gofix/portal-tunnel-rs
1
0
Fork 0
Code Issues Pull requests Projects Releases 11 Packages 1 Wiki Activity Actions
11 releases 27 tags
  • v2.3.1+rs.1 3ba4efaadd

    portal-tunnel-rs v2.3.1+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 2m57s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m6s
    Details
    Stable

    ada released this 2026-06-06 06:45:05 +00:00 | 1 commits to master since this release

    Upstream Target

    • Upstream: gosuda/portal-tunnel v2.3.1 (594497de27f79c4ab856f284c542f767ce498bb7).
    • Rust tag: v2.3.1+rs.1.
    • OCI image: code.rly.best/gofix/portal-tunnel-rs:v2.3.1-rs.1.
    • OCI digest: code.rly.best/gofix/portal-tunnel-rs@sha256:37a7a39838befc34b79d2aedc698e691aa8dc4fd9693791750d9c4891eec7bff.

    What Changed

    • Retargeted workspace metadata, docs, fixtures, and smoke harness defaults from upstream v2.3.0 to v2.3.1.
    • Added upstream v2.3.1 admin bearer-token login/status compatibility while preserving existing wallet admin auth.
    • Matched the upstream five-minute keyless request clock-skew window.
    • Added /sdk/domain X402 pay_to shape compatibility and fail-fast handling for the new X402_ENABLED configuration names.
    • Ported the upstream installer script updates relevant to this relay package.

    Interop Window

    • Axis A: official upstream portal v2.3.1 client to this Rust relay, with retained relay-server compatibility coverage documented in docs/unsupported-features.md.
    • Axis B: Rust relay interop with upstream Go v2.3.1 relay shapes and explicit multi-hop chains; v2.1.8/v2.1.9 hop-route signature acceptance remains for compatibility.

    Verification

    • PR CI run #119: success.
    • Target branch CI run #120: success.
    • Dev tag v2.3.1+rs.1-dev.1 / image v2.3.1-rs.1-dev.1: CI run #121 success and live direct + multi-hop verification passed.
    • Production tag v2.3.1+rs.1 / image v2.3.1-rs.1: CI run #122 success and registry tag confirmed.
    • Production relay /healthz and /sdk/domain report v2.3.1+rs.1 locally and publicly.
    • Official arm64 portal CLI v2.3.1 asset was sha256-verified, installed, and active production expose services were restarted and checked.
    • Final production direct HTTP and multi-hop HTTP smoke tests passed.
    Downloads
  • v2.3.0+rs.1 b79f00bf75

    portal-tunnel-rs v2.3.0+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 43s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m15s
    Details
    Stable

    gofix released this 2026-06-01 06:20:31 +00:00 | 2 commits to master since this release

    Retargets portal-tunnel-rs to upstream gosuda/portal-tunnel v2.3.0 (fbb3c671703e14e77823ebb66704801576802030).

    Changes:

    • Bumps tunnel/discovery protocol compatibility to 8 and reported release to v2.3.0+rs.1.
    • Adds upstream v2.3.0 /api/* relay API routing aliases while retaining existing legacy operator paths.
    • Supports the v2.3.0 official client /sdk/connect raw-upgrade reverse-session handshake.
    • Refreshes fixtures, docs, and release smoke defaults for v2.3.0.

    Image:

    • code.rly.best/gofix/portal-tunnel-rs:v2.3.0-rs.1
    • digest sha256:fea2d4a06083baf2fc4d39ad6f4f097c5f25b9e972b26bde43c9cbb6e6b5b557

    Compatibility:

    • Official upstream portal client target: v2.3.0.
    • Documented relay compatibility surface remains in docs/unsupported-features.md; legacy v2.1.8/v2.1.9 hop-route signature compatibility is retained.
    • Verified release gates included Rust CI, Go/Rust API-shape comparison, Go-issued JWT verification, official v2.3.0 HTTP/lifecycle/TCP/UDP smokes, live production direct HTTP smoke, and live production multi-hop smoke with rly.best in the hop chain.

    Deployment:

    • Production relay updated to this image.
    • Long-running production official portal CLI clients were upgraded to upstream v2.3.0 and their exposed services restarted/re-attached.
    Downloads
  • v2.2.5+rs.1 2639d353ab

    portal-tunnel-rs v2.2.5+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 40s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m36s
    Details
    Stable

    ada released this 2026-06-01 01:05:36 +00:00 | 3 commits to master since this release

    Summary

    Retargets portal-tunnel-rs to upstream portal-tunnel v2.2.5 and publishes the first Rust relay build for this upstream target.

