mirror of
https://github.com/browseros-ai/BrowserOS.git
synced 2026-05-22 05:15:13 +00:00
509bb2a6ab
- Extend keychain_password_mac.mm patch to set kSecAttrAccessGroup on keychain writes and reads, ensuring items are stored under the shared BrowserOS access group rather than tied to a specific binary signature - Pin the designated requirement in macos.py to the Team ID via certificate leaf[subject.OU] instead of wildcard /* exists */ checks, so Keychain ACLs survive across builds with different binary hashes - Add browseros_keychain_recovery.mm that runs on startup to detect broken keychain access (errSecAuthFailed), prompt the user for access, and migrate the item to the BrowserOS access group - Add broadenKeychainACLBeforeUpdate to sparkle_glue.mm that updates the keychain item's access group right before Sparkle replaces the app bundle, so the new binary can read it immediately Resolves: TKT-666, TKT-668, TKT-669, TKT-670