This release includes several new features, including the major introduction of mirrors that installers can fallback to.

Simple hosting (aka mirrors)

This release adds a new hosting method, simple, which supports static file hosting. This allows you to host your artifacts on the hosting provider of your choice so long as it follows a similar URL structure to GitHub Releases hosting. It can also be used alongside GitHub hosting; if you specify more than one hosting provider, the secondary hosting source will be used as a mirror. The priority is determined by the order of the keys in your config. For example, this will use GitHub first and fall back to your static host if GitHub is unavailable:

hosting = ["github", "simple"]
simple-download-url = "https://static.myapp.com/{tag}"

And this will use your static host first and fall back to GitHub if necessary:

hosting = ["simple", "github"]
simple-download-url = "https://static.myapp.com/{tag}"

For more information, see the docs.

Note: currently, dist won't upload artifacts to static hosts; it expects you to handle that, either manually or via writing a custom job.

• impl @Gankra Add "simple" hosting style
• impl @mistydemeo feat(homebrew): mirror support with multi-urls

Disabling npm-shrinkwrap.json for npm installers

Currently, the npm installer includes an npm-shrinkwrap.json to specify the exact versions of its runtime dependencies as used at the time dist was released. Since some users would prefer looser dependency specification, this release provides an option to disable this. For more information, see the docs.

npm-shrinkwrap = false

• impl @mistydemeo feat: option to skip npm-shrinkwrap.json generation

Configurable build directory for generic projects

Until now, generic (non-Rust) project support has assumed that artifacts are always written to the root of the project directory. This path is now configurable using the out-dir setting in your dist.toml. For example, if your project generates a binary named example in a subdirectory called build, you can specify:

binaries = ["example"]
out-dir = "build"

• impl @CatBraaain support out_dir in config

Fixes

• impl @EliteTK + @gankra Reduce risk of an interrupted installation leading to a partial installation

This release includes several new features, including the major introduction of mirrors that installers can fallback to.

Simple hosting (aka mirrors)

This release adds a new hosting method, simple, which supports static file hosting. This allows you to host your artifacts on the hosting provider of your choice so long as it follows a similar URL structure to GitHub Releases hosting. It can also be used alongside GitHub hosting; if you specify more than one hosting provider, the secondary hosting source will be used as a mirror. The priority is determined by the order of the keys in your config. For example, this will use GitHub first and fall back to your static host if GitHub is unavailable:

hosting = ["github", "simple"]
simple-download-url = "https://static.myapp.com/{tag}"

And this will use your static host first and fall back to GitHub if necessary:

hosting = ["simple", "github"]
simple-download-url = "https://static.myapp.com/{tag}"

For more information, see the docs.

Note: currently, dist won't upload artifacts to static hosts; it expects you to handle that, either manually or via writing a custom job.

• impl @Gankra Add "simple" hosting style
• impl @mistydemeo feat(homebrew): mirror support with multi-urls

Disabling npm-shrinkwrap.json for npm installers

Currently, the npm installer includes an npm-shrinkwrap.json to specify the exact versions of its runtime dependencies as used at the time dist was released. Since some users would prefer looser dependency specification, this release provides an option to disable this. For more information, see the docs.

npm-shrinkwrap = false

• impl @mistydemeo feat: option to skip npm-shrinkwrap.json generation

Configurable build directory for generic projects

Until now, generic (non-Rust) project support has assumed that artifacts are always written to the root of the project directory. This path is now configurable using the out-dir setting in your dist.toml. For example, if your project generates a binary named example in a subdirectory called build, you can specify:

binaries = ["example"]
out-dir = "build"

• impl @CatBraaain support out_dir in config

Fixes

• impl @EliteTK + @gankra Reduce risk of an interrupted installation leading to a partial installation

This release contains a few minor bugfixes. It also updates dependencies, including a rimraf upgrade that resolves a CVE in @isaacs/brace-expansion. This vulnerability was not exploitable in the way dist used rimraf.

