Closed hendriknielaender closed 10 months ago
I would love to implement this feature if that would be okay with you!
I have a few ideas that could work well here. The way I see it, the implementation could be just a few free functions within hash.zig
that read some arbitrary input buffer, and compare it to an expected value (like you already seem to have started). That ticks of 1
and 2
goals.
I like this as the approach is straightforward and easy to understand. I can implement the functionality compute the downloaded file hash, compare it to the provided checksum file contents and also write whatever else is required to meet your goal 3
.
Would you prefer that the implementation be free functions in hash.zig
module? Or do you want something a bit more flexible, like a generic Validator
function (interface), or what not, allowing more flexibility in the future at the cost of adding immediate complexity?
Hi @ellacrity,
Thanks for wanting to help with adding the checksum verification. I like your simple and clear approach of using free functions in the hash.zig
module. I believe this aligns well with the current structure of the project.
I don't have a preferred way of implementation and am open to the proposed method, which balances simplicity and effectiveness.
I'm happy to assign this task to you. Please feel free to reach out if you have any further questions or need clarification on any aspect as you work through this.
Looking forward to your work on this!
I did not notice at first that you were using a v0.11.0 Zig toolchain. I assume this is not going to change until the next major release (0.12.0)?
The reason I ask is that there are breaking changes that occurred due to the std.http.Client
struct. I just wanted to double check with you before implementing this. I track the master branch but I will of course use 0.11.0 unless told otherwise.
Yes, your assumptions were correct :)
I have added Compatibility Notes to the readme. Already a good catch, as soon as 0.12 gets released we need to do the migration for std.http.Client
.
Any updates? Just asking, otherwise I would go ahead and adjust my open PR.
For security and data integrity purposes, it's imperative that we add checksum (shasum) verification to the Zig binary downloads. This will ensure that the downloaded binaries have not been tampered with and are the exact copies of the originals.
When a Zig binary is downloaded, we should: