for darcsden are all of the same form: I use wreq to do requests to the darcsden server, then, if necessary, I run taggy to extract information from the webpage, and compare it to the “canonical” information.

As it turns out, doing HTTP Basic Auth is very easy with wreq! First of all, we define a function for doing a GET request that will do some exception handling for us:

getSafeOpts :: Options -> String -> IO (Either Status (Response ByteString))
getSafeOpts opts url = fmap Right (getWith opts url) catch hndlr
where
hndlr (StatusCodeException s _ _) = return (Left s)
hndlr e = throwIO e

This way, we won’t get a runtime exception when accessing a non-existing page or getting a server error. Doing a GET request with HTTP Basic Auth is now very easy:

getWithAuth :: (String, String) -> String -> IO (Either Status (Response ByteString))
getWithAuth (username,pw) url = getSafeOpts opts url
where
opts = defaults & auth ?~ basicAuth (toBS username) (toBS pw)
& param “login” .~ [“true”]

In that snippet we use lenses to set up an auth header and an HTTP parameter (?login=true).

Finally, after obtaining a Response ByteString, we can parse it with taggy-lens:

parsed :: Fold (Response L.ByteString) Text.Taggy.Node
parsed = responseBody
. to (decodeUtf8With lenientDecode)
. html

We can then play with it in GHCi

*Main> Right r  r ^.. parsed
[NodeElement (Element {eltName = “DOCTYPE”, eltAttrs = fromList [(“html”,””)], eltChildren = [NodeElement (Element {eltName = “html”, eltAttrs = fromList [], eltChildren = [NodeElement (Element {eltName = “head”, eltAttrs = fromList [], eltChildren = [NodeElement (Element {eltName = “title”, eltAttrs = fromList [], eltChildren = [NodeContent “localhost”]}),NodeElement (Element {eltName = “link”, eltAttrs = fromList [(“href”,”http://localhost:8900/public/images/favicon.ico”),…

If we want to check that we are indeed logged in correctly, we should look for the “log out” button. Taggy does all the heavy lifting for us, we just have to write down a lens (more precisely, a fold) to “extract” a logout button from the page

logoutButton :: HasElement e => Fold e Text
logoutButton = allAttributed (ix “class” . only “logout”)
. allNamed (only “a”)
. contents

logoutButton searches for <div class=“logout”> and returns the text in the link inside the div. There might be many such links inside the node, hence we use a fold.

*Main> r ^.. parsed . logoutButton
[“log out”]

In this case, since we only care if such link is present, we can use a preview

*Main> r ^? parsed . logoutButton
Just “log out”

# Conclusion

Well, that’s about it for now. I regret taking way too much time writing this update, and I hope to deliver another one soon. Meanwhile, some information regarding the darcsden SoC project can be found on the wiki.

## July 09, 2015

### Darcs News

#### darcs 2.10.1 release

July 09, 2015 05:10 PM UTC

Hi all,

The darcs team is pleased to announce the release of darcs 2.10.1 !

The easiest way to install darcs 2.10.1 from source is by first installing the Haskell Platform (http://www.haskell.org/platform). If you have installed the Haskell Platform or cabal-install, you can install this release by doing:

$cabal update$ cabal install darcs-2.10.1

Alternatively, you can download the tarball from http://darcs.net/releases/darcs-2.10.1.tar.gz and build it by hand as explained in the README file.

The 2.10 branch is also available as a darcs repository from http://darcs.net/releases/branch-2.10

## What's new in darcs 2.10.1 (since darcs 2.10.0)

• support terminfo 0.4, network 2.6, zlib 0.6, quickcheck 2.8 and attoparsec 0.13
• errorDoc now prints a stack trace (if profiling was enabled) (Ben Franksen)
• beautified error messages for command line and default files (Ben Franksen)
• generalized doFastZip for darcsden support
• fixed the following bugs:
• issue2449: test harness/shelly: need to handle mis-encoded/binary data (Ganesh Sittampalam)
• issue2423: diff only respecting --diff-command when a diff.exe is present (Alain91)
• issue2447: get contents of deleted file (Ben Franksen)
• issue2307: add information about 'darcs help manpage' and 'darcs help markdown' (Dan Frumin)
• issue2461: darcs log --repo=remoterepo creates and populates _darcs (Ben Franksen)
• issue2459: cloning remote repo fails to use packs if cache is on a different partition (Ben Franksen)

## Feedback

If you have an issue with darcs 2.10.1, you can report it on http://bugs.darcs.net/ . You can also report bugs by email to bugs@darcs.net, or come to #darcs on irc.freenode.net.

## June 22, 2015

### Dan Frumin

#### Darcs binaries for OSX with Homebrew

June 22, 2015 12:33 PM UTC

Recently I’ve updated my Darcs homebrew build to Darcs 2.10. You can install it with

brew install http://darcs.covariant.me/darcs.rb

The formula contains a context (--exact-version) and it is a static binary.

## May 13, 2015

### Dan Frumin

#### Hoogle inside the sandbox

May 13, 2015 09:54 PM UTC

# Introduction

This is my first post from the (hopefuly fruitful!) series of blog posts as part of my Haskell SoC project. I will spend a great chunk of my summer hacking away on DarcsDen; in addition, I will document my hardships and successes here. You can follow my progress on my DarcsHub.

This particular post will be about my working environment.

# The problem

Hoogle is an amazing tool that usually needs no introduction. Understandably, the online version at haskell.org indexes only so many packages. This means that if I want to use hoogle to search for functions and values in packages like darcs and darcsden, I will have to set up a local copy.

Cabal sandboxing is a relatively recent feature of the Cabal package manager, but I don’t think it is reasonable in this day to install from the source (let alone develop) a Haskell package without using sandboxing.

The problem seems to be that the mentioned tools do not play well together out of the box, and some amount of magic is required. In this note I sketch the solution, on which I’ve eventually arrived after a couple of tries.

# Using hoogle inside a Cabal sandbox

The presumed setup: a user is working on a package X using the cabal sandboxes. The source code is located in the directory X and the path to the cabal sandbox is X/.cabal-sandbox.

Step 1: Install hoogle inside the sandbox. This is simply a matter of running cabal install hoogle inside X. If you want to have a standard database alongside the database for your packages in development, now is the time to do .cabal-sandbox/bin/hoogle data.

Step 2: Generate haddocks for the packages Y,Z you want to use with hoogle. In my case, I wanted to generate haddocks for darcs and darcsden. This is just a matter of running cabal haddock --hoogle in the correct directory.

Step 3: Convert haddocks to .hoo files. Run the following commands in X/:

.cabal-sandbox/bin/hoogle convert /path/to/packageY/dist/doc/html/*/*.txt

You should see something like

Converting /path/to/packageY/dist/doc/html/Y/Y.txt
Converting Y... done

after which the file Y.hoo appears in /path/to/packageY/dist/doc/html/Y/

Step 4: Moving and combining databases. The hoogle database should be stored in .cabal-sandbox/share/*/hoogle-*/databases. Create such directory, if it’s not present already. Then copy the ‘default’ database to that folder:

cp .cabal-sandbox/hoogle/databases/default.hoo .cabal-sandbox/share/*/hoogle-*/databases

Finally, you can combine your Y.hoo with the default database.

.cabal-sandbox/bin/hoogle combine /path/to/packageY/dist/doc/html/*/*.hoo .cabal-sandbox/share/*/hoogle-*/databases/default.hoo
mv default.hoo .cabal-sandbox/share/*/hoogle-*/databases/default.hoo

And you are done! You can test your installation

$.cabal-sandbox/bin/hoogle rOwner DarcsDen.State.Repo rOwner :: Simple Lens (Repository bp) String For additional usability, consider adding .cabal-sandbox/bin to your$PATH.

## April 20, 2015

### Simon Michael

#### ssh, Darcs Hub vulnerability

April 20, 2015 11:10 PM UTC

I recently learned of a serious undocumented vulnerability in the ssh package. This is a minimal ssh server implementation used by darcsden to support darcs push/pull. If you use the ssh package, or you have darcsden’s darcsden-ssh server running, you should upgrade to/rebuild with the imminent ssh-0.3 release right away. Or if you know of someone like that, please let them know.

darcsden is of course the basis for Darcs Hub. Here’s the announcement I sent to users there a few days ago, with more details.

Hello darcs hub users,

This is Simon Michael, operator of hub.darcs.net, with the first all-darcs-hub-users announcement. You’re receiving this because you have an email address configured in your darcs hub user settings.

Thank you for using darcs hub, and for any feedback/bug reports/patches you may have sent. Usage is growing steadily, and I plan to blog more about it soon at joyful.com.

This email is to announce a recently patched security vulnerability in darcs hub’s SSH server.

Timeline:

3/21: a software developer reports that the haskell “ssh” library used by darcs hub does not check for a valid signature on the public key during authentication. This means it was possible to authenticate as any other ssh user if you knew their public key.

3/21-: I discuss the issue with a small number of core darcs developers and the ssh author.

3/25: A preliminary fix is deployed. We believe this closed the vulnerability.

4/6: A more comprehensive and tested fix is deployed.

4/15: This announcement is sent to current darcs hub users with valid email addresses (714 of 765 users).

4/20: Public disclosure via blog, haskell mail lists and the issue tracker (darcsden #130).

Impact and current status:

We believe the vulnerability is now fixed. But we are not cryptographers - I’m sure the new ssh maintainer would welcome any help from some of those.

We have no reason to believe anyone discovered or exploited the vulnerability. Also, it seems unlikely there’s anything hosted on darcs hub that would attract this kind of attention. darcs hub logs are not good enough to be certain, however. It’s possible I’ll find a way to be more certain by looking at file timestamps or something.

The weakness was present in darcs hub’s ssh server since it went live (and in darcsden.com before that). As mentioned, it was possible to authenticate via ssh as another user if you provided their public ssh key. With ssh access, it’s possible to create, delete, modify or replace any repository in that darcs hub account (but not possible to change user settings in the web app, or to access the system hosting darcshub).

The worst-case scenario we’ve imagined is that a motivated attacker could have authenticated as you and replaced your repo with one that looks just like it, but with patches altered or added, any time since you created the repo on darcs hub (or on darcsden.com, if you moved it from there).

So if you’re paranoid/careful you may want to check the integrity of your repos, eg by reviewing the repo history (“changes” button on the website, “darcs log [-s] [-v]” at the console). If you have more questions about this, you can contact me (simon@joyful.com) and if necessary Ganesh Sittampalam (ganesh@earth.li) privately.

