diff --git a/Makefile b/Makefile
index 76ae1d19d..e062a2c33 100644
--- a/Makefile
+++ b/Makefile
@@ -192,8 +192,9 @@ docs-publish: docs
 	  --branch gh-pages \
 	  --remote origin
 
-gltestserver-image: docker/gl-testserver/Dockerfile
-	docker build \
+gltestserver-image: ${REPO_ROOT}/docker/gl-testserver/Dockerfile
+	docker buildx build \
+	  --load \
 	  --build-arg DOCKER_USER=$(shell whoami) \
 	  --build-arg UID=$(shell id -u) \
 	  --build-arg GID=$(shell id -g) \
@@ -203,7 +204,6 @@ gltestserver-image: docker/gl-testserver/Dockerfile
 	  .
 
 gltestserver: gltestserver-image
-	mkdir -p /tmp/gltestserver
 	docker run \
 	  --user $(shell id -u):$(shell id -g) \
 	  -e DOCKER_USER=$(shell whoami) \
diff --git a/docker/gl-testserver/Dockerfile b/docker/gl-testserver/Dockerfile
index 3f736a7fb..58c17e744 100644
--- a/docker/gl-testserver/Dockerfile
+++ b/docker/gl-testserver/Dockerfile
@@ -80,6 +80,6 @@ RUN cargo build --bin gl-signerproxy
 
 RUN curl -LsSf https://astral.sh/uv/install.sh | sh
 
-RUN uv sync --locked -v
+RUN uv lock && uv sync --locked -v
 RUN uv run clnvm get-all
 CMD uv run gltestserver run --metadata ${REPO}/ --directory ${REPO}/.gltestserver
diff --git a/libs/gl-client-py/pyproject.toml b/libs/gl-client-py/pyproject.toml
index bc7aa4269..637e66bbd 100644
--- a/libs/gl-client-py/pyproject.toml
+++ b/libs/gl-client-py/pyproject.toml
@@ -1,5 +1,6 @@
 [project]
 name = "gl-client"
+version = "0.3.0"
 
 dependencies = [
     "protobuf>=3",
diff --git a/libs/gl-testing/gltesting/certs.py b/libs/gl-testing/gltesting/certs.py
index dbbc80138..7a7dd966c 100644
--- a/libs/gl-testing/gltesting/certs.py
+++ b/libs/gl-testing/gltesting/certs.py
@@ -4,7 +4,7 @@
 import tempfile
 import json
 import os
-from sh import cfssl, openssl, cfssljson
+import subprocess
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat._oid import NameOID
@@ -108,9 +108,13 @@ def path_to_identity(path):
     )
 
 def postprocess_private_key(keyfile):
-    converted = openssl("pkcs8", "-topk8", "-nocrypt", "-in", keyfile).stdout
-    with open(keyfile, "wb") as f:
-        f.write(converted)
+    result = subprocess.run(["openssl", "pkcs8", "-topk8", "-nocrypt", "-in", keyfile], capture_output=True, text=True)
+    if result.returncode == 0:
+        converted = result.stdout
+        with open(keyfile, "wb") as f:
+            f.write(converted.encode())
+    else:
+        raise RuntimeError(f"OpenSSL command failed with error: {result.stderr}")
 
 
 def parent_ca(path):
@@ -167,24 +171,15 @@ def genca(idpath):
     if not os.path.exists(directory):
         os.makedirs(directory)
 
-    cfssljson(cfssl("gencert", "-initca", tmpcsr.name), "-bare", path[3])
-
+    certs_json = subprocess.check_output(["cfssl", "gencert", "-initca", tmpcsr.name])
+    subprocess.run(["cfssljson", "-bare", path[3]], input=certs_json)
+    
     # Write config
     tmpconfig = tempfile.NamedTemporaryFile(mode="w")
     tmpconfig.write(config)
     tmpconfig.flush()
-    cfssljson(
-        cfssl(
-            "sign",
-            f"-ca={parent[0]}",
-            f"-ca-key={parent[1]}",
-            f"-config={tmpconfig.name}",
-            f"-profile={profile}",
-            path[3] + ".csr",
-        ),
-        "-bare",
-        path[3],
-    )
+    sign_certs_json = subprocess.check_output(["cfssl", "sign", f"-ca={parent[0]}", f"-ca-key={parent[1]}", f"-config={tmpconfig.name}", f"-profile={profile}", path[3] + ".csr"])
+    subprocess.run(["cfssljson", "-bare", path[3]], input=sign_certs_json)
     # Cleanup the temporary certificate signature request
     os.remove(path[3] + ".csr")
 
@@ -225,18 +220,8 @@ def gencert(idpath):
     if not os.path.exists(directory):
         os.makedirs(directory)
 
-    cfssljson(
-        cfssl(
-            "gencert",
-            f"-ca={parent[0]}",
-            f"-ca-key={parent[1]}",
-            f"-config={tmpconfig.name}",
-            f"-profile={profile}",
-            tmpcsr.name,
-        ),
-        "-bare",
-        path[3],
-    )
+    certs_json = subprocess.check_output(["cfssl", "gencert", f"-ca={parent[0]}", f"-ca-key={parent[1]}", f"-config={tmpconfig.name}", f"-profile={profile}", tmpcsr.name])
+    subprocess.run(["cfssljson", "-bare", path[3]], input=certs_json)
     # Cleanup the temporary certificate signature request
     os.remove(path[3] + ".csr")
 
@@ -300,28 +285,11 @@ def gencert_from_csr(csr: bytes, recover=False, pairing=False):
         os.makedirs(directory)
 
     if pairing:
-        cfssljson(
-            cfssl(
-                "sign",
-                f"-ca={parent[0]}",
-                f"-ca-key={parent[1]}",
-                tmpcsr.name,
-                tmpsubject.name,
-            ),
-            "-bare",
-            path[3],
-        )
+        sign_certs_json = subprocess.check_output(["cfssl", "sign", f"-ca={parent[0]}", f"-ca-key={parent[1]}", tmpcsr.name, tmpsubject.name])
     else:
-        cfssljson(
-            cfssl(
-                "sign",
-                f"-ca={parent[0]}",
-                f"-ca-key={parent[1]}",
-                tmpcsr.name,
-            ),
-            "-bare",
-            path[3],
-        )
+        sign_certs_json = subprocess.check_output(["cfssl", "sign", f"-ca={parent[0]}", f"-ca-key={parent[1]}", tmpcsr.name])
+
+    subprocess.run(["cfssljson", "-bare", path[3]], input=sign_certs_json)
 
     # Cleanup the temporary certificate signature request
     os.remove(path[3] + ".csr")
@@ -333,4 +301,3 @@ def gencert_from_csr(csr: bytes, recover=False, pairing=False):
     cert = certf.read()
     certf.close()
     return cert
-