* feat(build): swap podman server resources for Lima (WS3)
- Upload limactl (arm64 + x64) to R2 via new 'browseros upload lima' CLI.
- Rewrite scripts/build/config/server-prod-resources.json: 2 Lima entries,
12 podman-family entries removed.
- Update codesign metadata (server_binaries.py) to add limactl, drop podman
family. Sign modules need no edits (data-driven).
- Delete orphaned podman-{vfkit,krunkit} entitlement plists.
- Release-gating note in browseros-agent/CLAUDE.md: don't cut releases off
dev between this commit and WS6 landing (OpenClaw still invokes podman).
* fix: address review comments for 0422-ws3_lima_resources
- Tighten _find_limactl_member to match exactly .../bin/limactl via
Path.parts, avoiding incidental matches like 'xbin/limactl'.
- Fall back USER -> USERNAME -> 'unknown' for uploaded_by so Windows
shells don't all record 'unknown'.
- Comment the broad except in upload_lima to explain why rollback
must fire for any mid-loop failure.
* chore: drop bun + rg from Windows sign list
These executables are already absent from server-prod-resources.json (no
Windows entries shipped); keeping them in the sign list produces
"Binary not found" warnings on every Windows build.
* feat(ota): bundle full server resources tree (server + third_party bins)
The OTA Sparkle payload now ships the complete resources/ tree the agent
build produced, not just browseros_server. Every third-party binary (bun,
ripgrep, podman, gvproxy, vfkit, krunkit, podman-mac-helper, win-sshproxy)
flows to OTA-updated installs so podman integration works for users on the
OTA channel, matching fresh Chromium-build installs.
Extract the per-binary sign table into build/common/server_binaries.py so
the Chromium-build sign path (modules/sign/) and OTA sign path (modules/ota/)
share a single source of truth. Adding a new third-party dep is now a
one-file edit that both paths pick up automatically; unknown executables
under resources/bin/ are a hard error at release time.
* fix(ota): address review comments on bundle signing flow
- Avoid double-zipping during notarization: add notarize_macos_zip for
pre-built Sparkle bundles so notarytool submits the zip directly
instead of re-wrapping it through ditto --keepParent (Apple's service
does not descend into nested archives). Keep notarize_macos_binary for
single-binary callers. Share credential setup + submit logic via
internal helpers.
- Fail fast on unknown executables in sign_server_bundle_macos: collect
the unknown-files list before any codesign call so a missing shared-
table entry aborts in seconds, not after a full signing round.
- Drop dead get_entitlements_path helper (no callers remain after the
bundle refactor).
* fix(ota): address PR review comments (greptile + claude)
- sign_server_bundle_macos filters to executables only (p.is_file() +
not p.is_symlink() + os.access X_OK) before applying the unknown-file
guard. Non-Mach-O files (configs, dylibs, etc.) under resources/bin/
no longer cause misleading 'unknown executable' hard failures.
- sign_server_bundle_windows now hard-errors on a missing expected
binary instead of silently skipping it. Symmetric with the macOS
guard — an incomplete bundle must not publish.
- ServerOTAModule.execute() uses tempfile.TemporaryDirectory context
managers for both the download and staging roots so they are cleaned
up on every path, including failures.
- Per-platform sign/notarize/Sparkle-sign failures now raise RuntimeError
instead of silently skipping the platform — a release pipeline can no
longer omit a target while reporting success.
- Move import os and import shutil to the top of ota/sign_binary.py.
- Drop unused log_error import from ota/server.py.
* chore: bump server
* fix: install linux sysroot in configure, not via gclient hook
`gn gen` was failing on the arm64 leg with `Missing sysroot
(//build/linux/debian_bullseye_arm64-sysroot)`. The previous design
relied on `git_setup` writing `target_cpus` to `.gclient` so that
`gclient sync`'s DEPS hook would download the cross-arch sysroot. That
chain breaks for any chromium_src that was synced before cross-arch
support landed (the hook is gated on .gclient state at sync time) and
for partial pipeline runs that skip git_setup entirely. Nothing in
configure declared or verified its sysroot precondition.