Future plans:

• Public announcement on 4/20

• I’ll add a security section to the darcs hub FAQ

• Ganesh has stepped up to be maintainer of the ssh package, and will make a new release soon

• I’ll do a darcsden release not too long after that

• We’ll need to figure out Darcs hub’s sustainability plan. As it grows and more of you rely on it, so does the need for a revenue stream to allow decent maintenance and oversight. This could be from funding, donations, charging for private repos or something else.

Also:

Some logistical things to be aware of:

• this announcement has been sent via MailChimp, and as yet there’s no automatic integration between MailChimp and your settings on hub.darcs.net.

• remember that darcs hub’s issue tracker is here, and that it does not yet send email notifications - to see replies to an issue, you must visit the issue page.

• darcs hub’s password recovery emails may not always reach you - if you’re experiencing this, please contribute to #123.

Needless to say, I regret the vulnerability and am pleased to have it closed. Of course we are not alone, eg github had their own incident. Thank you very much to all who have been helping with this, especially the original reporter for letting us all know, and Ganesh for providing swift and high quality fixes.

## April 19, 2015

### Darcs News

#### darcs 2.10.0 release

April 19, 2015 10:01 PM UTC

Hi all,

The darcs team is pleased to announce the release of darcs 2.10.0.

The easiest way to install darcs 2.10.0 from source is by first installing the Haskell Platform (http://www.haskell.org/platform). If you have installed the Haskell Platform or cabal-install, you can install this release by doing:

$cabal update$ cabal install darcs-2.10.0

Alternatively, you can download the tarball from http://darcs.net/releases/darcs-2.10.0.tar.gz and build it by hand as explained in the README file.

The 2.10 branch is also available as a darcs repository from http://darcs.net/releases/branch-2.10

## Feedback

If you have an issue with darcs 2.10.0, you can report it via the web on http://bugs.darcs.net/ . You can also report bugs by email to bugs at darcs.net, or come to #darcs on irc.freenode.net.

# What's new since darcs 2.8.5

## New features

• darcs rebase: enable deep amending of history (Ganesh Sittampalam)
• darcs pull --reorder: keep local-only patches on top of mainstream patches (Ale Gadea, Ganesh Sittampalam)
• darcs dist --zip: generate a zip archive from a repository (Guillaume Hoffmann)
• patch bundle contexts are minimized by default. Enables bundles to be applied to more repositories. (Guillaume Hoffmann)
• darcs convert export/import for conversion to/from VCSes supporting the fast-export protocol (Petr Rockai, Owen Stephens, Guillaume Hoffmann, Lele Gaifax, Ben Franksen)
• darcs test --backoff: exponential backoff test strategy, faster than bisect on big repositories (Michael Hendricks)
• work normally on sshfs-mounted repositories (Nathaniel Filardo)
• automatic detection of file/directory moves, and of token replaces (Jose Neder)
• patience diff algorithm by default (Jose Neder)
• interactive mode for whatsnew (Dan Frumin)
• tag --ask-deps to create tags that may not include some patches (Ganesh Sittampalam)

## User Interface

• add a last question after all patches have been selected to confirm the whole selection (Florent Becker)
• command names:
• clone is the new name of get and put
• log is the new name of changes
• amend is the new name of amend-record
• show output of log into a pager by default (Guillaume Hoffmann)
• the output of log is more similar to git's:
• show patch hash in UI (hash of the patch's metadata)
• put author and date on separate lines (Guillaume Hoffmann)
• enable to match on patch hash prefix with -h and --hash (Guillaume Hoffmann, Gian Piero Carrubba)
• better messages:
• better error messages for http and ssh errors (Ernesto Rodriguez)
• init, add, remove, move and replace print confirmation messages (Guillaume Hoffmann)
• rollback only happens in the working copy (Florent Becker, Guillaume Hoffmann)
• darcs send no longer tries to send a mail by default (Eric Kow)
• when no patch name given, directly invoke text editor (Jose Neder, Guillaume Hoffmann)
• use nano as default text editor instead of vi (Guillaume Hoffmann)
• keep log files for patch name and mail content in _darcs (Ale Gadea)
• optimize and convert are now supercommands (Guillaume Hoffmann)
• improve darcs help environment and darcs help markdown (Radoslav Dorcik, Guillaume Hoffmann)
• warn about duplicate tags when creating a new one (Ale Gadea)
• allow darcs mv into known, but deleted in working, file (Owen Stephens)
• improve--not-in-remote, allowing multiple repos and use default (Owen Stephens)

## Performance

• faster darcs diff (Petr Rockai)
• faster log and annotate thanks to patch index data structure (BSRK Aditya, Benedikt Schmidt, Eric Kow, Guillaume Hoffmann, Ganesh Sittampalam)
• faster push via ssh by using compression (Ben Franksen)
• cloning to an ssh destination (formerly darcs put) is more efficient (Guillaume Hoffmann)
• faster internal representation of patch hashes (Guillaume Hoffmann)
• when cloning from http, use packs in a more predictable way (Guillaume Hoffmann)
• store global cache in bucketed format (Marcio Diaz)
• require and support GHC 7.4 to 7.10 (Ganesh Sittampalam)
• replace type witness CPP macros with plain Haskell (Eric Kow)
• hashed-storage is bundled into darcs (Ganesh Sittampalam)
• replace C SHA256 bindings with external libraries (Ganesh Sittampalam)
• move the bits of the datetime package we need into Darcs.Util.DateTime (Ganesh Sittampalam)
• build Darcs once rather than thrice. (Eric Kow)
• run tests through cabal test (Ryan Desfosses)
• run fewer darcs-1 related tests in testsuite (Ganesh Sittampalam)
• Use custom replHook to fix cabal repl (Owen Stephens)
• darcs.cabal: make Haskell2010 the default-language for all stanzas (Ben Franksen)
• always compile with mmap support (Ganesh Sittampalam)
• new options subsystem (Ben Franksen)
• various cleanups, code restructurations and refactoring, haddocks (Will Langstroth, Owen Stephens, Florent Becker, Guillaume Hoffmann, Michael Hendricks, Eric Kow, Dan Frumin, Ganesh Sittampalam)

