Skip to content

1.0.0-beta4

Pre-release
Pre-release
Compare
Choose a tag to compare
@sgammon sgammon released this 27 Nov 01:22
· 10 commits to main since this release
1.0.0-beta4
This tag was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Verified
Learn about vigilant mode.
e789c7b
This commit was signed with the committer’s verified signature.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Verified
Learn about vigilant mode.

Summary

Bugfixes for the local Buildless and Pkgst proxies, and several improvements or other bugfixes in the CLI. Buildless local agent services now leverage Unix domain sockets and native Netty transports where possible, and will not wait for operations to complete before releasing clients.

Warning

This version has known issues. Instead, please use 1.0.0-beta5 or later.

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity [email protected] Issuer for this release (a GitHub account)

Changelog

  • fix: buildless rpc domain updated to global.less.build
  • fix: native netty transport
  • fix: unix domain sockets on macOS
  • fix: async (deferred) push to remote
  • fix: compression for pkgst proxy (brotli and gzip)
  • chore: increase default IO threads to prevent pkgst proxy deadlock
  • chore: dependency updates

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.darwin-arm64.sigstore.json \
  && tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir ~/bin \
  && cp -fv buildless ~/bin \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --version \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta4/buildless.linux-amd64.sigstore.json \
  && tar -xzvf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity [email protected] \
    --bundle ./buildless.linux-arm64.sigstore.json \
    buildless \
  && mkdir ~/bin \
  && cp -fv buildless ~/bin \
  && export PATH="$PATH:~/bin" \
  && rm -fv buildless "buildless.linux-amd64.*" \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity [email protected] \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
Assets 23
Loading