Skip to content

v0.4.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@thomastaylor312 thomastaylor312 released this 08 Jul 21:57
· 232 commits to main since this release
v0.4.0
This tag was signed with the committer’s verified signature.
thomastaylor312 Taylor Thomas
GPG key ID: F6E69B434180BC4A
Learn about vigilant mode.
18e1e23
This commit was signed with the committer’s verified signature.
thomastaylor312 Taylor Thomas
GPG key ID: F6E69B434180BC4A
Learn about vigilant mode.

This is the 0.4 feature release for Bindle. This release is quite large and contains various breaking changes, improvements, and refactors, particularly for consumers of the crate. Please read about the breaking changes carefully if you are a crate user.

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Major Features

  • Signing and verification is now available within the crate. See the crate documentation for more details
  • The server code now handles JSON and TOML content-types

Binary specific

  • Host signing and verification is now enabled on the Bindle server
  • The CLI now has create-key and sign-invoice subcommands to facilitate signing
  • Now featuring more user-friendly errors!

Crate specific

  • Signing and verification has been implemented along with Signed and Verified traits. These traits are sealed and ensure that only the library code can sign them
  • New Authorization and Authentication traits have been added along with noop implementations
  • tracing crate support has been implemented
  • The Provider trait has been streamlined and updated to ensure signing and validation
  • There is now much less cloning and allocation done under the hood

Bug Fixes

  • Blocking I/O operations have been replaced with their async counterparts
  • Parcel length is now validated on the server
  • The file Provider (the provider included with bindle-server) now ensures files are locked to avoid double writes or a read before writes are complete
  • bindle and bindle-server now use XDG for default directory locations
  • Content types with charsets are now handled properly

Known Issues/Missing Features

  • The standalone bindle implementation does not currently handle tarballs. This will be added in a future release
  • Signing and verification is not automatically done in the Client or the bindle CLI
  • Although authn/authz traits are now available, it is not implemented for the bindle server or client

Breaking Changes

  • The server function has additional parameters required in order to enable signing and authn/z (yeah, it is a lot, we are trying to figure out how to fix that)

Before

pub async fn server<P, I>(
    store: P,
    index: I,
    addr: impl Into<SocketAddr> + 'static,
    tls: Option<TlsConfig>,
) -> anyhow::Result<()>
where
    P: Provider + Clone + Send + Sync + 'static,
    I: Search + Clone + Send + Sync + 'static,

After

pub async fn server<P, I, Authn, Authz, S>(
    store: P,
    index: I,
    authn: Authn,
    authz: Authz,
    addr: impl Into<SocketAddr> + 'static,
    tls: Option<TlsConfig>,
    keystore: S,
    verification_strategy: crate::VerificationStrategy,
    keyring: KeyRing,
) -> anyhow::Result<()>
where
    P: Provider + Clone + Send + Sync + 'static,
    I: Search + Clone + Send + Sync + 'static,
    S: SecretKeyStorage + Clone + Send + Sync + 'static,
    Authn: crate::authn::Authenticator + Clone + Send + Sync + 'static,
    Authz: crate::authz::Authorizer + Clone + Send + Sync + 'static,
  • Yanking a bindle now requires a signature
  • The create_invoice function signature on the Provider trait has changed in order to enforce signing and validation. This means all implementations of Provider, including caches and proxies reflect this same change

Before

async fn create_invoice(&self, inv: &super::Invoice) -> Result<Vec<super::Label>>;

After

async fn create_invoice<I>(&self, inv: I) -> Result<(crate::Invoice, Vec<super::Label>)>
where
    I: Signed + Verified + Send + Sync;
  • The BindleFilter type now borrows the invoice rather than cloning it. This has changed the type definition and new constructor:

Before

pub struct BindleFilter

pub fn new(invoice: Invoice) -> Self

After

pub struct BindleFilter<'a>

pub fn new(invoice: &'a Invoice) -> Self
  • BINDLE_SERVER_URL has been renamed to BINDLE_URL for the client

What's next?

Our next anticipated version is 0.5.0 (although we will cut a 0.4.1 if necessary). Our main focus for 0.5 will be finishing signing and verification. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

Assets 2
Loading