Fixes

• impl @eegli fix: installer receipt for windows with posix shell
• impl @kazutoiris fix: prevent unintended escaping of multiline run
• impl @20jasper fix: typo in variable name
• impl @OpenSauce chore(actions): bump default github actions

• When customizing when artifacts are attested, you can now use the announce phase.

• Bump default x64 macos runners to macos-15-intel (macos-13 is deprecated)
• In order to avoid overly broad permissions, GitHub attestations permissions scope is moved to the job level.
• Don't run host job if plan fails

• Bump default x64 macos runners to macos-15-intel (macos-13 is deprecated)
• In order to avoid overly broad permissions, GitHub attestations permissions scope is moved to the job level.
• Don't run host job if plan fails

This release contains several improvements to ZIP archives, the installers and additional build workflow customization options.

ZIP archive improvements

Previous versions of dist produced uncompressed ZIP archives which meant that they were much larger than necessary. ZIP archives are now compressed.

• impl @trim21 feat: enable compression on zip

In previous versions, ZIP archives were only suitable for Windows binaries because they didn't preserve executable permissions. ZIP archives now correctly preserve extended Unix permissions.

• impl @mistydemeo fix: preserve Unix permissions in ZIPs

The npm installer previously used the unzip commandline utility to unpack ZIP archives on Windows. This isn't available in all installations, so some users would experience errors at install time. We've improved this by switching to the builtin PowerShell Expand-Archive cmdlet.

• impl @jacobtread
  • fix: windows use powershell to extract zip file
  • fix: platform.includes bug

Additional installer configuration environment variables

dist's installers are configurable using a variety of different environment variables, but in previous versions only some of these would be branded with your app's name. We now provide branded versions of all of the other environment variables as well. The previous unbranded environment variables will continue to work. The new variables are:

• ${APP_NAME}_DOWNLOAD_URL
• ${APP_NAME}_PRINT_QUIET
• ${APP_NAME}_PRINT_VERBOSE

• impl @Gankra
  • make every last INSTALLER_ variable have a branded version
  • support {BRAND}_DOWNLOAD_URL in ps1 installer

This feature previously appeared in version 0.28.7 of Astral's fork.

Shell installer refuses to use Snap-installed curl

The shell installers will now refuse to fetch archives using a copy of curl installed via the Snap package manager for Ubuntu. Snap-installed copies of curl have limitations on their ability to write downloaded files to disk which makes them unsuitable for dist's installers. If a Snap-installed curl is detected, the installer will try to fall back to using another download tool; if no other tool is present, a message will be shown to the user and the installation will abort.

• impl @konstin Avoid snap curl

This feature previously appeared in version 0.28.5 of Astral's fork.

PowerShell installer now supports proxies

The PowerShell installer now respects the HTTPS_PROXY and ANY_PROXY environment variables and uses them to configure a proxy when fetching artifacts. These were already supported by the shell installer.

• impl @zanieb and @zsol Powershell installer: respect HTTPS_PROXY and ANY_PROXY env vars

macOS code signing now supports the --options flag

When using the experimental macOS codesigning feature, users can now specify a value to be passed to the --options flag using the CODESIGN_OPTIONS environment variable.

• impl @jackkleeman Support --options in mac code signing

Linux arm64 GitHub Actions builds now use native arm64 runners by default

In previous versions of dist, we used cross-compilation to build arm64 Linux binaries from an x86_64 host. GitHub now provides free native arm64 runners, so we've switched to using these by default. Users can still use cross-compilation if they prefer by specifying the x86_64 runners using the custom runners feature in the dist config.

GitHub Actions artifact attestations can now be customized

It's now possible to customize exactly which artifacts are attested, and which phase of the build process to perform the attestations in. Currently, customizing which artifacts to attest requires the attestation to happen during the host phase; this restriction may be lifted in the future.

To specify which artifacts to attest, you can use a list of globs; any artifacts matching any of those globs will receive an attestation. For example:

github-attestations-phase = "host"
github-attestations-filters = ["*.json", "*.sh", "*.ps1", "*.zip", "*.tar.gz"]

• impl @samypr100 Add support for attestations in the host phase

This release contains several improvements to ZIP archives, the installers and additional build workflow customization options.

ZIP archive improvements

Previous versions of dist produced uncompressed ZIP archives which meant that they were much larger than necessary. ZIP archives are now compressed.

• impl @trim21 feat: enable compression on zip

In previous versions, ZIP archives were only suitable for Windows binaries because they didn't preserve executable permissions. ZIP archives now correctly preserve extended Unix permissions.

• impl @mistydemeo fix: preserve Unix permissions in ZIPs

The npm installer previously used the unzip commandline utility to unpack ZIP archives on Windows. This isn't available in all installations, so some users would experience errors at install time. We've improved this by switching to the builtin PowerShell Expand-Archive cmdlet.

• impl @jacobtread
  • fix: windows use powershell to extract zip file
  • fix: platform.includes bug

Additional installer configuration environment variables

dist's installers are configurable using a variety of different environment variables, but in previous versions only some of these would be branded with your app's name. We now provide branded versions of all of the other environment variables as well. The previous unbranded environment variables will continue to work. The new variables are:

• ${APP_NAME}_DOWNLOAD_URL
• ${APP_NAME}_PRINT_QUIET
• ${APP_NAME}_PRINT_VERBOSE

• impl @Gankra
  • make every last INSTALLER_ variable have a branded version
  • support {BRAND}_DOWNLOAD_URL in ps1 installer

This feature previously appeared in version 0.28.7 of Astral's fork.

Shell installer refuses to use Snap-installed curl

The shell installers will now refuse to fetch archives using a copy of curl installed via the Snap package manager for Ubuntu. Snap-installed copies of curl have limitations on their ability to write downloaded files to disk which makes them unsuitable for dist's installers. If a Snap-installed curl is detected, the installer will try to fall back to using another download tool; if no other tool is present, a message will be shown to the user and the installation will abort.

• impl @konstin Avoid snap curl

This feature previously appeared in version 0.28.5 of Astral's fork.

PowerShell installer now supports proxies

The PowerShell installer now respects the HTTPS_PROXY and ANY_PROXY environment variables and uses them to configure a proxy when fetching artifacts. These were already supported by the shell installer.

• impl @zanieb and @zsol Powershell installer: respect HTTPS_PROXY and ANY_PROXY env vars

macOS code signing now supports the --options flag

When using the experimental macOS codesigning feature, users can now specify a value to be passed to the --options flag using the CODESIGN_OPTIONS environment variable.

• impl @jackkleeman Support --options in mac code signing

Linux arm64 GitHub Actions builds now use native arm64 runners by default

In previous versions of dist, we used cross-compilation to build arm64 Linux binaries from an x86_64 host. GitHub now provides free native arm64 runners, so we've switched to using these by default. Users can still use cross-compilation if they prefer by specifying the x86_64 runners using the custom runners feature in the dist config.

GitHub Actions artifact attestations can now be customized

It's now possible to customize exactly which artifacts are attested, and which phase of the build process to perform the attestations in. Currently, customizing which artifacts to attest requires the attestation to happen during the host phase; this restriction may be lifted in the future.

To specify which artifacts to attest, you can use a list of globs; any artifacts matching any of those globs will receive an attestation. For example:

github-attestations-phase = "host"
github-attestations-filters = ["*.json", "*.sh", "*.ps1", "*.zip", "*.tar.gz"]

• impl @samypr100 Add support for attestations in the host phase

This release contains several improvements to ZIP archives, the installers and additional build workflow customization options.

ZIP archive improvements

Previous versions of dist produced uncompressed ZIP archives which meant that they were much larger than necessary. ZIP archives are now compressed.

• impl @trim21 feat: enable compression on zip

In previous versions, ZIP archives were only suitable for Windows binaries because they didn't preserve executable permissions. ZIP archives now correctly preserve extended Unix permissions.

• impl @mistydemeo fix: preserve Unix permissions in ZIPs

The npm installer previously used the unzip commandline utility to unpack ZIP archives on Windows. This isn't available in all installations, so some users would experience errors at install time. We've improved this by switching to the builtin PowerShell Expand-Archive cmdlet.

• impl @jacobtread
  • fix: windows use powershell to extract zip file
  • fix: platform.includes bug

Additional installer configuration environment variables

dist's installers are configurable using a variety of different environment variables, but in previous versions only some of these would be branded with your app's name. We now provide branded versions of all of the other environment variables as well. The previous unbranded environment variables will continue to work. The new variables are:

• ${APP_NAME}_DOWNLOAD_URL
• ${APP_NAME}_PRINT_QUIET
• ${APP_NAME}_PRINT_VERBOSE

• impl @Gankra
  • make every last INSTALLER_ variable have a branded version
  • support {BRAND}_DOWNLOAD_URL in ps1 installer

This feature previously appeared in version 0.28.7 of Astral's fork.

Shell installer refuses to use Snap-installed curl

The shell installers will now refuse to fetch archives using a copy of curl installed via the Snap package manager for Ubuntu. Snap-installed copies of curl have limitations on their ability to write downloaded files to disk which makes them unsuitable for dist's installers. If a Snap-installed curl is detected, the installer will try to fall back to using another download tool; if no other tool is present, a message will be shown to the user and the installation will abort.

• impl @konstin Avoid snap curl

This feature previously appeared in version 0.28.5 of Astral's fork.

PowerShell installer now supports proxies

The PowerShell installer now respects the HTTPS_PROXY and ANY_PROXY environment variables and uses them to configure a proxy when fetching artifacts. These were already supported by the shell installer.

• impl @zanieb and @zsol Powershell installer: respect HTTPS_PROXY and ANY_PROXY env vars

macOS code signing now supports the --options flag

When using the experimental macOS codesigning feature, users can now specify a value to be passed to the --options flag using the CODESIGN_OPTIONS environment variable.

• impl @jackkleeman Support --options in mac code signing

Linux arm64 GitHub Actions builds now use native arm64 runners by default

In previous versions of dist, we used cross-compilation to build arm64 Linux binaries from an x86_64 host. GitHub now provides free native arm64 runners, so we've switched to using these by default. Users can still use cross-compilation if they prefer by specifying the x86_64 runners using the custom runners feature in the dist config.

GitHub Actions artifact attestations can now be customized

It's now possible to customize exactly which artifacts are attested, and which phase of the build process to perform the attestations in. Currently, customizing which artifacts to attest requires the attestation to happen during the host phase; this restriction may be lifted in the future.

To specify which artifacts to attest, you can use a list of globs; any artifacts matching any of those globs will receive an attestation. For example:

github-attestations-phase = "host"
github-attestations-filters = ["*.json", "*.sh", "*.ps1", "*.zip", "*.tar.gz"]

• impl @samypr100 Add support for attestations in the host phase

This release contains several improvements to ZIP archives, the installers and additional build workflow customization options.

ZIP archive improvements

Previous versions of dist produced uncompressed ZIP archives which meant that they were much larger than necessary. ZIP archives are now compressed.

• impl @trim21 feat: enable compression on zip

In previous versions, ZIP archives were only suitable for Windows binaries because they didn't preserve executable permissions. ZIP archives now correctly preserve extended Unix permissions.

• impl @mistydemeo fix: preserve Unix permissions in ZIPs

The npm installer previously used the unzip commandline utility to unpack ZIP archives on Windows. This isn't available in all installations, so some users would experience errors at install time. We've improved this by switching to the builtin PowerShell Expand-Archive cmdlet.

• impl @jacobtread
  • fix: windows use powershell to extract zip file
  • fix: platform.includes bug

Additional installer configuration environment variables

dist's installers are configurable using a variety of different environment variables, but in previous versions only some of these would be branded with your app's name. We now provide branded versions of all of the other environment variables as well. The previous unbranded environment variables will continue to work. The new variables are:

• ${APP_NAME}_DOWNLOAD_URL
• ${APP_NAME}_PRINT_QUIET
• ${APP_NAME}_PRINT_VERBOSE

• impl @Gankra
  • make every last INSTALLER_ variable have a branded version
  • support {BRAND}_DOWNLOAD_URL in ps1 installer

This feature previously appeared in version 0.28.7 of Astral's fork.