Make configure self-healing: on Linux, invoke
`build/linux/sysroot_scripts/install-sysroot.py --arch=<target>`
directly before `gn gen`. install-sysroot.py is idempotent (stamp file
+ SHA check), fast when already installed, and decoupled from .gclient
— it's exactly what the failing assertion's error message recommends.
The script accepts our arch names directly: `x64` translates to `amd64`
internally via ARCH_TRANSLATIONS, and `arm64` is a valid pass-through.
Also temporarily pin release.linux.yaml to x64 only while we validate
the sysroot bootstrap end-to-end. Flip back to `[x64, arm64]` once
arm64 is green.
* chore: pin release.linux.yaml to arm64-only for sysroot bootstrap test
x64 already builds cleanly — the failing leg is arm64 cross-compile from
an x64 host. Pin the config to arm64 to exercise the new
install-sysroot.py path in configure without burning time on x64.
Flip back to [x64, arm64] once arm64 is green.
`release.linux.yaml` now declares `architecture: [x64, arm64]` and the
runner loops the entire pipeline once per architecture. depot_tools
fetches both Linux sysroots automatically — `git_setup` idempotently
ensures `target_cpus = ['x64', 'arm64']` is in `.gclient` before
`gclient sync`, so cross-compiling arm64 from an x64 host just works.
The resolver returns `List[Context]` (single-element for the common
single-arch case), and `build/cli/build.py` loops `execute_pipeline` over
the per-arch contexts. Modules stay 100% arch-agnostic — no new
orchestration module, no new YAML schema beyond the list form.
Also fix a cross-compile bug in `build/modules/package/linux.py`: the
appimagetool binary must match the BUILD machine's arch (it executes
locally), not the target arch. Split into a host-keyed
`LINUX_HOST_APPIMAGETOOL` lookup vs the existing target-keyed
`LINUX_ARCHITECTURE_CONFIG`. Target arch is still passed to appimagetool
via the `ARCH` env var.
- build/common/resolver.py: scalar OR list `architecture` -> List[Context]
- build/cli/build.py: loop pipeline per arch, log multi-arch headers
- build/config/release.linux.yaml: `architecture: [x64, arm64]`
- build/modules/setup/git.py: idempotent `target_cpus` edit on Linux
- build/modules/package/linux.py: host vs target appimagetool split
- build/modules/package/linux_test.py: cover the host/target split
* fix: support artifact-extracted directory structure in OTA binary discovery
The download_resources system now extracts server binaries into
platform-specific subdirectories (e.g., darwin-arm64/resources/bin/),
but the OTA module only looked for flat binary names. This adds
find_server_binary() which checks both layouts, keeping backward
compatibility with --binaries while supporting the new structure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: download server binaries from R2 instead of requiring --binaries
Remove the --binaries flag from `ota server release`. The module now
downloads artifact zips from artifacts/server/latest/ in R2, extracts
them, then signs and packages as before. This eliminates the need to
have mono build output locally.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: update to 146, fix clean
* fix: update all 16 failed patches for Chromium 146.0.7680.31
- Update BASE_COMMIT to 4d3225104176d (Chromium 146)
- Shift BrowserOS command IDs to avoid upstream 40300-40302 conflict
- Fix settings BUILD.gn and menu patches for upstream removals
- Shift syncable prefs IDs to 100379-100380 after upstream additions
- Migrate theme patch from theme_service_factory.cc to theme_service.cc
(RegisterProfilePrefs moved upstream)
- Fix toolbar_actions_model.cc for upstream API changes
- Fix toolbar_pref_names.cc for upstream base::ListValue usage
- Fix ui_features.cc/.h for removed kPopupBrowserUseNewLayout
- Fix api_sources.gni for new upstream entries
- Shift infobar delegate ID to 132
- Shift extension histogram values by +4 (1961-1985)