    Changes

    • Retargeted workspace/release metadata and compatibility defaults to upstream v2.2.5.
    • Hardened relay identity directory setup for non-root containers with pre-owned bind mounts.
    • Installed the rustls ring crypto provider explicitly at startup to avoid rustls 0.23 provider-selection panic when both ring and aws-lc-rs are present in the dependency graph.

    Verification

    • PR CI passed:
      • #75 retarget: pull_request #105, post-merge #106
      • #76 identity directory hardening: pull_request #108, post-merge #109
      • #77 rustls provider fix: pull_request #111, post-merge #112
    • Dev deploy trail:
      • v2.2.5+rs.1-dev.1: image built, live gate failed on non-root chmod.
      • v2.2.5+rs.1-dev.2: image built, live gate advanced to rustls CryptoProvider panic.
      • v2.2.5+rs.1-dev.3: image built from the same revision as this release and live-verified.
    • Verified dev image:
      • Git tag: v2.2.5+rs.1-dev.3
      • Revision: 2639d353abdff3baecfbdd9f3d635a672405309d
      • Image: code.rly.best/gofix/portal-tunnel-rs:v2.2.5-rs.1-dev.3
      • Live relay reported release_version = v2.2.5+rs.1-dev.3.
      • Official upstream v2.2.5 CLI HTTP smoke passed against the live relay SNI path.

    Production artifact

    • Git tag: v2.2.5+rs.1
    • Revision: 2639d353abdff3baecfbdd9f3d635a672405309d
    • Image: code.rly.best/gofix/portal-tunnel-rs:v2.2.5-rs.1
    • Digest: sha256:1139c43540f6f7127b34f5122f1cfe3c02a50ef68825b3bf7c9983eb68d613b5

    Deployment

    • Deployed production image to the live relay.
    • Sanity check passed: /healthz is OK and /sdk/domain reports release_version = v2.2.5+rs.1 with protocol version 7.

    Compatibility

    • Upstream target: portal-tunnel v2.2.5.
    • Live verification covered the supported HTTP expose path with the official v2.2.5 client. TCP/UDP are disabled in the current live environment configuration and were not exercised in production sanity.
    Downloads
  • v2.2.4+rs.1 186b221454

    portal-tunnel-rs v2.2.4+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 1m9s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m30s
    Details
    Stable

    ada released this 2026-05-28 10:57:51 +00:00 | 6 commits to master since this release

    Summary

    • Retarget the Rust relay compatibility baseline to upstream gosuda/portal-tunnel v2.2.4.
    • Add the upstream x402 status object to /sdk/domain with enabled=false for the Rust relay.
    • Add startup guards for unsupported relay-local X402 facilitator mode and unsupported Njalla ACME DNS configuration.
    • Refresh fixtures, smoke defaults, docs, and version metadata for the v2.2.4 target.

    Compatibility

    • Upstream target: v2.2.4.
    • Interop window remains documented in docs/unsupported-features.md.
    • Relay reports release_version=v2.2.4+rs.1 on /sdk/domain.
    • Production image: code.rly.best/gofix/portal-tunnel-rs:v2.2.4-rs.1.
    • Production manifest digest: sha256:b05fa61d8772ecc7b50af54315b3743ae8e7953124c8b240e0a7dac3f4ea451a.

    Validation

    • PR #74 merged after required Forgejo Rust CI passed.
    • master push CI passed before tagging.
    • Tagged dev deploy: v2.2.4+rs.1-dev.1 / image v2.2.4-rs.1-dev.1.
    • Dev image workflow passed; manifest digest sha256:137e55fb30fa41ad0f926662e263b1e0b43b1778a3b8798844c6019217ea00bf.
    • Dev relay live verification passed for local/public /sdk/domain, official v2.2.4 direct HTTP, and official v2.2.4 explicit multi-hop with rly.best as middle hop.
    • Production image workflow passed and the production relay was switched to v2.2.4-rs.1.
    • Production direct HTTP and explicit multi-hop official-client smokes passed.
    • Active long-running production portal expose clients were upgraded to official CLI v2.2.4, restarted, and their rly.best endpoints returned expected status codes.
    • rust-relay-multihop-* validation fixtures were refreshed to official CLI v2.2.4 and returned HTTP 200.
    Downloads
  • v2.2.3+rs.2 317c4a830c

    v2.2.3+rs.2
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 42s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m2s
    Details
    Stable

    ada released this 2026-05-21 13:53:40 +00:00 | 7 commits to master since this release

    Summary

    • Fix Rust relay routing for Chrome/ECH ClientHello paths where the browser connects with the ECH public name as the outer SNI.
    • Match upstream Go relay behavior by routing ECH outer SNI through the lease registry instead of closing the TLS connection.
    • Keep DNS HTTPS/TYPE65 ECH records synchronized through the Cloudflare-backed production relay configuration.

    Validation

    • cargo fmt --check
    • cargo test --locked
    • cargo clippy --locked --all-targets -- -D warnings
    • Dev relay verification on v2.2.3+rs.2-dev.1
    • Production relay deployed image code.rly.best/gofix/portal-tunnel-rs:v2.2.3-rs.2
    • Production /sdk/domain reports release_version=v2.2.3+rs.2
    • Production *.rly.best endpoints checked after reattaching expose services
    • DNS HTTPS/TYPE65 ECH records refreshed for public rly.best services

    Deployment

    • Upstream target: v2.2.3
    • Rust release counter: rs.2
    • Image: code.rly.best/gofix/portal-tunnel-rs:v2.2.3-rs.2
    Downloads
  • v2.2.3+rs.1 769a1dd53a

    portal-tunnel-rs v2.2.3+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 57s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m48s
    Details
    Stable

    ada released this 2026-05-20 04:01:28 +00:00 | 8 commits to master since this release

    portal-tunnel-rs v2.2.3+rs.1

    Compatibility update for upstream portal v2.2.3.

    This release updates portal-tunnel-rs for the upstream portal v2.2.3 compatibility surface. There are no behavior, configuration, or protocol changes in this release. Protocol version remains 7.

    Compatibility

    • Upstream portal: v2.2.3
    • Protocol version: 7
    • Scope: relay-server compatibility update for the existing v2.2.x relay surface

    Changed

    • Updated relay-server compatibility metadata and fixtures for upstream portal v2.2.3.
    • Updated unsupported-feature documentation for the v2.2.3 compatibility surface.

    Upgrade notes

    • Breaking changes: none known
    • Configuration changes: none
    • Migration required: none
    • Existing deployments can upgrade by replacing the image tag and restarting the relay server.

    Artifacts

    Image:
code.rly.best/gofix/portal-tunnel-rs:v2.2.3-rs.1

Git tag:
v2.2.3+rs.1

Source revision:
769a1dd53ae2b6806c0b6687fab10392ed826979
    Downloads
  • v2.2.2+rs.2 a96d959f33

    portal-tunnel-rs v2.2.2+rs.2
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 53s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m13s
    Details
    Stable

    ada released this 2026-05-16 07:34:52 +00:00 | 9 commits to master since this release

    portal-tunnel-rs v2.2.2+rs.2

    Port patch on the v2.2.2 upstream target.

    Changed

    • Hardened relay HopMux outbound session handling under peer churn.
    • Finished outbound sessions are pruned before reuse/open, preventing stale peers from accumulating after disconnects.
    • Documented the development self-merge policy and the remaining multi-hop hardening scope.

    Compatibility

    • Upstream target: portal v2.2.2.
    • Protocol version: 7.
    • Interop window preserved: current documented v2.2.2 relay surface plus existing v2.1.8/v2.1.9 hop-route/multi-hop compatibility where documented.
    • Scope remains relay-server only; official upstream portal CLI remains the supported production client.

    Artifacts

    Validation

    • Dev gate:

      • Tagged dev deploy: v2.2.2+rs.2-dev.1
      • Dev image: code.rly.best/gofix/portal-tunnel-rs:v2.2.2-rs.2-dev.1
      • Deployed dev image reported release_version=v2.2.2+rs.2-dev.1 on /sdk/domain.
      • Official portal v2.2.2 direct HTTP smoke passed through rly.best.
      • Official portal v2.2.2 explicit multi-hop smoke passed with rly.best as the middle relay.
      • Production expose services were re-attached after the relay switch and public endpoints were verified.

    • Promotion:

      • Production image build succeeded and registry tag was verified.
      • Production relay reports protocol_version=7 and release_version=v2.2.2+rs.2.
      • https://rly.best/healthz and https://rly.best/sdk/domain passed.
      • Post-promotion direct and multi-hop official-client smokes passed.
      • Public production endpoints were re-attached and verified.

    Operational notes

    • Existing relay identity/certificate state was preserved across the dev and production container switches.
    • Previous relay containers were kept as timestamped rollback backups on the deployment host.
    • The object-storage endpoint returns HTTP 403 for unauthenticated root access; this was treated as a successful connectivity check rather than an app failure.
    Downloads
  • v2.2.1+rs.1 03af76ce18

    v2.2.1+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (pull_request) Successful in 1m35s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m2s
    Details
    Stable

    gofix released this 2026-05-09 12:16:39 +00:00 | 13 commits to master since this release

    First Rust port build retargeted at upstream portal-tunnel v2.2.1. This remains scoped to the relay-server replacement surface.

