search

zboxfs / zbox

Zero-details, privacy-focused in-app file system.
https://zbox.io/fs/
Apache License 2.0
1.54k stars 76 forks source link

Pre-bundled libsodium #34

Closed xmclark closed 5 years ago

xmclark commented 5 years ago

Using zbox could be a little easier if libsodium was downloaded and built during cargo build. Although simple, libsodium is an extra configuration step, and It introduces complexity for local development and automated CI builds.

The rust_sodium project does this in a custom build script.

Zbox could offer an optional pre-bundled version with a feature flag e.g. cargo build --features libsodium-bundled which would download and build a recent stable build of libsodium.

burmecia commented 5 years ago

Thanks for your suggestion.

My original thought was libsodium is the critical dependency of zbox, so users should have full control of it. Thus, they don't need to trust zbox to manage the cryptography library for them. But from usability perspective this is indeed not convenience for end users.

The optional feature might make build script more complicated, but it seems worth of it. I will add it as an optional feature in the next release.

xmclark commented 5 years ago

We forked and made a change to the build script to pre-bundle libsodium. So far we are really enjoy zbox! Having it pre-bundled is super nice.

Our build script change is rough, but it has served our needs. Feel free to snag it if you like, or I can open a PR too.
https://github.com/wasmerio/zbox/blob/bundle-libsodium/build.rs

burmecia commented 5 years ago

Thank you @xmclark , you can open a PR and I am happy to merge it.

burmecia commented 5 years ago

The libsodium gpg signature verification is also added in f1630f42f1f20b50b984f0bee20f3d65a4633505.