We received some great feedback on our previous post about locking down Haskell dependencies to create a reliable build with Haskell's cabal installer. The most important piece of feedback was that the
cabal.config file has a
constraints: field that can be used to lock down dependencies.
cabal will check that file whenever installing.
With that in mind, Ben Armston is taking up the Haskell dependency lockdown torch. He created a package cabal-constraints that lists out exact versions of dependencies. So you can lock down your dependencies with this:
cabal-constraints > cabal.config
It is on github right now, and I found the initial revision to be more reliable than later changes.
git clone https://github.com/benarmston/cabal-constraints git checkout aa2e306b1a096c3a9032df7e7b7961cc18397888 cd cabal-constraints cabal install cd my-project-dir cabal-constraints > cabal.config
Of course, this is not a fully automated solution.
Ben already opened a pull request to add dependency locking to cabal, and it will be known as
freezing. So you will be able to freeze your dependencies with
Docmunch is going to try to make sure this gets in the next major cabal release. There are some things I don't like about the initial implementation, but our main goal is to just get some freezing functionality into cabal as soon as possible. When we talk with other industry users, many express frustration that cabal does not meet their needs. I view freezing as the first obvious and relatively easy step in making cabal work well for more users.