    Highlights

    • Retarget relay compatibility to upstream v2.2.1, including the v2.2.1 ECH route hostname, hostname-hash, register challenge, and hop-route wire shapes.
    • Match the upstream v2.2.1 default two-minute lease TTL behavior while keeping renewal/unregister lifecycle compatibility.
    • Promote cold-start ECH DNS state so existing active records can be surfaced correctly after relay restart.
    • Keep compatibility with v2.1.8/v2.1.9 hop-route signatures for existing multi-hop interop paths.
    • Refresh official upstream client smoke scripts and API/JWT shape checks to use v2.2.1 assets by default.

    Container image

    docker pull code.rly.best/gofix/portal-tunnel-rs:v2.2.1-rs.1

    The git tag is v2.2.1+rs.1; the OCI image tag substitutes + with - because OCI tags do not allow +. Published images are linux/arm64 only.

    Compatibility

    Validated against the official upstream portal v2.2.1 client surface for relay basics, service discovery, HTTP SNI passthrough, lifecycle, JWT verification, raw TCP, UDP, selected API/discovery response shapes, and explicit multi-hop interop.

    Client CLI/SDK and other non-relay components remain out of scope. See docs/unsupported-features.md for the support matrix.

    Verification

    The release commit passed the repository Linux Docker CI path:

    scripts/dev-rust-ci.sh

    That runs cargo fmt --check, cargo test --locked, and cargo clippy --locked --all-targets -- -D warnings.

    Versioning

    Releases follow v<upstream>+rs.<n>: the leading version pins the upstream portal-tunnel release this build is compatible with, and rs.<n> is the Rust port build counter for that upstream version.

    Downloads
  • v2.2.0+rs.1 c2270c94b6

    v2.2.0+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 1m12s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m40s
    Details
    Stable

    gofix released this 2026-05-09 08:34:45 +00:00 | 14 commits to master since this release

    First Rust port build retargeted at upstream portal-tunnel v2.2.0. This remains scoped to the relay-server replacement surface.

    Highlights

    • Retarget relay compatibility to upstream v2.2.0, with v2.2 ECH route hostname/hash fields, ECH config-list handling, and hop-route entry access token responses (#64).
    • Sync ECH DNS records: create/update A and HTTPS records with ech=... for ECH-backed public hostnames across direct register, unregister, hop route register/delete, rollback, and expired-record cleanup (#65).
    • Add ACME renew hook (#63).
    • Harden relay public surfaces (#62).
    • Preserve v2.1.x interop via legacy /sdk/connect bearer fallback and legacy keyless signing for active pre-ECH public routes.

    Container image

    docker pull code.rly.best/gofix/portal-tunnel-rs:v2.2.0-rs.1

    The git tag is v2.2.0+rs.1; the OCI image tag substitutes + with - because OCI tags do not allow +. Published images are linux/arm64 only.

    Compatibility

    Validated against the official upstream portal v2.2.0 CLI on rly.best, including ECH route hostname generation and a live ECH HTTPS RR smoke (Go 1.26 TLS client returned ECHAccepted=true against an upstream-issued ECH hostname). Backward compatibility with the official portal v2.1.9 CLI was also verified.

    Client CLI/SDK and other non-relay components remain out of scope. See docs/unsupported-features.md for the support matrix.

    Versioning

    Releases follow v<upstream>+rs.<n>: the leading version pins the upstream portal-tunnel release this build is compatible with, and rs.<n> is the Rust port build counter for that upstream version.

    Downloads
  • v2.1.9+rs.1 670d338184

    v2.1.9+rs.1
    All checks were successful
    Rust CI / Format, lint, and test (push) Successful in 56s
    Details
    Build and publish container image / Build linux/arm64 image (push) Successful in 3m20s
    Details
    Stable

    gofix released this 2026-05-03 18:27:07 +00:00 | 19 commits to master since this release

    First stable Rust port build retargeted at upstream portal-tunnel v2.1.9. This remains scoped to the relay-server replacement surface.

    Container image

    docker pull code.rly.best/gofix/portal-tunnel-rs:v2.1.9-rs.1

    The git tag is v2.1.9+rs.1; the OCI image tag substitutes + with - because OCI tags do not allow +. Published images are linux/arm64 only.

    Compatibility

    Validated against the official upstream portal v2.1.9 client and upstream Go relay tag v2.1.9 for HTTP SNI passthrough, raw TCP, UDP datagrams, lease renew/unregister lifecycle, API/discovery shape, lease JWT verification, and live explicit 3-hop relay interop with rly.best as the middle hop.

    Client CLI/SDK and other non-relay components remain out of scope. See docs/unsupported-features.md for the support matrix.

    Versioning

    Releases follow v<upstream>+rs.<n>: the leading version pins the upstream portal-tunnel release this build is compatible with, and rs.<n> is the Rust port build counter for that upstream version.

    Downloads