- Shift api_permission_id kBrowserOS to 265
- Update histogram enums.xml to match shifted values
- Delete chromium_install_modes.cc patch (file removed in 146)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: enable vertical tabs
* feat: default browseros theme
* chore: bump PATCH and OFFSET
* fix: update extensions-manifestv2 series patch for Chromium 146
Regenerated the patch from a clean diff against 146.0.7680.31 to fix
line number offsets and context mismatches in extensions_ui.cc.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update vertical_tab_strip_state_controller patch for Chromium 146
Upstream refactored includes and renamed NotifyStateChanged to
NotifyModeChanged. Regenerated patch with correct context.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update default theme to neutral gray (136,136,136)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: rename base::Value::Dict/List to base::DictValue/ListValue for Chromium 146
Chromium 146 moved base::Value::Dict and base::Value::List to top-level
classes base::DictValue and base::ListValue. Updated all 23 patch files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: regenerate browseros_prefs.cc patch (fix corrupt trailing newline)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update patches for Chromium 146 build API changes
- browseros_action_utils.h: remove nonexistent base/containers/contains.h include
- chrome_content_browser_client.cc: PrivateNetworkRequestPolicyOverride → LocalNetworkAccessRequestPolicyOverride
- extension_updater.cc: InstallStageTracker::Get → InstallStageTrackerFactory::GetForBrowserContext
- toolbar_actions_model.cc: base::Contains → std::ranges::contains
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* chore: bump PATCH and OFFSET
* fix: add AppArmor profile and improve .deb packaging for Ubuntu 23.10+
Ship an AppArmor profile with the .deb package that grants the
`userns` permission, fixing the fatal sandbox crash on Ubuntu 23.10+
and other distros that restrict unprivileged user namespaces via
AppArmor (closes#165).
Also adds: Qt5/Qt6 shim libraries for native file dialogs on KDE,
update-alternatives registration for default browser selection,
prerm cleanup script, and Provides/Recommends metadata.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: correct CDN download path for .deb and add multi-size icons
Update .deb download path from lowercase "browseros.deb" to "BrowserOS.deb"
to match the URL advertised in README (cdn.browseros.com/download/BrowserOS.deb).
Also install icons at all available sizes instead of only 256x256.
Closes#368
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add multi-size icons and AppStream metainfo to .deb package
Install product icons at all standard hicolor sizes (16, 22, 24, 32,
48, 64, 128, 256) instead of only 256px, so desktop environments can
pick the appropriate resolution for panels, menus, and task switchers.
Ship AppStream metainfo at /usr/share/metainfo/browseros.metainfo.xml
so GNOME Software, KDE Discover, and other software centers can
discover and display BrowserOS in their catalogs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: guard postinst update-alternatives with $1=configure check
Matches prerm's pattern — only register alternatives during normal
configure, not during dpkg error-recovery paths (abort-upgrade, etc.)
where /usr/bin/browseros may not exist yet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add bun binary signing for macOS and Windows
Register the bun runtime binary in the code signing pipelines so it gets
properly signed and notarized alongside browseros_server and codex.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add bun runtime download and copy resource configs
Add bun binary entries for all platform/arch combos (macOS arm64/x64,
Linux arm64/x64, Windows x64) to download from R2 and copy into the
Chromium build output alongside browseros_server.