Shell installer refuses to use Snap-installed curl

The shell installers will now refuse to fetch archives using a copy of curl installed via the Snap package manager for Ubuntu. Snap-installed copies of curl have limitations on their ability to write downloaded files to disk which makes them unsuitable for dist's installers. If a Snap-installed curl is detected, the installer will try to fall back to using another download tool; if no other tool is present, a message will be shown to the user and the installation will abort.

• impl @konstin Avoid snap curl

This feature previously appeared in version 0.28.5 of Astral's fork.

PowerShell installer now supports proxies

The PowerShell installer now respects the HTTPS_PROXY and ANY_PROXY environment variables and uses them to configure a proxy when fetching artifacts. These were already supported by the shell installer.

• impl @zanieb and @zsol Powershell installer: respect HTTPS_PROXY and ANY_PROXY env vars

macOS code signing now supports the --options flag

When using the experimental macOS codesigning feature, users can now specify a value to be passed to the --options flag using the CODESIGN_OPTIONS environment variable.

• impl @jackkleeman Support --options in mac code signing

Linux arm64 GitHub Actions builds now use native arm64 runners by default

In previous versions of dist, we used cross-compilation to build arm64 Linux binaries from an x86_64 host. GitHub now provides free native arm64 runners, so we've switched to using these by default. Users can still use cross-compilation if they prefer by specifying the x86_64 runners using the custom runners feature in the dist config.

GitHub Actions artifact attestations can now be customized

It's now possible to customize exactly which artifacts are attested, and which phase of the build process to perform the attestations in. Currently, customizing which artifacts to attest requires the attestation to happen during the host phase; this restriction may be lifted in the future.

To specify which artifacts to attest, you can use a list of globs; any artifacts matching any of those globs will receive an attestation. For example:

github-attestations-phase = "host"
github-attestations-filters = ["*.json", "*.sh", "*.ps1", "*.zip", "*.tar.gz"]

• impl @samypr100 Add support for attestations in the host phase

This release contains several improvements to ZIP archives, the installers and additional build workflow customization options.

ZIP archive improvements

Previous versions of dist produced uncompressed ZIP archives which meant that they were much larger than necessary. ZIP archives are now compressed.

• impl @trim21 feat: enable compression on zip

In previous versions, ZIP archives were only suitable for Windows binaries because they didn't preserve executable permissions. ZIP archives now correctly preserve extended Unix permissions.

• impl @mistydemeo fix: preserve Unix permissions in ZIPs

The npm installer previously used the unzip commandline utility to unpack ZIP archives on Windows. This isn't available in all installations, so some users would experience errors at install time. We've improved this by switching to the builtin PowerShell Expand-Archive cmdlet.

• impl @jacobtread
  • fix: windows use powershell to extract zip file
  • fix: platform.includes bug

Additional installer configuration environment variables

dist's installers are configurable using a variety of different environment variables, but in previous versions only some of these would be branded with your app's name. We now provide branded versions of all of the other environment variables as well. The previous unbranded environment variables will continue to work. The new variables are:

• ${APP_NAME}_DOWNLOAD_URL
• ${APP_NAME}_PRINT_QUIET
• ${APP_NAME}_PRINT_VERBOSE

• impl @Gankra
  • make every last INSTALLER_ variable have a branded version
  • support {BRAND}_DOWNLOAD_URL in ps1 installer

This feature previously appeared in version 0.28.7 of Astral's fork.

Shell installer refuses to use Snap-installed curl

The shell installers will now refuse to fetch archives using a copy of curl installed via the Snap package manager for Ubuntu. Snap-installed copies of curl have limitations on their ability to write downloaded files to disk which makes them unsuitable for dist's installers. If a Snap-installed curl is detected, the installer will try to fall back to using another download tool; if no other tool is present, a message will be shown to the user and the installation will abort.

• impl @konstin Avoid snap curl

This feature previously appeared in version 0.28.5 of Astral's fork.

