Update to zip v3, replace rand_core with getrandom

Author: Kijewski

.github/workflows/ci.yml

@@ -45,7 +45,7 @@ jobs:
         folder:
           - "cli"
         include:
-          - toolchain: "1.73"
+          - toolchain: "1.75"
             folder: api
     runs-on: ubuntu-latest
     steps:
@@ -62,9 +62,9 @@ jobs:
         toolchain:
           - stable
         os:
-          - ubuntu-22.04
-          - windows-2022
-          - macos-13
+          - ubuntu-latest
+          - windows-latest
+          - macos-latest
         versions:
           - ""
           - "-Zminimal-versions"
@@ -107,7 +107,7 @@ jobs:
     strategy:
       matrix:
         toolchain:
-          - 1.73
+          - 1.75
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -129,9 +129,9 @@ jobs:
         toolchain:
           - stable
         os:
-          - ubuntu-22.04
-          - windows-2022
-          - macos-13
+          - ubuntu-latest
+          - windows-latest
+          - macos-latest
         versions:
           - ""
           - "-Zminimal-versions"

.github/workflows/devskim-analysis.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   lint:
     name: DevSkim
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read

Cargo.toml

@@ -7,17 +7,15 @@ default-members = ["api", "cli"]
 base64 = "0.22.0"
 clap = { version = "4.4.0", features = ["derive"] }
 ed25519-dalek = { version = "2.0.0", features = ["digest"] }
+getrandom = { version = "0.3.3", features = ["std"] }
 normalize-path = "0.2.0"
 pretty-error-debug = "0.3.0"
 tempfile = "3.0.0"
 thiserror = "2.0.8"
-zip = { version = "2.0.0", default-features = false }
-
-# Cannot be newer than `ed25519-dalek`'s dependency
-rand_core = { version = "0.6.0", features = ["getrandom"] }
+zip = { version = "3.0.0", default-features = false }
 
 [workspace.dependencies.zipsign-api]
-version = "0.1.3"
+version = "0.1.4"
 path = "api"
 default-features = false
 features = ["tar", "zip"]

api/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "zipsign-api"
 description = "Sign and verify `.zip` and `.tar.gz` files with an ed25519 signing key"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2021"
 authors = ["René Kijewski <[email protected]>"]
 repository = "https://github.com/Kijewski/zipsign"

cli/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "zipsign"
 description = "Sign and verify `.zip` and `.tar.gz` files with an ed25519 signing key"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2021"
 authors = ["René Kijewski <[email protected]>"]
 repository = "https://github.com/Kijewski/zipsign"
@@ -14,10 +14,10 @@ rustdoc-args = ["--generate-link-to-definition", "--cfg=docsrs"]
 
 [dependencies]
 clap.workspace = true
-ed25519-dalek = { workspace = true, features = ["rand_core"] }
+ed25519-dalek.workspace = true
+getrandom.workspace = true
 normalize-path.workspace = true
 pretty-error-debug.workspace = true
-rand_core.workspace = true
 tempfile.workspace = true
 thiserror.workspace = true
 zipsign-api.workspace = true

cli/src/generate.rs

@@ -5,8 +5,7 @@ use std::os::unix::prelude::OpenOptionsExt;
 use std::path::PathBuf;
 
 use clap::Parser;
-use ed25519_dalek::{KEYPAIR_LENGTH, SigningKey};
-use rand_core::OsRng;
+use ed25519_dalek::{KEYPAIR_LENGTH, SecretKey, SigningKey};
 
 /// Generate a signing key
 #[derive(Debug, Parser, Clone)]
@@ -35,6 +34,8 @@ pub(crate) enum Error {
     Read(#[source] std::io::Error, PathBuf),
     #[error("no valid key found in from {1:?}")]
     IllegalKey(#[source] ed25519_dalek::SignatureError, PathBuf),
+    #[error("could not get random data")]
+    Random(#[source] getrandom::Error),
 }
 
 pub(crate) fn main(args: Cli) -> Result<(), Error> {
@@ -53,7 +54,10 @@ pub(crate) fn main(args: Cli) -> Result<(), Error> {
             Err(err) => return Err(Error::IllegalKey(err, args.private_key)),
         }
     } else {
-        let key: SigningKey = SigningKey::generate(&mut OsRng);
+        let mut secret = SecretKey::default();
+        getrandom::fill(secret.as_mut_slice()).map_err(Error::Random)?;
+        let key = SigningKey::from_bytes(&{ secret });
+
         let result = OpenOptions::new()
             .write(true)
             .create(true)