## Issues resolved in Darcs 2.10

• issue346: implement "patience diff" from bzr (Jose Neder)
• issue642: Automatic detection of file renames (Jose Neder)
• issue822: generalized the IO Type for better error messages and exception handling (Ernesto Rodriguez)
• issue851: interactive mode for whatsnew (Dan Frumin)
• issue904: Fix record on Linux/FUSE/sshfs (fall back to sloppy locks automatically) (Nathaniel Filardo)
• issue1066: clone to ssh URL by locally cloning then copying by scp (Guillaume Hoffmann)
• issue1268: enable to write darcs init x (Radoslav Dorcik)
• issue1416: put log files in tempdir instead of in working dir (Ale Gadea)
• issue1514: send --minimize-context flag for send (Guillaume Hoffmann)
• issue1624: bucketed cache (Marcio Diaz)
• issue1828: file listing and working --dry-run for mark-conflicts (Guillaume Hoffmann)
• issue1987: Garbage collection for inventories and patches (Marcio Diaz)
$\$$darcs pull -a$r_1$so now we have,$r_2=p_{1,0}t_{1,0}t_{1,1}$and we see that$t_{1,0}$is dirty. Doing darcs optimize reorder not reorder nothing. What is going on is that to know what reorder, misplacePatches takes the first tag, in our case$t_{1,1}$, and "search" for what patches he don't tag. But$p_{1,0}$and$t_{1,0}$are tagged by$t_{1,1}$so there is nothing to reorder despite$t_{1,0}$is dirty. Therefore there is no way of clean$t_{1,0}$because misplacePatches always takes the first tag, so if a tag is tagging one or more dirty tags, this tags never be available to get clean. "Second", using the implementation of "reorder" one can get almost for free the option --reorder for the commands pull, apply and rebase pull. The behavior for the case of pull (for the others commands is the same basic idea) is that our local patches remain on top after a pull from a remote repository, e.i. suppose we have the followings$l$(ocal) and$r$(emote) repositories,$l=p_1p_2\ldotsp_nlp_{n+1}\ldotslp_mr=p_1p_2\ldotsp_nrp_{n+1}\ldotsrp_k$where$lp$are the local patches that don't belong to$r$, and vice versa for$rp$. Make darcs pull, leaves$l$as follow,$l=p_1p_2\ldotsp_nlp_{n+1}\ldotslp_mrp_{n+1}\ldotsrp_k$meanwhile make darcs pull --reorder, leaves$l$,$l=p_1p_2\ldotsp_nrp_{n+1}\ldotsrp_klp_{n+1}\ldotslp_m$making more easy to send the$lp$patches later. "Third", beginning a new task, implement option minimize-context for command darcs send. Still no much to comment, I have almost finished implementing the option but with some doubts, I hope that for the end of the week have a more "prettier" implementation as well as a better understanding. ## June 25, 2014 ### Darcs News #### darcs news #104 June 25, 2014 04:59 AM UTC ### News and discussions 1. Google Summer of Code 2013 has begun! BSRK and José will post updates on their blogs: ### Issues resolved (8) issue2163 Radoslav Dorcik issue2227 Ganesh Sittampalam issue2248 Ganesh Sittampalam issue2250 BSRK Aditya issue2311 Sebastian Fischer issue2312 Sebastian Fischer issue2320 Jose Luis Neder issue2321 Jose Luis Neder ### Patches applied (20) See darcs wiki entry for details. #### darcs news #105 June 25, 2014 04:58 AM UTC ### News and discussions 1. This year's Google Summer of Code projects brought a lot of improvements to darcs and its ecosystem! • BSRK Aditya: Darcsden improvements: • José Neder: patience diff, file move detection, token replace detection: 2. Gian Piero Carrubba asked why adjacent hunks could not commute: 3. We listed the changes that occurred between version 2.8.4 and the current development branch into a 2.10 release page: ### Issues resolved (8) issue346 Jose Luis Neder issue1828 Guillaume Hoffmann issue2181 Guillaume Hoffmann issue2309 Owen Stephens issue2313 Jose Luis Neder issue2334 Guillaume Hoffmann issue2343 Jose Luis Neder issue2347 Guillaume Hoffmann ### Patches applied (39) See darcs wiki entry for details. #### Darcs News #106 June 25, 2014 04:58 AM UTC ### News and discussions 1. Darcs is participating once again to the Google Summer of Code, through the umbrella organization Haskell.org. Deadline for student application is Friday 21st: 2. It is now possible to donate stock to darcs through the Software Freedom Conservancy organization. Donations by Paypal, Flattr, checks and wire transfer are still possible: 3. Dan Licata wrote a presentation about Darcs as a higher inductive type: 4. Darcs now directly provides import and export commands with Git. This code was adapted from Petr Rockai's darcs-fastconvert, with some changes by Owen Stephen from his Summer of Code project "darcs-bridge": ### Issues resolved (6) issue642 Jose Luis Neder issue2209 Jose Luis Neder issue2319 Guillaume Hoffmann issue2332 Guillaume Hoffmann issue2335 Guillaume Hoffmann issue2348 Ryan ### Patches applied (34) See darcs wiki entry for details. #### Darcs News #108 June 25, 2014 04:57 AM UTC ### News and discussions 1. We have a few updates from the Google Summer of Code projects. Alejandro Gadea about history reordering: 2. Marcio Diaz about the cache system: 3. Incremental fast-export is now provided to ease maintenance of git mirrors: ### Issues resolved (8) issue2244 Ale Gadea issue2314 Benjamin Franksen issue2361 Ale Gadea issue2364 Sergei Trofimovich issue2364 Sergei Trofimovich issue2388 Owen Stephens issue2394 Guillaume Hoffmann issue2396 Guillaume Hoffmann ### Patches applied (39) See darcs wiki entry for details. ## June 12, 2014 ### Ale Gadea #### Third Week (02-06 june) June 12, 2014 04:58 PM UTC Well, well... Now with the solution already implemented here are a couple of time tests that show the improvement. For the repository of the issue2361: Before patch1169 "let it run for 2 hours and it did not finish" After patch1169 real 0m5.929s user 0m5.683s sys 0m0.260s For the repository generated by forever.sh, that in summarize has 12600~ patches, a bundle unrevert and doing reorden implies move 1100~ patches forward passing by 11500~ patches. Before patch1169 (Interrupted!) real 73m9.894s user 71m28.256s sys 1m11.439s After patch1169 real 2m23.405s user 2m17.347s sys 0m6.030s The repository generated by bigRepo.sh has 600~ patches, with only one tag and a very small bundle unrevert. Before patch1169 real 0m34.049s user 0m33.386s sys 0m0.665s After patch1169 real 0m1.053s user 0m0.960s sys 0m0.152s One last repository generated by bigUnrevert.sh, has 13 patches and a really big bundle unrevert (~10MB). Before patch1169 real 0m1.304s user 0m0.499s sys 0m0.090s After patch1169 real 0m0.075s user 0m0.016s sys 0m0.011s The repository with more examples is in here: ExamplesRepos. ## June 05, 2014 ### Ale Gadea #### Second Week (26-30 may) June 05, 2014 06:47 PM UTC Luckily, this week with Guillaume we found a "solution" for the issue 2361. But before of entering in details, let's review how the command darcs optimize --reorder does for reorder the patches. So, suppose we have the following repositories than, reading it from left to right we have the first patch till the last patch, besides with$p_{i,j}$we denote the$i$-th patch who belongs to the$j$-th repository, and when we want to specify that a patch$p_{i,j}$is a tag we write$t_{i,j}$.