PowerShell installer now supports proxies

The PowerShell installer now respects the HTTPS_PROXY and ANY_PROXY environment variables and uses them to configure a proxy when fetching artifacts. These were already supported by the shell installer.

• impl @zanieb and @zsol Powershell installer: respect HTTPS_PROXY and ANY_PROXY env vars

macOS code signing now supports the --options flag

When using the experimental macOS codesigning feature, users can now specify a value to be passed to the --options flag using the CODESIGN_OPTIONS environment variable.

• impl @jackkleeman Support --options in mac code signing

Linux arm64 GitHub Actions builds now use native arm64 runners by default

In previous versions of dist, we used cross-compilation to build arm64 Linux binaries from an x86_64 host. GitHub now provides free native arm64 runners, so we've switched to using these by default. Users can still use cross-compilation if they prefer by specifying the x86_64 runners using the custom runners feature in the dist config.

GitHub Actions artifact attestations can now be customized

It's now possible to customize exactly which artifacts are attested, and which phase of the build process to perform the attestations in. Currently, customizing which artifacts to attest requires the attestation to happen during the host phase; this restriction may be lifted in the future.

To specify which artifacts to attest, you can use a list of globs; any artifacts matching any of those globs will receive an attestation. For example:

github-attestations-phase = "host"
github-attestations-filters = ["*.json", "*.sh", "*.ps1", "*.zip", "*.tar.gz"]

• impl @samypr100 Add support for attestations in the host phase

This is a big release! 0.29.0 includes all of the new features from Astral's fork of dist along with some new bugfixes. It also removes support for Axo Releases.

Pinning GitHub Actions to commits

By default, dist uses Actions via floating versioned tags such as actions/checkout@v4. Users with specific security requirements may instead want to pin these to specific commits so that they know exactly which version will be run. This release provides configuration to allow users to specify which commit to use for a given action. For more information, see the docs.

• impl @Gankra feat: add github-action-commits config

Recursive source tarballs, including the contents of submodules

While we've had support for source tarballs since 0.5.0, those tarballs have been limited to the contents of the base repository and didn't contain the contents of submodules. (This is a limitation of the git archive tool that we use to generate them.) This release adds support for recursive tarballs that include the contents of submodules as well. This feature is opt-in and can be enabled with the recursive-tarballs = true setting. For more information, see the docs.

• impl @Gankra feat: add recursive-tarballs

Support cross-compiling from Windows to Windows

In previous versions, dist would refuse to cross-compile from one Windows architecture to another. This release fixes that and allows the build to be attempted. We still default to cross-compiling via cargo-xwin; users who would like to try this will need to configure their builds to use a Windows runner. For example:

[dist.github-custom-runners.aarch64-pc-windows-msvc]
runner = "windows-2025"

• impl @baszalmstra fix: allow cross compiling from windows to windows

Installer improvements

We've improved compatibility for the shell installer by bringing in newer changes from the Rustup installer it was originally based on. We've also improved compatibility with Linux distributions that don't use the $HOME environment variable.

• impl @Gankra feat: improve installer.sh with changes from rustup
• impl @konstin feat: support Linux distros that don't set HOME

BYO GitHub bearer token for installers

In addition to the above, we now allow users to bring their own GitHub token to be used when fetching tarballs from GitHub. This is useful for users who are often rate-limited when downloading artifacts or who need to fetch artifacts from private repositories. Like our other environment variables, this is branded with your application's name in the format {APP_NAME}_GITHUB_TOKEN. This environment variable is supported in both the shell and PowerShell installers. For more information, see the docs.

• impl @Gankra feat: add {APP_NAME}_GITHUB_TOKEN install env-var

Reduce unnecessary credentials persistence in Actions config

This release includes some tweaks to generated Actions config in order to reduce the risk of accidentally persisting credentials longer in the run than necessary. This is always enabled and doesn't require configuration to opt into.

• impl @Gankra feat: add persist-credentials: false to checkouts

Allow overriding binaries per-platform

It's now possible to override the set of binaries to install on a per-platform basis. For example, a project with three binaries may choose to only install two of them on Windows, or may choose to provide an extra binary on other platforms. For more information, see the docs.

