add support for encrypted signing keys

Author: marler8997

README.md

@@ -1,3 +1,17 @@
+Tuple Launch
+================================================================================
+Use the following link to download the toolchain for this project:
+
+https://ziglang.org/builds/zig-linux-x86_64-0.10.0-dev.2674+d980c6a38.tar.xz
+
+Download/extract the archve and run `zig build` with the resulting `zig` executable.
+
+This will generate executables in the `zig-out` directory which will include:
+
+* the `signing` executable for generating new keys/signing and verifying signatures.
+* the `tuple-launch` and `tuple-flatpak-launch` executables which are used by Tuple
+  uses during its launch process.
+
 Tuple Launch Process
 ================================================================================
 Tuple requires privileged access that the flatpak portal doesn't provide.  To

build.zig

@@ -5,57 +5,101 @@ const Step = std.build.Step;
 pub fn build(b: *Builder) void {
     const mode = b.standardReleaseOptions();
     const strip = b.option(bool, "strip", "strip binaries") orelse true;
-    buildAnytype(b, "", mode, strip);
+
+    const path_prefix = "";
+    const signing_exe = addSigningExe(b, path_prefix);
+    const dev_signing = Signing{
+        .exe = signing_exe,
+        .key_filename = b.pathFromRoot("tuple_dev_ed25519"),
+    };
+    _ = addLaunchExes(b, path_prefix, mode, .customer, .{ .pubkey_filepath = "tuple_dev_ed25519.pub", .strip = strip, .exe_suffix = ""    , .signing = null });
+    _ = addLaunchExes(b, path_prefix, mode, .dev     , .{ .pubkey_filepath = "tuple_dev_ed25519.pub", .strip = strip, .exe_suffix = "-dev", .signing = dev_signing });
+}
+
+pub const SigningExe = struct {
+    exe: *std.build.LibExeObjStep,
+};
+
+fn concat(b: *Builder, left: []const u8, right: []const u8) []u8 {
+    return std.mem.concat(b.allocator, u8, &.{left, right}) catch unreachable;
 }
 
+pub fn addSigningExe(b: *Builder, comptime path_prefix: []const u8) SigningExe {
+    const exe = b.addExecutable("signing", path_prefix ++ "signing.zig");
+    exe.single_threaded = true;
+    exe.override_dest_dir = .prefix;
+    exe.install();
+    return SigningExe{ .exe = exe };
+}
+
+pub const LaunchExeVariant = enum { dev, customer };
+
+pub const LaunchExes = struct {
+    launch: *std.build.LibExeObjStep,
+    flatpak_launch: *std.build.LibExeObjStep,
+};
+
+pub const Signing = struct {
+    exe: SigningExe,
+    key_filename: []const u8,
+};
+
 // This function allows this build to be used as apart of another build.zig.  Set `path_prefix`
 // to the sub_path where this build.zig file exists (include trailing slash).
-pub fn buildAnytype(b: *Builder, comptime path_prefix: []const u8, mode: std.builtin.Mode, strip: bool) void {
+pub fn addLaunchExes(
+    b: *Builder,
+    path_prefix: []const u8,
+    mode: std.builtin.Mode,
+    variant: LaunchExeVariant,
+    opt: struct {
+        pubkey_filepath: []const u8,
+        strip: bool,
+        exe_suffix: []const u8,
+        signing: ?Signing,
+    },
+) LaunchExes {
     const target = std.zig.CrossTarget.parse(.{
         .arch_os_abi = "x86_64-linux",
     }) catch unreachable;
 
-    const signing_exe = b.addExecutable("signing", path_prefix ++ "signing.zig");
-    signing_exe.single_threaded = true;
-    signing_exe.override_dest_dir = .prefix;
-    signing_exe.install();
-
     const path_prefix_no_ts = std.mem.trimRight(u8, path_prefix, "/");
 