$r_1=p_{1,1}p_{2,1}\ldotsp_{n,1}p_{n+1,1}\ldotsp_{m,1}r_2=p_{1,1}p_{2,1}\ldotsp_{n,1}p_{1,2}\ldotsp_{k,2}t_{1,2}p_{k+1,2}\ldotsp_{l,2}$where the red part represent when$r_2$was cloned from$r_1$, and the rest is how each repository was evolved. Now, suppose we make a merge of$r_1$and$r_2$in$r_1$making a bundle of the patches of$r_2$and appling it in$r_1$. Thus, after the merge we have that$r_1=p_{1,1}p_{2,1}\ldotsp_{n,1}p_{n+1,1}\ldotsp_{m,1}p_{1,2}\ldotsp_{k,2}t_{1,2}p_{k+1,2}\ldotsp_{l,2}$and we found the situation where the tag$t_{1,2}$is dirty because the green part is in the middle. And now we are in conditions of finding out how darcs does the reorder of patches. So, the first task is to select the first tag seeing$r_1$in the reverse way, suppose$t_{1,2}$is the first (ie,$p_{k+1,2}\ldotsp_{l,2}$are not tags), and split the set of patches (the repository) in$ps_{t_{1,2}}=p_{1,1}p_{2,1}\ldotsp_{n,1}p_{1,2}\ldotsp_{k,2}t_{1,2}$and the rest of the patch set,$rest=p_{n+1,1}\ldotsp_{m,1}p_{k+1,2}\ldotsp_{l,2}$this is done by splitOnTag, which I don't totally understand yet, so for the moment... simply do the above :) Then, the part that interest us now is$rest$, we want to delete all the patches of$rest$that exist in$r_1$and then add them again, causing that they show up to the right. This job is done by tentativelyReplacePatches, which first calls tentativelyRemovePatches and then calls tentativelyAddPatches. So, tentativelyRemovePatches of$r_1$and$rest$makes,$r_{1}'=p_{1,1}p_{2,1}\ldotsp_{n,1}p_{1,2}\ldotsp_{k,2}t_{1,2}$and, tentativelyAddPatches of$r_{1}'$and$rest$,$r_{1}''=p_{1,1}p_{2,1}\ldotsp_{n,1}p_{1,2}\ldotsp_{k,2}t_{1,2}p_{n+1,1}\ldotsp_{m,1}p_{k+1,2}\ldotsp_{l,2}$leaving$t_{1,2}$clean. Well, all of this was for understanding the "solution" for the issue, we are almost there but before let's look at the function tentativelyRemovePatches. It attempts to remove patches with one special care: when one does darcs revert, a special file is generated, called unrevert in _darcs/patches, which is used for darcs unrevert in case that one makes a mistake with darcs revert. One important difference with unrevert is that unlike all the other files in _darcs/patches, unrevert in not a patch but a bundle, that contains a patch and a context. This context allows to know if the patch is applicable. So when one removes a patch (running for example oblitarete, unrecord or amend) that patch has to be removed from the bundle-revert (bundle of the file _darcs/patches/unrevert). It's now always possible to adjust the unrevert bundle, in which case, the operation continues only if the user agrees to delete the unrevert bundle. But now a question emerge. Is it necessary to accommodate the bundle-revert in the case of reorder?; the answer is no, and it's because we don't delete any patch of$r_1$so we still can apply the bundle-revert in$r_{1}''$. So, finally! we find out that for reorder we need a special case of removing, which doesn't try to update the unrevert bundle. And this ends up being the "solution" for the issue, since the reorder blocks in that function. But! beyond this solves the issue something weird is happening, that is the reason of the double quotes for solution :) This is more o less the step forward for now. The tasks ahead are, documenting the code in various parts and make the special case for the function tentativelyRemovePatches. On the way I will probably understand more about some of the functions that I mention before so probably I will add more info and rectify whatever is needed. ## June 03, 2014 ### Ale Gadea #### Google Summer of Code 2014 - Darcs June 03, 2014 06:46 PM UTC Hi hi all! I have been accepted in the GSoC 2014 :) , as part of the work I'll be writing about my progress. The original plan is have a summary per week (or at least I hope so jeje). I have already been reading some of the code of darcs and fixing some issues; Issue 2263 ~ Patch 1126 Issue 1416 ~ Patch 1135 - Issue 2244 ~ Patch 1147 (needs-screening) (not any more$\ddot\smile$) The details about the project is in History Reordering Performance and Features. Also some issues about the project are; Issue 2361 Issue 2044 Cheers! #### First Week (19-23 may) June 03, 2014 06:42 PM UTC Sadly, a first slow week, I lost the monday with problems with my notebook for which I have to reinstall ghc, cabal, all the libraries, etc.. but! in the end this helped :) The list of taks of the week include: 1. Compile and run darcs with profiling flags 2. Write scripts to generate dirty-tagged big repositories 3. Check memory usage with hp2any for the command optimize --reorder for the generated repositories and repo-issue2361 4. Check performance difference with and without patch-index 5. Document reorder implementation on wiki 6. Actually debug/optimize reorder of issue2361 (Stretch goal) 1. Compile and run darcs with prolfiling flags This seems pretty easy at first, but turned somewhat annoying because one have to install all the libraries with the option profiling. So a mini-step-by-step of the my installation of darcs with profiling flags is (i'm using ubuntu 14.04, ghc-7.6.3 and cabal-install-1.20.0.2) : - Install ghc-prof package, in my case with sudo apt-get install ghc-prof - Install depencencies of darcs with enable-library-profiling, doing: -$ cabal install LIB --enable-library-profiling ( for each library :) )
- or setting in ~/.cabal/config, library-profiling: True
- Finaly install darcs with enable-library-profiling and enable-executable-profiling

