Version 0.19.0 (2024-07-11)
Release Notes
This release improves support for corporate networks, fixes a regression in the ssldotcom-windows-sign feature, and lands some more groundwork for future improvements.
System Certificates
When doing network requests, cargo-dist and axoupdater can be configured to look at both the system certificate stores and builtin webpki-roots. Usually the latter is sufficient, but the former may be necessary to when running these tools in some corporate networks.
As of cargo-dist 0.19.0 and axoupdater 0.6.8, all prebuilt binaries of these two tools have both sources enabled, ensuring maximum interoperability and portability.
When building from source (with e.g. cargo install), or using axoupdater as library, we currently default to only using the webpki roots. If you need system certificates to be consulted, they can be enabled in either project with --features=tls_native_roots.
In the future we may just enable system certificates by default. We're being a bit cautious because we've heard some concerns about portability and performance but haven't yet seen them in the wild, at least for the systems we've tested on.
Fixes
- @Gankra fix: update axoasset to fix regression in ssldotcom-windows-sign
- @mistydemeo fix: handle Invoke-Installer errors
- @mistydemeo fix: writeback default install-path to config to prepare for changing the default
Install cargo-dist 0.19.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://axodotdev.artifacts.axodotdev.host/cargo-dist/v0.19.0/cargo-dist-installer.sh | shInstall prebuilt binaries via powershell script
powershell -c "irm https://axodotdev.artifacts.axodotdev.host/cargo-dist/v0.19.0/cargo-dist-installer.ps1 | iex"Install prebuilt binaries via Homebrew
brew install axodotdev/tap/cargo-distDownload cargo-dist 0.19.0
| File | Platform | Checksum |
|---|---|---|
| cargo-dist-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| cargo-dist-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| cargo-dist-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
| cargo-dist-aarch64-unknown-linux-gnu.tar.xz | ARM64 Linux | checksum |
| cargo-dist-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
| cargo-dist-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| cargo-dist-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo axodotdev/cargo-distYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>
