Skip to content

1.0.0-beta5

Pre-release
Pre-release

Choose a tag to compare

View all tags
@sgammon sgammon released this 27 Nov 03:00
· 9 commits to main since this release
1.0.0-beta5
This tag was signed with the committer’s verified signature. The key has expired.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Expired
Verified
Learn about vigilant mode.
bf62ea4
This commit was signed with the committer’s verified signature. The key has expired.
sgammon Sam Gammon
GPG key ID: 1D5903AF4582BCF4
Expired
Verified
Learn about vigilant mode.

Summary

Bugfixes for the local Buildless and Pkgst proxies, and several improvements or other bugfixes in the CLI. Buildless local agent services now leverage Unix domain sockets and native Netty transports where possible, and will not wait for operations to complete before releasing clients.

Tip

All users are encouraged to upgrade to 1.0.0-beta5 or newer, as it includes several critical fixes for known issues present in beta3 and beta4.

Verification

Use the following parameters to verify this release using Sigstore.

Parameter Value Description
certificate-oidc-issuer https://github.com/login/oauth Verifies the releaser's account
certificate-identity sam@elide.ventures Issuer for this release (a GitHub account)

Changelog

  • fix: near cache deadlock with remote service fetch
  • fix: metrics issue with proxied requests/responses
  • fix: buildless rpc domain updated to global.less.build
  • fix: native netty transport
  • fix: unix domain sockets on macOS
  • fix: async (deferred) push to remote
  • fix: compression for pkgst proxy (brotli and gzip)
  • chore: increase default IO threads to prevent pkgst proxy deadlock
  • chore: dependency updates

Installation

One-liner (install and verify):

  • macOS:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.darwin-arm64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.darwin-arm64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.darwin-arm64.sigstore.json \
  && tar -xzf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity sam@elide.ventures \
    --bundle ./buildless.darwin-arm64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.darwin-arm64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`
  • Linux:
echo "Installing Buildless..." \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.linux-amd64.tgz \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.linux-amd64.tgz.sha256 \
  && wget -q https://github.com/buildless/cli/releases/download/1.0.0-beta5/buildless.linux-amd64.sigstore.json \
  && tar -xzf buildless.linux-amd64.tgz \
  && cat buildless.linux-amd64.tgz.sha256 | sha256sum --check --status \
  &&  cosign verify-blob \
    --certificate-oidc-issuer https://github.com/login/oauth \
    --certificate-identity sam@elide.ventures \
    --bundle ./buildless.linux-amd64.sigstore.json \
    buildless \
  && mkdir -p ~/bin \
  && cp -fv buildless ~/bin \
  && chmod +x ~/bin/buildless \
  && export PATH="$PATH:~/bin" \
  && rm -f buildless "buildless.linux-amd64.*" \
  && buildless --help \
  || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted and installed to `~/bin`

Verifying a release

To verify this release, download the binary for your platform and architecture, and the accompanying sha256 and sigstore.json files. For example, on macOS ARM64 (M1-M3), you would download all of:

  • buildless.darwin-arm64.tgz
  • buildless.darwin-arm64.tgz.sha256
  • buildless.darwin-arm64.sigstore.json

Extract the binary:

tar -xzvf buildless.darwin-arm64.tgz

To verify the SHA256 hash:

cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status

This command returns 0 (success) if the checksum matches.

To verify the Sigstore signature:

cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity sam@elide.ventures \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless

# Prints: "Verified OK"

See the table at the top of this release for explanations of each parameter.

All verification steps:

tar -xzvf buildless.darwin-arm64.tgz \
  && cat buildless.darwin-arm64.tgz.sha256 | gsha256sum --check --status \
  &&  cosign verify-blob \
  --certificate-oidc-issuer https://accounts.google.com \
  --certificate-identity sam@elide.ventures \
  --bundle ./buildless.darwin-arm64.sigstore.json \
  buildless || $(echo "Failed to verify Buildless binary; deleting." && rm -fv buildless)

# Prints: "Verified OK", with `buildless` binary extracted

Platform support

Currently available for:

  • macOS M1, M2, M3 (darwin-arm64)
  • Linux X86-64 (linux-amd64)
Assets 23
Loading