add minisign (#60)

* wip: add minisign

* fix: minisign impl

* wip: minisign

* wip: add minisign

* wip: minisign impl

* remove logs

* remove logs

* remove logs

* chore: update README.md

README.md

@@ -27,7 +27,7 @@ brew install zvm
 Now add this line to your `~/.bashrc`, `~/.profile`, or `~/.zshrc` file.
 
 ```bash
-export PATH="$HOME/.zm/current:$PATH"
+export PATH="$HOME/.zm/current/zig:$PATH"
 ```
 
 ### Windows

src/alias.zig

@@ -60,16 +60,14 @@ fn update_current(zig_path: []const u8, symlink_path: []const u8) !void {
         return;
     }
 
-    // when platform is not windows, this is execute here
-
-    // when file exist(it is a systemlink), delete it
+    // Remove existing symlink if it exists
     if (util_tool.does_path_exist(symlink_path)) try std.fs.deleteFileAbsolute(symlink_path);
 
-    // system link it
+    // Create symlink to the version directory
     try std.posix.symlink(zig_path, symlink_path);
 }
 
-/// verify current zig version
+/// Verify current zig version
 fn verify_zig_version(expected_version: []const u8) !void {
     const allocator = util_data.get_allocator();
 

src/command.zig

@@ -205,7 +205,7 @@ fn install_version(subcmd: ?[]const u8, param: ?[]const u8) !void {
         // set zig version
         try install.install(version, false);
         // set zls version
-        try install.install(version, true);
+        //try install.install(version, true);
     } else {
         std.debug.print("Please specify a version to install: 'install zig/zls <version>' or 'install <version>'.\n", .{});
     }
@@ -234,7 +234,7 @@ fn use_version(subcmd: ?[]const u8, param: ?[]const u8) !void {
         // set zig version
         try alias.set_version(version, false);
         // set zls version
-        try alias.set_version(version, true);
+        // try alias.set_version(version, true);
     } else {
         std.debug.print("Please specify a version to use: 'use zig/zls <version>' or 'use <version>'.\n", .{});
     }

src/config.zig

@@ -12,6 +12,10 @@ pub var progress_root: std.Progress.Node = undefined;
 
 /// zig meta data url
 pub const zig_meta_url: []const u8 = "https://ziglang.org/download/index.json";
+
+/// zig minisign public key
+pub const ZIG_MINISIGN_PUBLIC_KEY = "RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U";
+
 /// zls meta data url
 pub const zls_meta_url: []const u8 = "https://api.github.com/repos/zigtools/zls/releases";
 

src/install.zig

@@ -9,6 +9,7 @@ const util_data = @import("util/data.zig");
 const util_extract = @import("util/extract.zig");
 const util_tool = @import("util/tool.zig");
 const util_http = @import("util/http.zig");
+const util_minisign = @import("util/minisign.zig");
 
 const Version = struct {
     name: []const u8,
@@ -28,7 +29,7 @@ pub fn install(version: []const u8, is_zls: bool) !void {
 
 /// Try to install the specified version of zig
 fn install_zig(version: []const u8) !void {
-    const allocator = util_data.get_allocator();
+    var allocator = util_data.get_allocator();
 
     const platform_str = try util_arch.platform_str(.{
         .os = builtin.os.tag,
@@ -41,56 +42,83 @@ fn install_zig(version: []const u8) !void {
 
     const arena_allocator = arena.allocator();
 
-    // get version path
+    // Get version path
     const version_path = try util_data.get_zvm_zig_version(arena_allocator);
-    // get extract path
+    // Get extract path
     const extract_path = try std.fs.path.join(arena_allocator, &.{ version_path, version });
 
-    if (util_tool.does_path_exist(extract_path)) {
-        try alias.set_version(version, false);
-        return;
-    }
-
-    // get version data
+    // Get version data
     const version_data: meta.Zig.VersionData = blk: {
         const res = try util_http.http_get(arena_allocator, config.zig_url);
         var zig_meta = try meta.Zig.init(res, arena_allocator);
         const tmp_val = try zig_meta.get_version_data(version, platform_str, arena_allocator);
         break :blk tmp_val orelse return error.UnsupportedVersion;
     };
 
