Skip to content

Commit 96d044e

Browse files
GaspardKiriraGaspardKirira
committed
Update install
1 parent 1db79cf commit 96d044e

File tree

2 files changed

+193
-185
lines changed

2 files changed

+193
-185
lines changed

install.ps1

Lines changed: 32 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,11 @@ $Repo = if ($env:VIX_REPO) { $env:VIX_REPO } else { "vixcpp/
1616
$Version = if ($env:VIX_VERSION) { $env:VIX_VERSION } else { "latest" }
1717
$InstallDir = if ($env:VIX_INSTALL_DIR) { $env:VIX_INSTALL_DIR } else { Join-Path $env:LOCALAPPDATA "Vix\bin" }
1818
$BinName = "vix.exe"
19+
20+
# minisign public key (base64 only)
1921
$MiniSignPubKey = "RWSIfpPSznK9A1gWUc8Eg2iXXQwU5d9BYuQNKGOcoujAF2stPu5rKFjQ"
2022

2123
function Resolve-LatestTag([string]$repo) {
22-
# Robust way: call GitHub API (no auth needed for low volume)
2324
$api = "https://api.github.com/repos/$repo/releases/latest"
2425
try {
2526
$resp = Invoke-RestMethod -Uri $api -Headers @{ "User-Agent" = "vix-installer" }
@@ -32,7 +33,7 @@ function Resolve-LatestTag([string]$repo) {
3233

3334
$Tag = if ($Version -eq "latest") { Resolve-LatestTag $Repo } else { $Version }
3435

35-
# Detect arch (prefer OS bitness + ARM check)
36+
# Detect arch
3637
$archRaw = $env:PROCESSOR_ARCHITECTURE
3738
$Arch = switch -Regex ($archRaw) {
3839
"AMD64" { "x86_64"; break }
@@ -45,26 +46,28 @@ $BaseUrl = "https://github.com/$Repo/releases/download/$Tag"
4546
$UrlBin = "$BaseUrl/$Asset"
4647
$UrlSha = "$UrlBin.sha256"
4748
$UrlMiniSig = "$UrlBin.minisig"
48-
$SigPath = Join-Path $TmpDir ($Asset + ".minisig")
4949

5050
Info "repo=$Repo version=$Tag arch=$Arch"
5151
Info "install_dir=$InstallDir"
5252

5353
# Temp dir unique
5454
$TmpDir = Join-Path ([System.IO.Path]::GetTempPath()) ("vix-" + [System.Guid]::NewGuid().ToString("N"))
5555
New-Item -ItemType Directory -Force -Path $TmpDir | Out-Null
56+
5657
try {
5758
$ZipPath = Join-Path $TmpDir $Asset
5859
$ShaPath = Join-Path $TmpDir ($Asset + ".sha256")
60+
$SigPath = Join-Path $TmpDir ($Asset + ".minisig")
5961

6062
Info "downloading: $UrlBin"
6163
Invoke-WebRequest -Uri $UrlBin -OutFile $ZipPath
6264

63-
# SHA256 verification policy:
64-
# - If sha256 file exists -> MUST verify and match.
65-
# - If sha256 missing -> warn (optionally you can hard-fail; currently warn).
65+
# Require at least one verification method (sha256 or minisign)
66+
$haveSha = $false
67+
$haveSig = $false
68+
69+
# --- SHA256 verification ---
6670
Info "trying sha256 verification..."
67-
$shaOk = $false
6871
try {
6972
Invoke-WebRequest -Uri $UrlSha -OutFile $ShaPath
7073

@@ -85,35 +88,38 @@ try {
8588
$actual = (Get-FileHash -Algorithm SHA256 -LiteralPath $ZipPath).Hash
8689
if ($expected.ToLower() -ne $actual.ToLower()) { Die "sha256 mismatch" }
8790

88-
$shaOk = $true
91+
$haveSha = $true
8992
Info "sha256 ok"
93+
} catch {
94+
Info "sha256 file not found (skipping)"
95+
}
9096

91-
Info "trying minisign verification..."
92-
try {
93-
Invoke-WebRequest -Uri $UrlMiniSig -OutFile $SigPath
94-
95-
$mini = Get-Command minisign -ErrorAction SilentlyContinue
96-
if (-not $mini) {
97-
Die "minisig is published but minisign is not installed (install minisign or use a release without minisig)"
98-
}
99-
100-
# minisign on Windows supports -V -m <file> -x <sig> -P <pubkey>
101-
& minisign -V -m $ZipPath -x $SigPath -P $MiniSignPubKey | Out-Null
97+
# --- minisign verification (if minisig exists) ---
98+
Info "trying minisign verification..."
99+
try {
100+
Invoke-WebRequest -Uri $UrlMiniSig -OutFile $SigPath
101+
$haveSig = $true
102102

103-
Info "minisign ok"
104-
} catch {
105-
Info "minisig not found (skipping)"
103+
$mini = Get-Command minisign -ErrorAction SilentlyContinue
104+
if (-not $mini) {
105+
Die "minisig is published but minisign is not installed (install minisign or use sha256-only verification)"
106106
}
107+
108+
& minisign -V -m $ZipPath -x $SigPath -P $MiniSignPubKey | Out-Null
109+
Info "minisign ok"
107110
} catch {
108-
Info "sha256 file not found (skipping)"
111+
Info "minisig not found (skipping)"
112+
}
113+
114+
if (-not $haveSha -and -not $haveSig) {
115+
Die "no verification file found (.sha256 or .minisig). refusing to install."
109116
}
110117

111-
# Extract to temp first, then move only vix.exe (avoids zip path layout issues)
118+
# Extract to temp first, then move only vix.exe
112119
$ExtractDir = Join-Path $TmpDir "extract"
113120
New-Item -ItemType Directory -Force -Path $ExtractDir | Out-Null
114121
Expand-Archive -LiteralPath $ZipPath -DestinationPath $ExtractDir -Force
115122

116-
# Find vix.exe anywhere in archive
117123
$ExeCandidate = Get-ChildItem -LiteralPath $ExtractDir -Recurse -File -Filter $BinName | Select-Object -First 1
118124
if (-not $ExeCandidate) { Die "archive does not contain $BinName" }
119125

@@ -123,7 +129,7 @@ try {
123129

124130
Info "installed to $Exe"
125131

126-
# Add to user PATH (idempotent + exact segment check)
132+
# Add to user PATH (idempotent)
127133
$userPath = [Environment]::GetEnvironmentVariable("Path", "User")
128134
if (-not $userPath) { $userPath = "" }
129135

0 commit comments

Comments
 (0)