Install cargo-binstall

Version updated for cargo-bins/cargo-binstall to version v1.4.1.

  • This publisher is shown as erified by GitHub.
  • This action is used across all versions by 9 repositories.

Go to the GitHub Marketplace to find the latest changes.

Release notes

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

[Reddit] [Bluesky] [Twitter] [Masto]

In this release:

  • Initial support for verifying package signatures! (#1 #1345 #1382 #1383)

    After a lot of discussions, we now support verifying signatures for downloaded files. This release has support for a single algorithm, minisign. We expect to implement more later, and would warmly welcome contributions in this regard.

    With this comes two new options: --only-signed will refuse to install non-signed packages, and --skip-signatures disables the functionality entirely (for testing only!).

    Adding signature support for your package as a first party requires adding to your Cargo.toml: we don’t perform auto-detection of signature schemes at this juncture. Documentation and a guide is available in SIGNING.md.

    The 3rd-party quick-install repository of packages (part of the cargo-bins umbrella organisation) has already implemented signing; if you only want first-party signed packages you should add --disable-strategies quick-install.

  • Binstall’s releases are now signed. (#1347 #1398 #1400)

    We use a just-in-time ephemeral key or “keyless” setup which generates a brand new signing key for every release.

    You can find the public key for each release in a number of places:

    • in the crate’s Cargo.toml metadata (this is where Binstall looks for it)
    • as the minisign.pub file in the packaged source crate (from crates.io)
    • as the minisign.pub file in the downloads below
    • as the minisign.pub file in the .full. variants of the packages below

    Of course, Binstall ^1.4.1 is able to verify its own signature:

    cargo binstall -y --only-signed cargo-binstall

Other changes:

  • The cargo-toml-workspace crate is now independent from binstalk crates (#1386)
  • Bugfix: target was incorrectly detected for glibc <=2.31 (#1376 #1379)