• impl @Gankra feat: allow overriding per-platform binaries

New setting for overriding packages to dist

A new top-level option, packages, allows specifying a list of exactly which packages should be disted. This overrides any individual dist = true or dist = false set in individual packages, and can be easier to reason about. For more information, see the docs.

• impl @Gankra feat: add packages override for externally setting dist=true/false

Overriding package versions

The new top-level version option overrides the individually-configuredversions for every package and instead causes dist to assume every package has the specified version. For more information, see the docs.

• impl @Gankra feat: add workspace.version override

Fixes

• impl @mistydemeo
  • fix: mark homebrew with persist-credentials
  • fix: don't write unified checksum with no checksums
• impl @cibyr fix(axoproject): allow building without generic-projects

This is a big release! 0.29.0 includes all of the new features from Astral's fork of dist along with some new bugfixes. It also removes support for Axo Releases.

Pinning GitHub Actions to commits

By default, dist uses Actions via floating versioned tags such as actions/checkout@v4. Users with specific security requirements may instead want to pin these to specific commits so that they know exactly which version will be run. This release provides configuration to allow users to specify which commit to use for a given action. For more information, see the docs.

• impl @Gankra feat: add github-action-commits config

Recursive source tarballs, including the contents of submodules

While we've had support for source tarballs since 0.5.0, those tarballs have been limited to the contents of the base repository and didn't contain the contents of submodules. (This is a limitation of the git archive tool that we use to generate them.) This release adds support for recursive tarballs that include the contents of submodules as well. This feature is opt-in and can be enabled with the recursive-tarballs = true setting. For more information, see the docs.

• impl @Gankra feat: add recursive-tarballs

Support cross-compiling from Windows to Windows

In previous versions, dist would refuse to cross-compile from one Windows architecture to another. This release fixes that and allows the build to be attempted. We still default to cross-compiling via cargo-xwin; users who would like to try this will need to configure their builds to use a Windows runner. For example:

[dist.github-custom-runners.aarch64-pc-windows-msvc]
runner = "windows-2025"

• impl @baszalmstra fix: allow cross compiling from windows to windows

Installer improvements

We've improved compatibility for the shell installer by bringing in newer changes from the Rustup installer it was originally based on. We've also improved compatibility with Linux distributions that don't use the $HOME environment variable.

• impl @Gankra feat: improve installer.sh with changes from rustup
• impl @konstin feat: support Linux distros that don't set HOME

BYO GitHub bearer token for installers

In addition to the above, we now allow users to bring their own GitHub token to be used when fetching tarballs from GitHub. This is useful for users who are often rate-limited when downloading artifacts or who need to fetch artifacts from private repositories. Like our other environment variables, this is branded with your application's name in the format {APP_NAME}_GITHUB_TOKEN. This environment variable is supported in both the shell and PowerShell installers. For more information, see the docs.

• impl @Gankra feat: add {APP_NAME}_GITHUB_TOKEN install env-var

Reduce unnecessary credentials persistence in Actions config

This release includes some tweaks to generated Actions config in order to reduce the risk of accidentally persisting credentials longer in the run than necessary. This is always enabled and doesn't require configuration to opt into.

• impl @Gankra feat: add persist-credentials: false to checkouts

Allow overriding binaries per-platform

It's now possible to override the set of binaries to install on a per-platform basis. For example, a project with three binaries may choose to only install two of them on Windows, or may choose to provide an extra binary on other platforms. For more information, see the docs.

• impl @Gankra feat: allow overriding per-platform binaries

New setting for overriding packages to dist

A new top-level option, packages, allows specifying a list of exactly which packages should be disted. This overrides any individual dist = true or dist = false set in individual packages, and can be easier to reason about. For more information, see the docs.

• impl @Gankra feat: add packages override for externally setting dist=true/false

Overriding package versions

The new top-level version option overrides the individually-configuredversions for every package and instead causes dist to assume every package has the specified version. For more information, see the docs.

