add xz, verify_signature, vendored openssl, update strategy, release-notes url, and tag prefix#192
Merged
Merged
Conversation
…ndored - `compression-tar-xz` feature decodes `.tar.xz` / `.txz` / plain `.xz` via pure-Rust `lzma-rs` (no C `liblzma`); adds `Compression::Xz`. Replaces the `Either` archive reader with an `ArchiveReader` codec enum and drops the `either` dependency. A recognized-but-unsupported compression extension now fails with `Error::CompressionNotEnabled` instead of installing the still compressed bytes as the binary (#143). - `self_update::verify_signature(impl AsRef<Path>, &[VerifyingKey])`: run the embedded-signature check standalone, for a caller that stages a download itself. Re-exported at the crate root under `signatures` (#150). - `native-tls-vendored` feature: build OpenSSL from source and link it statically; implies `native-tls`, applies to the reqwest client (#108).
- `UpdateStrategy` (`Compatible` default / `Latest`) and the `update_strategy(..)` builder setter control which release the unpinned path installs. `Compatible` prefers the newest semver-compatible release, falling back to the newest overall; `Latest` always installs the newest release, across a major bump. Threaded through `choose_latest_release` and both orchestrators (#152). - `Release::release_notes_url()` and `ReleaseBuilder::release_notes_url(..)`: the release page URL, filled by github/gitea from `html_url` and gitlab from `_links.self`; `None` for s3. The `show_release_notes(bool)` builder setter shows it (or the release body when no URL) in the confirmation prompt (#148).
Add a `tag_prefix(..)` setter to the github/gitlab/gitea `Update` builders for deriving a version from a monorepo-style tag such as `myapp-1.2.3` (or `myapp-v1.2.3`). Unset (the default) trims a leading `v` as before; when set, the prefix and any inner `v` are stripped and tags without the prefix are skipped from the listing instead of being mis-parsed. The tag-to-version derivation moves to `backends::common::strip_tag_prefix`, threaded through each forge's listing/single-fetch plans alongside the existing `stop_at`. The setter is forge-only (s3 parses versions from object keys; the custom backend supplies its own releases). (#76)
- Box `ArchiveReader::Gz`: an unboxed `GzDecoder` tripped `clippy::large_enum_variant` under `-D warnings`. - Drop an unnecessary `to_path_buf` in the public `verify_signature` test. - Add `compression-tar-xz` to the Makefile `ARCHIVE_FEATURES` so the ci clippy and test lanes exercise it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses a batch of open feature requests ahead of 1.0. Every change is additive and non-breaking.
Changes
compression-tar-xzfeature decodes.tar.xz/.txz/ plain.xzvia pure-Rustlzma-rs(no Cliblzma, so it cross-compiles like the rest of the default stack). AddsCompression::Xz. A recognized-but-unsupported compression extension now fails withError::CompressionNotEnabledinstead of installing the still-compressed bytes as the binary. (Support for xz archive? #143)self_update::verify_signature(impl AsRef<Path>, &[VerifyingKey]): run the embedded-signature check standalone, for a caller that stages a download itself (signaturesfeature). (Expose verify_signature to allow verifying outside of the update call #150)native-tls-vendored: build OpenSSL from source and link it statically; impliesnative-tls, applies to the reqwest client. (Feature request: Feature for using vendored OpenSSL #108)UpdateStrategy(Compatibledefault /Latest) and theupdate_strategy(..)setter: control which release the unpinned path installs.Latestjumps to the newest release across a major bump;Compatibleprefers the newest semver-compatible one. (Feat: support updating to latest incompatible release #152)Release::release_notes_url()/ReleaseBuilder::release_notes_url(..)(filled fromhtml_url, gitlab_links.self;Nonefor s3) and ashow_release_notes(bool)setter that shows it (or the body) in the confirmation prompt. (Add option to show a link to the release notes #148)tag_prefix(..)on the github/gitlab/giteaUpdatebuilders for monorepo-style tags likemyapp-1.2.3. Default trims a leadingvas before; when set, non-matching tags are skipped instead of mis-parsed. Forge-only (s3 parses versions from object keys; the custom backend supplies its own releases). (Make release prefix configurable #76)Notes
0.1.2-betaread as0.1.2) is confirmed as an s3-only issue: the s3 asset-key regex captures\d+\.\d+\.\d+and cannot disambiguate a pre-release segment from the target triple in a flat key (both use-). The forge backends are unaffected (they parse the whole tag as semver). The intended fix is a user-supplied version-extraction pattern on the s3 builder; tracked separately.Each change ships with tests, CHANGELOG and spec updates, and a regenerated README. Validated across the default, all-features, and ureq lanes (clippy clean, fmt applied).