Introduces release.macos.arm64.yaml for single-architecture arm64
macOS release builds. Mirrors the windows/linux single-arch pattern
(configure -> compile -> sign_macos -> package_macos -> upload),
skipping the universal_build module to avoid the x64 cross-compile
and lipo merge. Reuses the sparkle_setup step and the same
notarization env vars as the universal macOS config.
* feat(ota): bundle full server resources tree (server + third_party bins)
The OTA Sparkle payload now ships the complete resources/ tree the agent
build produced, not just browseros_server. Every third-party binary (bun,
ripgrep, podman, gvproxy, vfkit, krunkit, podman-mac-helper, win-sshproxy)
flows to OTA-updated installs so podman integration works for users on the
OTA channel, matching fresh Chromium-build installs.
Extract the per-binary sign table into build/common/server_binaries.py so
the Chromium-build sign path (modules/sign/) and OTA sign path (modules/ota/)
share a single source of truth. Adding a new third-party dep is now a
one-file edit that both paths pick up automatically; unknown executables
under resources/bin/ are a hard error at release time.
* fix(ota): address review comments on bundle signing flow
- Avoid double-zipping during notarization: add notarize_macos_zip for
pre-built Sparkle bundles so notarytool submits the zip directly
instead of re-wrapping it through ditto --keepParent (Apple's service
does not descend into nested archives). Keep notarize_macos_binary for
single-binary callers. Share credential setup + submit logic via
internal helpers.
- Fail fast on unknown executables in sign_server_bundle_macos: collect
the unknown-files list before any codesign call so a missing shared-
table entry aborts in seconds, not after a full signing round.
- Drop dead get_entitlements_path helper (no callers remain after the
bundle refactor).
* fix(ota): address PR review comments (greptile + claude)
- sign_server_bundle_macos filters to executables only (p.is_file() +
not p.is_symlink() + os.access X_OK) before applying the unknown-file
guard. Non-Mach-O files (configs, dylibs, etc.) under resources/bin/
no longer cause misleading 'unknown executable' hard failures.
- sign_server_bundle_windows now hard-errors on a missing expected
binary instead of silently skipping it. Symmetric with the macOS
guard — an incomplete bundle must not publish.
- ServerOTAModule.execute() uses tempfile.TemporaryDirectory context
managers for both the download and staging roots so they are cleaned
up on every path, including failures.
- Per-platform sign/notarize/Sparkle-sign failures now raise RuntimeError
instead of silently skipping the platform — a release pipeline can no
longer omit a target while reporting success.
- Move import os and import shutil to the top of ota/sign_binary.py.
- Drop unused log_error import from ota/server.py.
* chore: bump server
* fix: install linux sysroot in configure, not via gclient hook
`gn gen` was failing on the arm64 leg with `Missing sysroot
(//build/linux/debian_bullseye_arm64-sysroot)`. The previous design
relied on `git_setup` writing `target_cpus` to `.gclient` so that
`gclient sync`'s DEPS hook would download the cross-arch sysroot. That
chain breaks for any chromium_src that was synced before cross-arch
support landed (the hook is gated on .gclient state at sync time) and
for partial pipeline runs that skip git_setup entirely. Nothing in
configure declared or verified its sysroot precondition.
Make configure self-healing: on Linux, invoke
`build/linux/sysroot_scripts/install-sysroot.py --arch=<target>`
directly before `gn gen`. install-sysroot.py is idempotent (stamp file
+ SHA check), fast when already installed, and decoupled from .gclient
— it's exactly what the failing assertion's error message recommends.
The script accepts our arch names directly: `x64` translates to `amd64`
internally via ARCH_TRANSLATIONS, and `arm64` is a valid pass-through.
Also temporarily pin release.linux.yaml to x64 only while we validate
the sysroot bootstrap end-to-end. Flip back to `[x64, arm64]` once
arm64 is green.
* chore: pin release.linux.yaml to arm64-only for sysroot bootstrap test
x64 already builds cleanly — the failing leg is arm64 cross-compile from
an x64 host. Pin the config to arm64 to exercise the new
install-sysroot.py path in configure without burning time on x64.
Flip back to [x64, arm64] once arm64 is green.
`release.linux.yaml` now declares `architecture: [x64, arm64]` and the
runner loops the entire pipeline once per architecture. depot_tools
fetches both Linux sysroots automatically — `git_setup` idempotently
ensures `target_cpus = ['x64', 'arm64']` is in `.gclient` before
`gclient sync`, so cross-compiling arm64 from an x64 host just works.