-    const reverse_platform_str = try util_arch.platform_str(.{
-        .os = builtin.os.tag,
-        .arch = builtin.cpu.arch,
-        .reverse = false,
-    }) orelse unreachable;
+    if (util_tool.does_path_exist(extract_path)) {
+        try alias.set_version(version, false);
+        return;
+    }
 
-    const file_name = try std.mem.concat(
+    const file_name = std.fs.path.basename(version_data.tarball);
+
+    const parsed_uri = std.Uri.parse(version_data.tarball) catch unreachable;
+
+    // Download the tarball
+    const tarball_file = try util_http.download(parsed_uri, file_name, version_data.shasum, version_data.size);
+    defer tarball_file.close();
+
+    // Derive signature URI by appending ".minisig" to the tarball URL
+    var signature_uri_buffer: [1024]u8 = undefined;
+    const signature_uri_buf = try std.fmt.bufPrint(
+        &signature_uri_buffer,
+        "{s}.minisig",
+        .{version_data.tarball}, // Use the original tarball URL
+    );
+
+    const signature_uri = try std.Uri.parse(signature_uri_buffer[0..signature_uri_buf.len]);
+
+    // Define signature file name
+    const signature_file_name = try std.mem.concat(
         arena_allocator,
         u8,
-        &.{ "zig-", reverse_platform_str, "-", version, ".", config.archive_ext },
+        &.{ file_name, ".minisig" },
     );
 
-    const parsed_uri = std.Uri.parse(version_data.tarball) catch unreachable;
-    const new_file = try util_http.download(parsed_uri, file_name, version_data.shasum, version_data.size);
-    defer new_file.close();
+    // Download the signature file
+    const minisig_file = try util_http.download(signature_uri, signature_file_name, null, null);
+    defer minisig_file.close();
+
+    // Get paths to the tarball and signature files
+    const zvm_store_path = try util_data.get_zvm_path_segment(allocator, "store");
+    defer allocator.free(zvm_store_path);
+    const tarball_path = try std.fs.path.join(arena_allocator, &.{ zvm_store_path, file_name });
+    const sig_path = try std.fs.path.join(arena_allocator, &.{ zvm_store_path, signature_file_name });
+
+    // Perform Minisign Verification
+    try util_minisign.verify(
+        &allocator,
+        sig_path,
+        config.ZIG_MINISIGN_PUBLIC_KEY,
+        tarball_path,
+    );
 
+    // Proceed with extraction after successful verification
     try util_tool.try_create_path(extract_path);
     const extract_dir = try std.fs.openDirAbsolute(extract_path, .{});
 
-    try util_extract.extract(extract_dir, new_file, if (builtin.os.tag == .windows) .zip else .tarxz, false);
-
-    // mv
-    const sub_path = try std.fs.path.join(arena_allocator, &.{
-        extract_path, try std.mem.concat(
-            arena_allocator,
-            u8,
-            &.{ "zig-", reverse_platform_str, "-", version },
-        ),
-    });
-    defer std.fs.deleteTreeAbsolute(sub_path) catch unreachable;
-
-    try util_tool.copy_dir(sub_path, extract_path);
+    try util_extract.extract(extract_dir, tarball_file, if (builtin.os.tag == .windows) .zip else .tarxz, false);
+
+    //TODO: not needed (macOS) still needed for unix and windows?
+    // const sub_path = try std.fs.path.join(arena_allocator, &.{
+    //     extract_path, try std.mem.concat(
+    //         arena_allocator,
+    //         u8,
+    //         &.{},
+    //     ),
+    // });
+    //
+    //try util_tool.copy_dir(sub_path, extract_path);
 
     try alias.set_version(version, false);
 }