[Installer]: upgrade cloning with gitdl

[4lxprime]

Replacing git clone command and a lot of stuff with it by a simple gitdl line which is way better in term of network performances because we aren't downloading the whole project, moving/renaming things and can be easier to add repititives options.

[michaeldakin]

I'm no "std lib only" Andy, but realistically the gitdl package is just going over a repo api, slaps it into a map, creates the dirs and uses http.Get to download each file, which is not a whole lot better or different to the current setup.

The biggest issue I have is that gitdl does not do any form of checksum validation to confirm the files are correct and match the git repo you are downloading from.

Issues off the top of my head:

• are the files correct?
  • have they been tampered with
  • malformed download
  • MITM/Proxy tampering or redirected request and provided different file
• do they match the version / branch / tag you are after

I'd love to see sha checksum validation added to the gitdl project though!

[4lxprime]

I like the fact of using only std lib because it means that your code doesn't depend on other devs and cannot really be compromised by unknown dev but actually i think this could help getting better compatibility because the user doesn't need to have the git binary in the PATH or using default git client, moreover, he doesn't need to re-download the whole project each time.
In gitdl i've added the checksum based on github api hash and a size check aswell.
I think i'll add a few options like different http clients (fasthttp and maybe gnet) for more performances.

[4lxprime]

If there's something i could add to gitdl or something to change in my implementation i'll be happy to work on it.