2. Write scripts to generate dirty-tagged big repositories

About this no much to say, I did some libraries to make the scripts that generates the repositories more straightforward. And I wrote some examples, but still in search of interesting examples. A long the week probably I will add examples, hopefully interesting.

3, 4 and 5 all together and mixed

Now, when finally start to generate the examples repositories and play with hp2ps to check differents things, I started to think about others things and I ended up studing the implementation of the command optimize --reorder, in particular I start to write a version which print some info during the ordering of patches, but for now is very dirty implementation.

## November 03, 2013

### Simon Michael

#### darcsum 1.3

November 03, 2013 07:38 PM UTC

• Fix a hang when reverting, when darcs responds with “Will not ask whether to revert this already decided patch…”.

• Fixed an error in at least my local darcsum, which caused it to break when darcsum-debug was enabled.

• Fixed the four warnings my emacs gave when byte-compiling it. These fixes could use some testing.

• Reviewed the status and backlog. Last release was 2010, the ELPA package dates from 2012, there’s a bunch of unreleased fixes, the site script needs updating for hakyll 4, the project still needs a maintainer.

And since I came this far, I’ll tag and announce darcsum 1.3. Hurrah!

This release includes many fixes from Dave Love and one from Simon Marlow. Here are the release notes.

Site and ELPA package updates will follow asap. All help is welcome.

## September 26, 2013

### Simon Michael

#### darcsden/darcs hub GSOC complete

September 26, 2013 11:48 AM UTC

Aditya BSRK’s darcsden-improvement GSOC has concluded, and I’ve recently merged almost all of the pending work and deployed it on darcs hub.

You can always see the recently landed changes here, but let me describe the latest features a little more:

File history - when you browse a file, there’s a new “file changes” button which shows just the changes affecting that file.

File annotate - there’s also a new “annotate” button, providing the standard view showing which commit last touched each line of the file. (also known as the blame/praise feature). It needs some CSS polish but I’m glad that the basic side-by-side layout is there.

More reliable highlighting while editing - the file editor was failing to highlight many common programming languages - this should be working better now. (Note highlighting while viewing and highlighting while editing are independent and probably use different colour schemes, this is a known open wishlist item.)

Repository compare - when viewing a repo’s branches, there’s a new “compare” button which lets you compare (and merge from) any two public repos on darcs hub, showing the unique patches on each side.

