* feat(ota): bundle full server resources tree (server + third_party bins)
The OTA Sparkle payload now ships the complete resources/ tree the agent
build produced, not just browseros_server. Every third-party binary (bun,
ripgrep, podman, gvproxy, vfkit, krunkit, podman-mac-helper, win-sshproxy)
flows to OTA-updated installs so podman integration works for users on the
OTA channel, matching fresh Chromium-build installs.
Extract the per-binary sign table into build/common/server_binaries.py so
the Chromium-build sign path (modules/sign/) and OTA sign path (modules/ota/)
share a single source of truth. Adding a new third-party dep is now a
one-file edit that both paths pick up automatically; unknown executables
under resources/bin/ are a hard error at release time.
* fix(ota): address review comments on bundle signing flow
- Avoid double-zipping during notarization: add notarize_macos_zip for
pre-built Sparkle bundles so notarytool submits the zip directly
instead of re-wrapping it through ditto --keepParent (Apple's service
does not descend into nested archives). Keep notarize_macos_binary for
single-binary callers. Share credential setup + submit logic via
internal helpers.
- Fail fast on unknown executables in sign_server_bundle_macos: collect
the unknown-files list before any codesign call so a missing shared-
table entry aborts in seconds, not after a full signing round.
- Drop dead get_entitlements_path helper (no callers remain after the
bundle refactor).
* fix(ota): address PR review comments (greptile + claude)
- sign_server_bundle_macos filters to executables only (p.is_file() +
not p.is_symlink() + os.access X_OK) before applying the unknown-file
guard. Non-Mach-O files (configs, dylibs, etc.) under resources/bin/
no longer cause misleading 'unknown executable' hard failures.
- sign_server_bundle_windows now hard-errors on a missing expected
binary instead of silently skipping it. Symmetric with the macOS
guard — an incomplete bundle must not publish.
- ServerOTAModule.execute() uses tempfile.TemporaryDirectory context
managers for both the download and staging roots so they are cleaned
up on every path, including failures.
- Per-platform sign/notarize/Sparkle-sign failures now raise RuntimeError
instead of silently skipping the platform — a release pipeline can no
longer omit a target while reporting success.
- Move import os and import shutil to the top of ota/sign_binary.py.
- Drop unused log_error import from ota/server.py.
* chore: bump server
* feat: add bun binary signing for macOS and Windows
Register the bun runtime binary in the code signing pipelines so it gets
properly signed and notarized alongside browseros_server and codex.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add bun runtime download and copy resource configs
Add bun binary entries for all platform/arch combos (macOS arm64/x64,
Linux arm64/x64, Windows x64) to download from R2 and copy into the
Chromium build output alongside browseros_server.
Also adds the server bundle (index.js) download and copy entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: ota release
* chore: clean-up old binaries
* fix: ota cli sub-commands, path fixes
* chore: browseros server binary update
* fix: add sparkle sign_update path as ENV
* fix: CLOUDFLARE_API_TOKEN to env
* fix: use same upload r2 module
* feat: upload appcast is separate
* feat: write sparkle sign in python
* fix: handle appcast update
* fix: add missing sparkle.py file
* fix: remove redudant cli options in ota
* chore: 0.0.37 macos signed release
* chore: linux browseros server ota
* fix: copy binaries to temp file and then sign
* feat: new upload to r2, better semantic app name, sparkle signing as part of build
* feat: consistent artifact naming
* minor: add additional logging in build.py
* minor
* feat: better notify, so it's not too verbose
* refactor: rename R2UploadModule to just UploadModule
* fix: sparkle signature uplaod.py
* minor: debugging
* fix: sparkle update and metadata for release artificats
* feat: v1 release module
* feat: new release cli with modules/
* minor: env update
* refactor 1: new typer based cli and browseros cli module
* refactor 2: fixes to context.py
* refactor 3: common/ and notify
* new sign and package module
* update .gitignore
* refactor 5: dev.py and modules for each
* refactor 6: clean-up old files
* refactor 7: organise modules fruther
* refactor 8: renaming nxtscape to browseros
* refactor 9: dev.py remove cli load
* fix: pyproject.toml
* fix: typer pretty exception disable
* refactor 10: cli/build.py set to primary
* refactor 10: cli/build.py set to primary, move OS detection
* refactor: context split, env and module dataclass
* reactor: clean and git moved ot new module type
* refactor: compile and configure
* reactor: sign and package module update
* refactor: new build.py cli
* 'refactor: remove reducant OS checks
* refactor: rename BuildContext to Context
* refactor: rename BuildModule to CommandModule
* refactor: dev.py to use the new modules
* build.py: improve help output
* remove old patching way
* clean-up: remove old build.py stuff
* refactor: move to proper yaml parsing
* clean-up: remove legacy args gating
* fix: patches issues
* fix: clean-up build.py and ars resolver
* minor: gitignore
* fix: patches.py issue
* support universal build
* fix: ENV variable and YAMLs
* fix: move compile to folder to avoid compflics
* fixes: more env fixes
* fix: build_type override in CLI fix
* fix: universal clean all archs before starting
* fix: universal build type constants
* fix: linter, extract options
* fix: linter
* fix: remove chromium_src as a not a conflicting flag
* fix: support chromium_src from cli in config mode
* fix: notify with better messages
* feat: new apply patch with --reset-to feature
* feat: refactor apply and extract into separate sub modules
* 142 patches working (#211)
* updates to build.py apply/patch
* removed all old patches
* 142 build update
* fix: get updated patches from main to 142
* fix: correct patches dir
* fix: import path
* add pyright
* fix: setup pyright
* fix: new updated patches from 137 rebased on 142
* feat: new extract_patch command
* fix: add mising side_panel build patch
* fix: extension uninstall for browseros
* fix: prefs fix
* fix: ota extension updater patch fix
* fix: llm hub and chat
* feat: unvisersal module also package individual archs
* fix: add browseros-server binaries
* fix: attach color for notify
* fix: attachment for slack
* fix: update chromium version to 142.0.7444.175
* feat: add new icons needed
* fix: disable settings in menu
* fix: uv add build-backend
* minor: chromium version bump
* clean-up: removed old files of extnesion and sidepanel
* fix: product logo generate and assets.car and appicon.icns
* feat: few chromium UI fixes
* fix: update features.yaml
* fix: features.yaml path in context
* refactor: rename to get_patches_dir()
* feat: show browserOS version in about page
* fix: copy browseros_version on the build time and rename other to offset
* bump offset
* fix: update features.yaml
* feat: load env from .env files too
* fix: enable split view
* clean-up: removed old prefs
* fix: minor import issue
* fix: linux flag update