• impl @Gankra feat: add workspace.version override

Fixes

• impl @mistydemeo
  • fix: mark homebrew with persist-credentials
  • fix: don't write unified checksum with no checksums
• impl @cibyr fix(axoproject): allow building without generic-projects

This release updates dependencies and contains no substantive code changes.

This release updates dependencies and contains no substantive code changes.

This release updates dependencies and contains no substantive code changes.

This release contains several important bugfixes. This primarily ensures that GitHub Actions builds work again, but there are also several fixes for minor configuration issues and updates to the runtime dependencies for the npm installer.

Fixes

• impl @mistydemeo
  • Bump Rust version to 1.87.0
  • feat: synchronize runners with github
  • fix: use --locked for from-git installs
• impl @Lee-W feat: update ubuntu version from 20.04 to 22.04
• impl @jackkleeman Support publishing prereleases even if there are only custom publish jobs
• impl @geofft fix: Do not report shadowed binaries when no binary exists
• impl @rdbisme Fix typo for installer base url override
• impl @CramBL fix ignored configuration key 'msvc-crt-static'
• impl @gtema update version of github provenance action

This release contains several important bugfixes. This primarily ensures that GitHub Actions builds work again, but there are also several fixes for minor configuration issues and updates to the runtime dependencies for the npm installer.

Fixes

• impl @mistydemeo
  • Bump Rust version to 1.87.0
  • feat: synchronize runners with github
  • fix: use --locked for from-git installs
• impl @Lee-W feat: update ubuntu version from 20.04 to 22.04
• impl @jackkleeman Support publishing prereleases even if there are only custom publish jobs
• impl @geofft fix: Do not report shadowed binaries when no binary exists
• impl @rdbisme Fix typo for installer base url override
• impl @CramBL fix ignored configuration key 'msvc-crt-static'
• impl @gtema update version of github provenance action

This release contains several important bugfixes. This primarily ensures that GitHub Actions builds work again, but there are also several fixes for minor configuration issues and updates to the runtime dependencies for the npm installer.

Fixes

• impl @mistydemeo
  • Bump Rust version to 1.87.0
  • feat: synchronize runners with github
  • fix: use --locked for from-git installs
• impl @Lee-W feat: update ubuntu version from 20.04 to 22.04
• impl @jackkleeman Support publishing prereleases even if there are only custom publish jobs
• impl @geofft fix: Do not report shadowed binaries when no binary exists
• impl @rdbisme Fix typo for installer base url override
• impl @CramBL fix ignored configuration key 'msvc-crt-static'
• impl @gtema update version of github provenance action

This release contains several important bugfixes. This primarily ensures that GitHub Actions builds work again, but there are also several fixes for minor configuration issues and updates to the runtime dependencies for the npm installer.

Fixes

• impl @mistydemeo
  • Bump Rust version to 1.87.0
  • feat: synchronize runners with github
  • fix: use --locked for from-git installs
• impl @Lee-W feat: update ubuntu version from 20.04 to 22.04
• impl @jackkleeman Support publishing prereleases even if there are only custom publish jobs
• impl @geofft fix: Do not report shadowed binaries when no binary exists
• impl @rdbisme Fix typo for installer base url override
• impl @CramBL fix ignored configuration key 'msvc-crt-static'
• impl @gtema update version of github provenance action

This release contains several important bugfixes. This primarily ensures that GitHub Actions builds work again, but there are also several fixes for minor configuration issues and updates to the runtime dependencies for the npm installer.

Fixes

• impl @mistydemeo
  • Bump Rust version to 1.87.0
  • feat: synchronize runners with github
  • fix: use --locked for from-git installs
• impl @Lee-W feat: update ubuntu version from 20.04 to 22.04
• impl @jackkleeman Support publishing prereleases even if there are only custom publish jobs
• impl @geofft fix: Do not report shadowed binaries when no binary exists
• impl @rdbisme Fix typo for installer base url override
• impl @CramBL fix ignored configuration key 'msvc-crt-static'
• impl @gtema update version of github provenance action