Cosmetic fixes - various minor layout and rendering issues were fixed. One point of discussion was whether to use the two-sided layout on the repo branches page as well. Since there wasn’t time to make that really usable I vetoed it in favour of the less confusing one-sided layout. I think showing both sides works well on the compare page though.

Patch bundle support - the last big feature of the GSOC was patch bundles. This is an alternative to the fork repo/request merge workflow, intended to be more lightweight and easy for casual contributors. There are two parts. First, darcs hub issue trackers can now store darcs patch bundle files (one per issue I think). This means patches can be uploaded to an issue, much like the current Darcs issue/patch tracker. But you can also browse and merge patches directly from a bundle, just as you can from another repo.

The second part (not yet deployed) is support for a previously unused feature built in to the darcs send command, which can post patches directly to a url instead of emailing them. The idea (championed by Aditya and Ganesh) is to make it very easy for someone to darcs send patches upstream to the project’s issue tracker, without having to fork a repo, or even create an account on darcs hub. As you can imagine, some safeguards are important to avoid becoming a spam vector or long-term maintenance headache, but the required change(s) are small and I hope we’ll have this piece working soon. It should be interesting to have both workflows available and see which works where.

I won’t recap the older new features, except to say that pack support is in need of more testing. If you ever find darcs get to be slow, perhaps you’d like to help test and troubleshoot packs, since they can potentially make this much faster. Also there are a number of low-hanging UI improvements we can make, and more (relatively easy) bugs keep landing in the darcs hub/darcsden issue tracker. It’s a great time to hack on darcs hub/darcsden and every day make it a little more fun and efficient to work with.

I really appreciate Aditya’s work, and that of his mentor, Ganesh Sittampalam. We did a lot of code review which was not always easy across a large time zone gap, but I think the results were good. Congratulations Aditya on completing the GSOC and delivering many useful features, which we can put to good use immediately. Thanks!

## August 09, 2013

### Simon Michael

#### darcs hub, hledger, game dev

August 09, 2013 10:01 AM UTC

Hello blog. Since last time I’ve been doing plenty of stuff, but not telling you about it. Let’s do a bullet list and move on..

darcsden/darcs hub

hledger

• expanded the docs for conditional blocks (if statement) in CSV rules
• added an include directive to allow sharing of common CSV rules

FunGEn & game dev

A sudden burst of activity here.

• schmoozed in #haskell-game, got caught up on haskell game development, updated the Games wiki page a bit
• updated and published my template for SDL projects on OSX: hssdl-osx-template
• continued some FunGEn updates I’ve been sitting for a year and did a release - see next post.

## July 24, 2013

### Simon Michael

#### darcs hub repo stats, hledger balance sheet

July 24, 2013 02:50 AM UTC

Recent activity:

I fixed another clumsy query on darcs hub, making the all repos page faster. Experimented with user and repo counts on the front page. I like it, but haven’t deployed to production yet. It costs about a quarter of a second in page load time (one 50ms couch query to fetch all repos, plus my probably-suboptimal filtering and sorting).

I’ve finally learned how many of those names on the front page have (public) repos behind them (144 out of 319), and how many private repos there are (125, higher than expected!).

Thinking about what is really most useful to have on the front page. Keep listing everything ? Just top 5 in various categories ? Ideas welcome.

Did a bunch of bookkeeping today, which inspired my first hledger commit in a while. I found the balancesheet command (abbreviation: bs) highly useful for a quick snapshot of assets and liabilities to various depths (add –depth N). The Equity section was just a distraction though, and I think it will be to most hledger users for the time being, so I removed it.

## July 23, 2013

### Simon Michael

#### hub hacking

July 23, 2013 12:30 AM UTC

More darcs hub activity, including some actual app development (yay):

Cleaned up hub’s docs repo and updated the list of blockers on the roadmap.

Updated/closed a number of issues, including the app-restarting #58, thanks to a fast highlighting-kate fix by John McFarlane.

Tested and configured the issue-closing commit posthook in the darcsden trunk repo. Commits pushed/merged there whose message contains the regex (closes #([0-9]+)|resolves #([0-9]+)|fixes #([0-9]+)) will now close the specified issue, with luck.

Consolidated a number of modules to help with code navigation, to be pushed soon.

Improved the redirect destination when deleting or forking repos or creating/commenting/closing issues.

Fixed a silly whitespace issue when viewing a patch, where the author name and date run together. I’m still confused about the specific code that generates this - the code I expect uses tables but firebug shows divs. A mystery for another day..

## July 22, 2013

### Simon Michael

#### hub speedups

July 22, 2013 12:30 AM UTC

More darcs hub hacking today.

• Cleaned up some button text & styles

• Started playing around with the front page layout to add a news box. Accidentally deployed it to production briefly. Used make undeploy-web for the first time.

• Extracted more of darcs hub’s front page into a separate (local) module, DarcsDen.Hub, for easier customisation.

• Worked on optimising page load speed, especially the front page:

• instead of rendering the front page content from markdown on each request, do it only when changed. This saved, oh a good 50ms! But I now have the beginnings of a timing utility.

• load the large codemirror js/css files only on the add/edit file pages

• set a 7-day Expires header on static images. This took about an hour. Here’s the code (based on Yesod’s), it might fit well in Snap.

• combine the remaining js/css into one js and one css. This is not committed, I just did it by hand. Try less later (only if it’s really simple).

