v0.4.0

This is the 0.4 feature release for Bindle. This release is quite large and contains various breaking changes, improvements, and refactors, particularly for consumers of the crate. Please read about the breaking changes carefully if you are a crate user.

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

• checksum file
• Linux amd64
• MacOS amd64
• Windows 64-bit

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Major Features

• Signing and verification is now available within the crate. See the crate documentation for more details
• The server code now handles JSON and TOML content-types

Binary specific

• Host signing and verification is now enabled on the Bindle server
• The CLI now has create-key and sign-invoice subcommands to facilitate signing
• Now featuring more user-friendly errors!

Crate specific

• Signing and verification has been implemented along with Signed and Verified traits. These traits are sealed and ensure that only the library code can sign them
• New Authorization and Authentication traits have been added along with noop implementations
• tracing crate support has been implemented
• The Provider trait has been streamlined and updated to ensure signing and validation
• There is now much less cloning and allocation done under the hood

Bug Fixes

• Blocking I/O operations have been replaced with their async counterparts
• Parcel length is now validated on the server
• The file Provider (the provider included with bindle-server) now ensures files are locked to avoid double writes or a read before writes are complete
• bindle and bindle-server now use XDG for default directory locations
• Content types with charsets are now handled properly

Known Issues/Missing Features

• The standalone bindle implementation does not currently handle tarballs. This will be added in a future release
• Signing and verification is not automatically done in the Client or the bindle CLI
• Although authn/authz traits are now available, it is not implemented for the bindle server or client

Breaking Changes

• The server function has additional parameters required in order to enable signing and authn/z (yeah, it is a lot, we are trying to figure out how to fix that)

Before

pub async fn server<P, I>(
    store: P,
    index: I,
    addr: impl Into<SocketAddr> + 'static,
    tls: Option<TlsConfig>,
) -> anyhow::Result<()>
where
    P: Provider + Clone + Send + Sync + 'static,
    I: Search + Clone + Send + Sync + 'static,

After

pub async fn server<P, I, Authn, Authz, S>(
    store: P,
    index: I,
    authn: Authn,
    authz: Authz,
    addr: impl Into<SocketAddr> + 'static,
    tls: Option<TlsConfig>,
    keystore: S,
    verification_strategy: crate::VerificationStrategy,
    keyring: KeyRing,
) -> anyhow::Result<()>
where
    P: Provider + Clone + Send + Sync + 'static,
    I: Search + Clone + Send + Sync + 'static,
    S: SecretKeyStorage + Clone + Send + Sync + 'static,
    Authn: crate::authn::Authenticator + Clone + Send + Sync + 'static,
    Authz: crate::authz::Authorizer + Clone + Send + Sync + 'static,

• Yanking a bindle now requires a signature
• The create_invoice function signature on the Provider trait has changed in order to enforce signing and validation. This means all implementations of Provider, including caches and proxies reflect this same change

Before

async fn create_invoice(&self, inv: &super::Invoice) -> Result<Vec<super::Label>>;

After

async fn create_invoice<I>(&self, inv: I) -> Result<(crate::Invoice, Vec<super::Label>)>
where
    I: Signed + Verified + Send + Sync;

• The BindleFilter type now borrows the invoice rather than cloning it. This has changed the type definition and new constructor:

Before

pub struct BindleFilter

pub fn new(invoice: Invoice) -> Self

After

pub struct BindleFilter<'a>

pub fn new(invoice: &'a Invoice) -> Self

• BINDLE_SERVER_URL has been renamed to BINDLE_URL for the client

What's next?

Our next anticipated version is 0.5.0 (although we will cut a 0.4.1 if necessary). Our main focus for 0.5 will be finishing signing and verification. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

v0.3.1

This is the 0.3.1 bugfix release for Bindle. This release contains a single fix that fixes some compilation errors with certain cargo features enabled, as such, the 0.3.0 version of the Rust crate has been yanked. This only applies to the crate and not to the binary releases of 0.3.0 as those function properly

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

• checksum file
• Linux amd64
• MacOS amd64
• Windows 64-bit

Once downloaded, you can follow the installation and getting started instructions

What's next?

Our next anticipated version is 0.4.0 (although we will cut a 0.3.2 if necessary). Our main focus for 0.4 will be around implementing signing validation on the server. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

v0.3.0

This is the 0.3 feature release for Bindle. This release was mostly focused on some underlying optimization and some bug fixes. There was also a new section added on bindle signing to the specification

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

• checksum file
• Linux amd64
• MacOS amd64
• Windows 64-bit

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Major Features

• There is now an LRU cache implementation available in the SDK
• The Bindle spec has been updated with information on how to sign Bindles. This part of the spec is still under development and may undergo a few more changes. The Invoice object now has methods for signing bindles.