The resolver returns `List[Context]` (single-element for the common
single-arch case), and `build/cli/build.py` loops `execute_pipeline` over
the per-arch contexts. Modules stay 100% arch-agnostic — no new
orchestration module, no new YAML schema beyond the list form.
Also fix a cross-compile bug in `build/modules/package/linux.py`: the
appimagetool binary must match the BUILD machine's arch (it executes
locally), not the target arch. Split into a host-keyed
`LINUX_HOST_APPIMAGETOOL` lookup vs the existing target-keyed
`LINUX_ARCHITECTURE_CONFIG`. Target arch is still passed to appimagetool
via the `ARCH` env var.
- build/common/resolver.py: scalar OR list `architecture` -> List[Context]
- build/cli/build.py: loop pipeline per arch, log multi-arch headers
- build/config/release.linux.yaml: `architecture: [x64, arm64]`
- build/modules/setup/git.py: idempotent `target_cpus` edit on Linux
- build/modules/package/linux.py: host vs target appimagetool split
- build/modules/package/linux_test.py: cover the host/target split
* feat: update to 146, fix clean
* fix: update all 16 failed patches for Chromium 146.0.7680.31
- Update BASE_COMMIT to 4d3225104176d (Chromium 146)
- Shift BrowserOS command IDs to avoid upstream 40300-40302 conflict
- Fix settings BUILD.gn and menu patches for upstream removals
- Shift syncable prefs IDs to 100379-100380 after upstream additions
- Migrate theme patch from theme_service_factory.cc to theme_service.cc
(RegisterProfilePrefs moved upstream)
- Fix toolbar_actions_model.cc for upstream API changes
- Fix toolbar_pref_names.cc for upstream base::ListValue usage
- Fix ui_features.cc/.h for removed kPopupBrowserUseNewLayout
- Fix api_sources.gni for new upstream entries
- Shift infobar delegate ID to 132
- Shift extension histogram values by +4 (1961-1985)
- Shift api_permission_id kBrowserOS to 265
- Update histogram enums.xml to match shifted values
- Delete chromium_install_modes.cc patch (file removed in 146)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: enable vertical tabs
* feat: default browseros theme
* chore: bump PATCH and OFFSET
* fix: update extensions-manifestv2 series patch for Chromium 146
Regenerated the patch from a clean diff against 146.0.7680.31 to fix
line number offsets and context mismatches in extensions_ui.cc.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update vertical_tab_strip_state_controller patch for Chromium 146
Upstream refactored includes and renamed NotifyStateChanged to
NotifyModeChanged. Regenerated patch with correct context.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update default theme to neutral gray (136,136,136)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: rename base::Value::Dict/List to base::DictValue/ListValue for Chromium 146
Chromium 146 moved base::Value::Dict and base::Value::List to top-level
classes base::DictValue and base::ListValue. Updated all 23 patch files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: regenerate browseros_prefs.cc patch (fix corrupt trailing newline)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update patches for Chromium 146 build API changes
- browseros_action_utils.h: remove nonexistent base/containers/contains.h include
- chrome_content_browser_client.cc: PrivateNetworkRequestPolicyOverride → LocalNetworkAccessRequestPolicyOverride
- extension_updater.cc: InstallStageTracker::Get → InstallStageTrackerFactory::GetForBrowserContext
- toolbar_actions_model.cc: base::Contains → std::ranges::contains
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add bun binary signing for macOS and Windows
Register the bun runtime binary in the code signing pipelines so it gets
properly signed and notarized alongside browseros_server and codex.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add bun runtime download and copy resource configs
Add bun binary entries for all platform/arch combos (macOS arm64/x64,
Linux arm64/x64, Windows x64) to download from R2 and copy into the
Chromium build output alongside browseros_server.
Also adds the server bundle (index.js) download and copy entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: ota release
* chore: clean-up old binaries
* fix: ota cli sub-commands, path fixes
* chore: browseros server binary update
* fix: add sparkle sign_update path as ENV
* fix: CLOUDFLARE_API_TOKEN to env
* fix: use same upload r2 module
* feat: upload appcast is separate
* feat: write sparkle sign in python
* fix: handle appcast update
* fix: add missing sparkle.py file
* fix: remove redudant cli options in ota
* chore: 0.0.37 macos signed release
* chore: linux browseros server ota
* fix: copy binaries to temp file and then sign