YSlow now gives us an A grade (score 95), and it feels pretty quick.

## July 21, 2013

### Simon Michael

#### darcsden 1.1, darcs hub news

July 21, 2013 03:00 PM UTC

I’ve been hacking (mostly on darcsden/hub) but not blogging recently. Must get back to the old 45-15 minute routine.

• banged on hakyll for a while and set up tag feeds on this blog; joined Planet Darcs

• did code review, testing, deployment of BSRK Aditya’s GSOC enhancements

• spent about 8 hours clarifying darcsden history and writing release notes/announcement. Seriously ? Apparently yes.

• moved the darcs hub FAQ back to the front page, cleaned it up and added some javascript magic.

• fixed the slow user list on the front page - it was doing a query for each user. My effective page load time went from ~2 to 1s. Reducing the number of scripts will be a good next step.

• released darcsden 1.1 and the first darcs hub news update. Yay!

This packages up what we have been using at hub.darcs.net so that you can run it locally. It’s the first darcsden release installable from hackage, and the first with the UI updates from darcs hub. For now, it still requires CouchDB and Redis to run.

More importantly, this is about communicating the changes and current status of darcs hub, and doing a bit of marketing. Darcs hub hacking is fun, come and help! I include the announcement below.

# darcsden 1.1 released

darcsden 1.1 is now available on hackage! This is the updated version of darcsden which runs hub.darcs.net, so these changes are also relevant to that site’s users. (More darcs hub news below.)

darcsden is a web application for browsing and managing darcs repositories, issues, and users, plus a basic SSH server which lets users push changes without a system login. It is released under the BSD license. You can use it:

• to browse and manage your local darcs repos with a more comfortable UI
• to make your repos browsable online, optionally with issue tracking
• to run a multi-user darcs hosting site, like hub.darcs.net

http://hub.darcs.net/simon/darcsden - source
http://hub.darcs.net/simon/darcsden/issues - bug tracker

## Release notes for 1.1

Fixed:

• 21: anchors on line numbers exist but line numbers not clickable
• 28: forking then deleting a private repo makes repos unviewable
• 29: darcs get to an invalid ssh repo url hangs
• 46: if user kills a push, the lock file is not removed, preventing subsequent pushes

New:

• the signup page security question is case-insensitive (“darcs”)
• login redirects to the “my repos” page
• a more responsive layout, with content first, buttons at top/right
• more context sensitivity in buttons & links
• better next/previous page controls
• better support for microsoft windows, runs as a service
• builds with GHC 7.6 and latest libraries
• easier developer builds

Brand new, from the Enhancing Darcsden GSOC (some WIP):

• you can edit files through the web
• you can “pack” your repositories, allowing faster darcs get

Detailed change log: http://hub.darcs.net/simon/darcsden/CHANGES.md

## How to help

darcsden is a small, clean codebase that is fun to hack on. Discussion takes place on the #darcs IRC channel, and useful changes will quickly be deployed at hub.darcs.net, providing a tight dogfooding/feedback loop. Here’s how to contribute a patch there:

1. register at hub.darcs.net
3. fork your own branch: http://hub.darcs.net/simon/darcsden , fork
4. copy to your machine: darcs get http://hub.darcs.net/yourname/darcsden
5. make changes, darcs record
6. push to hub: darcs push yourname@hub.darcs.net:darcsden --set-default
7. your change will appear at http://hub.darcs.net/simon/darcsden/patches
8. discuss on #darcs, or ping me (sm, simon@joyful.com) to merge it

## Credits

Alex Suraci created darcsden. Simon Michael led this release, which includes contributions from Alp Mestanogullari, Jeffrey Chu, Ganesh Sittampalam, and BSRK Aditya (sponsored by Google’s Summer of Code). And last time I forgot to mention two 1.0 contributors: Bertram Felgenhauer and Alex Suraci.

darcsden depends on Darcs, Snap, GHC, and other fine projects from the Haskell ecosystem, as well as Twitter Bootstrap, JQuery, and many more.

# darcs hub news 2013/07

http://hub.darcs.net , aka darcs hub, is the darcs repository hosting site I operate. It’s like a mini github, but using darcs. You can:

• browse users, repos, files and changes
• publish darcs repos publicly or privately
• get, push and pull repos over ssh
• fork repos, then view and merge upstream and downstream changes
• track issues

The site was announced on 2012/9/15 (http://thread.gmane.org/gmane.comp.version-control.darcs.user/26556). Since then:

• The site has been deploying new darcsden work promptly; it includes all the 1.1 release improvements described above.

• The server’s ram has doubled from 1G to 2G (thanks Linode). This means app restarts due to excessive memory use are less frequent.

• The front page’s user list had become slow and has been optimised, halving the page load time.

• BSRK Aditya is doing his Google Summer of Code project on enhancing darcsden and darcs hub (mentored by darcs developer Ganesh Sittampalam). Find out more at http://darcs.net/GSoC/2013-Darcsden .

• The site is being used, with many small projects and a few well-known larger ones. Quick stats as of 2013/07/19:

user accounts                       317
repos                               579
disk usage                            2.5G
uptime last 30 days                  99.48%
average response time last 30 days    1.6s
• The site remains free to use, including private repos. Eventually, some kind of funding will be needed to keep it self-sustaining, and could also enable faster development. Donate button ? Gittip ? Charge for private repos ? Let’s discuss.

Please try it out, report problems, and contribute patches to make it better.