Bug Fixes

• This release contains one major bug fix for a possible race condition with the built in FileProvider if 2 people tried to create a resource at the same time or if one tried to read while the other writes. We also updated the documentation of the Provider trait to reflect the need for locking/atomic operations when implementing a terminal Provider

Known Issues/Missing Features

• The standalone bindle implementation does not currently handle tarballs. This will be added in a future release
• The signing and verification code has not been integrated into the Bindle server or API. This will be added for the 0.4 release

Breaking Changes

There were no major breaking changes in this release

What's next?

Our next anticipated version is 0.4.0 (although we will cut a 0.3.1 if necessary). Our main focus for 0.4 will be around implementing signing validation on the server. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

v0.2.0

This is the 0.2 feature release for Bindle. This release contains several large breaking changes in both the protocol specification and some of the Rust APIs. Those changes are described in the "Breaking Changes" section.

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

• checksum file
• Linux amd64
• MacOS amd64
• Windows 64-bit

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Major Features

• A renamed and better defined Provider trait that replaces the Storage trait
• A new proxy module that includes a Proxy type. This type takes a configured Bindle client and then implements a Provider, proxying all requests to another Bindle server

Known Issues/Missing Features

• The standalone bindle implementation does not currently handle tarballs. This will be added in a future release

Breaking Changes

Spec Changes

There was a major spec change in the protocol around how parcels are accessed. Due to the need for signed bundles and role specific authorization (i.e. Alice can only access bindles and parcels in the example.com/foo namespace), parcels are no longer accessed using the _p endpoint. The _p endpoint has been removed and parcels are now subpathed under their particular bindles:

Old

https://bindle.example.com/v1/_p/deadbeef

New

https://bindle.example.com/v1/_i/example.com/foo/1.0.0@deadbeef

This also had the additional benefit of removing the need for separate label files stored alongside parcel.dat files, which means the standalone bindle spec no longer has those as a requirement. The client has been updated to handle these new APIs.

API changes

Provider replacing Storage trait

The largest breaking change of this release is the renaming and modification of the Storage trait to now be a Provider trait. This change was made primarily to model that anything can provide a Bindle. This could be a proxy (which just contacts an upstream server), a cache, or an actual "terminal" provider that stores Bindle in a database or blob store somewhere. The old trait definition was written primarily as a storage access layer rather than something that provides Bindles for a consumer.

As part of this work, most of the parcel related function signatures have changed to require an ID parameter like the invoice methods. This reflects the change made in the spec. The storage module is now called provider as well. You can see the full trait definition here.

This should be the last massive change to the trait, although there could be some more small changes as we work on implementing signing

Other Breaking Changes

• DumbCache now takes two different Providers. One to serve as local storage and another to serve as a remote provider (likely fetching from an upstream Bindle server)
• Everything now uses Stream. Before, the Storage trait and other methods that interfaced with it were using AsyncRead implementors. After using this in practice, we realized it was clunky, so everything now deals with Streams

What's next?

Our next anticipated version is 0.3.0 (although we will cut a 0.3.1 if necessary). Our main focus for 0.3 will be around spec improvements, signing, caching, and additional features. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

v0.1.1

This is the first bug release for 0.1. Mainly this contains small fixes to the crate documentation and re-enables stream support for uploading parcels (yay for big files!)

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

• checksum file
• Linux amd64
• MacOS amd64
• Windows 64-bit

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Known Issues/Missing Features

• The standalone bindle implementation does not currently handle tarballs. This will be added in a future release

What's next?

Our next anticipated version is 0.2.0 (although we will cut a 0.1.2 if necessary). Our main focus for 0.2 will be around spec improvements, API refactors, and additional features. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

v0.1.0 release

This is the initial release of Bindle! Bindle is an aggregate object storage system. For more information what that means, see the README. The repo contains both the Bindle Specification and a Rust implementation of that specification.

Installing

You can download the prebuilt binaries for the Bindle CLI client, the Bindle server, and 2 helper CLI tools from the following links:

• checksum file
• Linux amd64
• MacOS amd64
• Windows 64-bit

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Known Issues/Missing Features

• The stream functionality of the Client is currently disabled due to a missing feature in an upstream library. This means parcels are loaded into memory before they are sent rather than streaming them into a request to the Bindle server. This is only a temporary workaround until a new version of our underlying HTTP client is released
• The standalone bindle implementation does not currently handle tarballs. This will be added in a future release

What's next?

Our next anticipated version is 0.2.0 (although we will cut a 0.2.1 if necessary). Our main focus for 0.2 will be around spec improvements, API refactors, and additional features. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!