Also adds the server bundle (index.js) download and copy entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: ota release
* chore: clean-up old binaries
* fix: ota cli sub-commands, path fixes
* chore: browseros server binary update
* fix: add sparkle sign_update path as ENV
* fix: CLOUDFLARE_API_TOKEN to env
* fix: use same upload r2 module
* feat: upload appcast is separate
* feat: write sparkle sign in python
* fix: handle appcast update
* fix: add missing sparkle.py file
* fix: remove redudant cli options in ota
* chore: 0.0.37 macos signed release
* chore: linux browseros server ota
* fix: copy binaries to temp file and then sign
* feat: new extension installer + bundle support
* feat: support bundle extension download in cli
* chore: update release yaml to include new bundle_extensions module
* fix: enable sparkle build flag
* feat: cli new apply changed command for dev cli
* fix: sparkle patch fix
* fix: dev cli changed minor fix
* fix: dev cli - for download add --output support
* fix: handle rename during extract properly with deleting old patch
* patch: refactor broweros patches to be in chrome/browser/browseros
* patch: rename browseros_actions_config
* fix: features.yaml update to include new browseros folder
* patch: revalidate ports on restart
* patch: disable cdp notifications
* chore: new browseros-server binaries
* chore: new browseros-server binaries
* bugfix: was writing chromium_patches/ in wrong location
* patch: ntp footer disabled by default
* patch: browseros alpha flag
* patch: add log for port saving
* chore: increment PATCH
* feat: use packages/browseros as root_dir properly in context.py
* Fix: disable new tab footer
* fix: features.yaml update
* feat: series per platoform
* feat: import few essential patches from ungoogle-chromium
* bump patch
* clean-up: remove codex binary
* fix: further fixes to hide customize toolbar
* bump browseros version
* fix: save ports from CLI even if browseros-server is disabled
* feat: new upload to r2, better semantic app name, sparkle signing as part of build
* feat: consistent artifact naming
* minor: add additional logging in build.py
* minor
* feat: better notify, so it's not too verbose
* refactor: rename R2UploadModule to just UploadModule
* fix: sparkle signature uplaod.py
* minor: debugging
* fix: sparkle update and metadata for release artificats
* feat: v1 release module
* feat: new release cli with modules/
* minor: env update
* refactor 1: new typer based cli and browseros cli module
* refactor 2: fixes to context.py
* refactor 3: common/ and notify
* new sign and package module
* update .gitignore
* refactor 5: dev.py and modules for each
* refactor 6: clean-up old files
* refactor 7: organise modules fruther
* refactor 8: renaming nxtscape to browseros
* refactor 9: dev.py remove cli load
* fix: pyproject.toml
* fix: typer pretty exception disable
* refactor 10: cli/build.py set to primary
* refactor 10: cli/build.py set to primary, move OS detection
* refactor: context split, env and module dataclass
* reactor: clean and git moved ot new module type
* refactor: compile and configure
* reactor: sign and package module update
* refactor: new build.py cli
* 'refactor: remove reducant OS checks
* refactor: rename BuildContext to Context
* refactor: rename BuildModule to CommandModule
* refactor: dev.py to use the new modules
* build.py: improve help output
* remove old patching way
* clean-up: remove old build.py stuff
* refactor: move to proper yaml parsing
* clean-up: remove legacy args gating
* fix: patches issues
* fix: clean-up build.py and ars resolver
* minor: gitignore
* fix: patches.py issue
* support universal build
* fix: ENV variable and YAMLs
* fix: move compile to folder to avoid compflics
* fixes: more env fixes
* fix: build_type override in CLI fix
* fix: universal clean all archs before starting
* fix: universal build type constants
* fix: linter, extract options
* fix: linter
* fix: remove chromium_src as a not a conflicting flag
* fix: support chromium_src from cli in config mode
* fix: notify with better messages
* feat: new apply patch with --reset-to feature
* feat: refactor apply and extract into separate sub modules
* 142 patches working (#211)
* updates to build.py apply/patch
* removed all old patches
* 142 build update
* fix: get updated patches from main to 142
* fix: correct patches dir
* fix: import path
* add pyright
* fix: setup pyright
* fix: new updated patches from 137 rebased on 142
* feat: new extract_patch command
* fix: add mising side_panel build patch
* fix: extension uninstall for browseros
* fix: prefs fix
* fix: ota extension updater patch fix
* fix: llm hub and chat
* feat: unvisersal module also package individual archs
* fix: add browseros-server binaries
* fix: attach color for notify
* fix: attachment for slack
* fix: update chromium version to 142.0.7444.175
* feat: add new icons needed
* fix: disable settings in menu
* fix: uv add build-backend
* minor: chromium version bump
* clean-up: removed old files of extnesion and sidepanel
* fix: product logo generate and assets.car and appicon.icns
* feat: few chromium UI fixes
* fix: update features.yaml
* fix: features.yaml path in context
* refactor: rename to get_patches_dir()
* feat: show browserOS version in about page
* fix: copy browseros_version on the build time and rename other to offset
* bump offset
* fix: update features.yaml
* feat: load env from .env files too
* fix: enable split view
* clean-up: removed old prefs
* fix: minor import issue
* fix: linux flag update
* architecture based copy
* update entitilements
* sign binaries in macos update
* update package windows to also sign binaries properly
* codex binaries