-    const LaunchExeVariant = enum { dev, customer };
-    inline for (std.meta.fields(LaunchExeVariant)) |field| {
-        const variant = @intToEnum(LaunchExeVariant, field.value);
-        const suffix = switch (variant) { .dev => "-dev", .customer => "" };
-        const build_options = b.addOptions();
-        build_options.addOption(LaunchExeVariant, "variant", variant);
-
-        {
-            const exe = b.addExecutable("tuple-launch" ++ suffix, path_prefix ++ "launch.zig");
-            exe.addIncludePath(b.pathFromRoot(path_prefix_no_ts));
-            exe.setBuildMode(mode);
-            exe.setTarget(target);
-            exe.single_threaded = true;
-            exe.strip = strip;
-            exe.override_dest_dir = .prefix;
-            exe.install();
-            exe.addOptions("build_options", build_options);
-        }
-        {
-            const exe = b.addExecutable("tuple-flatpak-launch" ++ suffix, path_prefix ++ "flatpak-launch.zig");
-            exe.addIncludePath(b.pathFromRoot(path_prefix_no_ts));
-            exe.setBuildMode(mode);
-            exe.setTarget(target);
-            exe.single_threaded = true;
-            exe.strip = strip;
-            exe.override_dest_dir = .prefix;
-            exe.install();
-            exe.addOptions("build_options", build_options);
-
-            const sign_exe = signing_exe.run();
+    const build_options = b.addOptions();
+    build_options.addOption(LaunchExeVariant, "variant", variant);
+    build_options.addOption([]const u8, "pubkey_filepath", opt.pubkey_filepath);
+
+    const launch_exe = blk: {
+        const exe = b.addExecutable(concat(b, "tuple-launch", opt.exe_suffix), concat(b, path_prefix, "launch.zig"));
+        exe.addIncludePath(b.pathFromRoot(path_prefix_no_ts));
+        exe.setBuildMode(mode);
+        exe.setTarget(target);
+        exe.single_threaded = true;
+        exe.strip = opt.strip;
+        exe.override_dest_dir = .prefix;
+        exe.install();
+        exe.addOptions("build_options", build_options);
+        break :blk exe;
+    };
+    const flatpak_launch_exe = blk: {
+        const exe = b.addExecutable("tuple-flatpak-launch", concat(b, path_prefix, "flatpak-launch.zig"));
+        exe.addIncludePath(b.pathFromRoot(path_prefix_no_ts));
+        exe.setBuildMode(mode);
+        exe.setTarget(target);
+        exe.single_threaded = true;
+        exe.strip = opt.strip;
+        exe.override_dest_dir = .prefix;
+        exe.install();
+        exe.addOptions("build_options", build_options);
+
+        if (opt.signing) |signing| {
+            const sign_exe = signing.exe.exe.run();
             sign_exe.addArg("sign");
-            sign_exe.addArg(b.pathFromRoot(path_prefix ++ "tuple_dev_ed25519"));
+            sign_exe.addArg(signing.key_filename);
             sign_exe.addArtifactArg(exe);
             b.getInstallStep().dependOn(&sign_exe.step);
         }
-    }
+        break :blk exe;
+    };
+
+    return .{ .launch = launch_exe, .flatpak_launch = flatpak_launch_exe };
 }

launch.zig

@@ -233,11 +233,6 @@ pub fn main() !void {
     os.exit(0xff);
 }
 
-const launch_suffix = switch (build_options.variant) {
-    .dev => "-dev",
-    .customer => "",
-};
-
 pub fn getTupleFlatpakLaunchExe(
     flatpak_id: []const u8,
     flatpak_install_kind: FlatpakInstallKind,
@@ -292,11 +287,11 @@ pub fn getTupleFlatpakLaunchExe(
     }
     const location = std.mem.trimRight(u8, result.stdout, "\n\r ");
     log.debug(@src(), "flatpak location is '{s}'", .{location});
-    return try std.fmt.allocPrintZ(global_arena.allocator(), "{s}/files/bin/tuple-flatpak-launch" ++ launch_suffix, .{location});
+    return try std.fmt.allocPrintZ(global_arena.allocator(), "{s}/files/bin/tuple-flatpak-launch", .{location});
 }
 
 const tuple_dev_ed25519_pub = blk: {
-    const pub_hex = @embedFile("tuple_dev_ed25519.pub");
+    const pub_hex = @embedFile(build_options.pubkey_filepath);
     var buf: [Signer.public_length]u8 = undefined;
     const len = (std.fmt.hexToBytes(&buf, pub_hex) catch @panic("pub keyfile contained non-hex digits")).len;
     std.debug.assert(len == buf.len);