mirrors/desktop
1
0
Fork 0
mirror of https://github.com/zen-browser/desktop.git synced 2026-04-17 04:53:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,634 Commits 9 Branches 164 Tags
767dfce556f27fc7d2d98fcccc86fc642d24904e
Commit Graph

923 Commits

Author SHA1 Message Date
mr. m
adc8c92816 gh-9836: Finish the MAR signing workflow (gh-13216) 2026-04-13 15:49:24 +02:00
mr. m
a4f0d01a88 no-bug: Sign mars after building them (gh-13213) 2026-04-11 16:45:24 +02:00
mr. m
fd8308fcb1 Revert "no-bug: Individually download each artifact on release" (gh-13211) 
Reverts zen-browser/desktop#13199

---------

Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com>
 2026-04-11 12:03:04 +02:00
mr. m
97451e23c8 no-bug: Individually download each artifact on release (gh-13199) 2026-04-10 17:17:52 +02:00
JDX50S
11cf410f87 no-bug: fix SIGNMAR path in Sign MAR step to point at binary not directory (gh-13193) 2026-04-10 12:25:16 +02:00
mr. m
5163cf68d6 no-bug: update script execution to use bash for mar_sign.sh (gh-13181) 2026-04-09 19:57:59 +02:00
JDX50S
270db6d671 Merge commit from fork 
* security: enable MAR signature verification for updates

Remove `--enable-unverified-updates` from the common mozconfig. This flag
was disabling all MAR (Mozilla ARchive) signature verification in the
updater binary, meaning update packages were applied without any
cryptographic authenticity check.

With this flag removed, the Mozilla build system will:
- Link NSS and signmar into the updater binary
- Enable SecVerifyTransformCreate-based signature verification on macOS
- Require MAR files to contain valid signatures before applying

REQUIRED FOLLOW-UP (maintainer action):
1. Generate a Zen-specific MAR signing keypair (RSA-PKCS1-SHA384)
   See: https://firefox-source-docs.mozilla.org/build/buildsystem/mar.html
2. Place the public key DER file(s) in the source tree at
   toolkit/mozapps/update/updater/release_primary.der
3. Sign MAR files during the release build with the private key
4. Set ACCEPTED_MAR_CHANNEL_IDS in update-settings.ini to restrict
   which update channels the updater will accept

Ref: GHSA-qpj9-m8jc-mw6q

* no-bug: Added signature steps

* no-bug: Export browser/installer/package-manifest.in

---------

Co-authored-by: Maliq Barnard <maliqbarnard@Maliqs-MacBook-Air.local>
Co-authored-by: Mr. M <mr.m@tuta.com>
 2026-04-09 19:28:31 +02:00
mr. m
8d646b3e41 gh-13131: Sync upstream Firefox to version 149.0.2 (gh-13129) 2026-04-07 19:43:49 +02:00
Zack Koppert
ba593a19dc no-bug: update OSPO action references to canonical org path (gh-13028) 2026-03-31 21:57:06 +02:00
mr. m
ad6160f39b no-bug: Remove unnecessary SDK path listing from macOS release build (gh-12931) 2026-03-26 16:55:47 +01:00
mr. m
cb7fbe43ee no-bug: Update rust deps and VS version (gh-12850) 2026-03-20 14:07:14 +01:00
mr. m
9bd76d3ad0 no-bug: Fix release builds (gh-12825) 2026-03-18 22:56:24 +01:00
mr. m
3e2e27d893 no-bug: Remove code linter checks (gh-12801) 2026-03-17 15:13:39 +01:00
mr. m
036cfb187c chore: Run lint and fund dependencies, p=#12718 2026-03-10 21:34:24 +01:00
mr. m
4d56da4319 chore: Make sure to run patch imports when syncing upstream, b=no-bug, c=workflows 2026-03-10 11:18:02 +01:00
mr. m
0ee960e3a3 chore: Start making use of Mozilla's linter, p=#12656 2026-03-07 12:15:32 +01:00
Hythera
3f0f07ac37 fix: script interpreters and permissions, p=#12641 2026-03-05 14:41:55 +01:00
mr. m
22fd6133f1 feat: Improved styling for native MacOS popovers and fixed anchor positions, b=no-bug, c=workflows, media, common, folders 2026-02-27 12:54:41 +01:00
mr. m
43384e54e7 Merge branch 'dev' of https://github.com/zen-browser/desktop into dev 2026-02-25 16:23:20 +01:00
mr. m
4ee2e49b27 feat: Install nodejs dependencies when syncing external patches, b=no-bug, c=workflows 2026-02-25 16:22:27 +01:00
mr. m
a5a984922b feat: Install requirements from list for sync workflow, p=#12513, c=workflows 2026-02-25 16:19:58 +01:00
mr. m
34af405cbd fix: Fixed wrong filename being used for external patch import, b=no-bug, c=workflows 2026-02-25 16:15:37 +01:00
mr. m
4ae9f81a68 feat: Add workflow to import expternal patches, b=no-bug, c=workflows, windows 2026-02-25 16:11:41 +01:00
mr. m
29165bb1e2 chore: Run lint after to fix deps issues, b=no-bug, c=workflows 2026-02-24 23:34:04 +01:00
mr. m
353b65e25b feat: Dont switch permanent keys for window closes, b=closes #12152, c=workflows, flatpak 2026-02-24 23:19:46 +01:00
mr. m
bbaf779e7a chore: Run lint before downloading firefox for PRs to have an early exit, b=no-bug, c=workflows 2026-02-23 12:36:18 +01:00
mr. m
52d03f43ef feat: Add concurrency checks for lint and PR workflows, p=#12457, c=workflows 2026-02-21 21:30:15 +01:00
mr. m
6e71a23ed8 feat: Change twilight tag name, b=no-bug, c=workflows 2026-02-21 11:58:53 +01:00
mr. m
368cb06d77 Revert "chore: Change the twilight release tag name to canary, b=no-bug, c=workflows" 
This reverts commit d28622e749.
 2026-02-21 11:37:28 +01:00
mr. m
d28622e749 chore: Change the twilight release tag name to canary, b=no-bug, c=workflows 2026-02-21 10:30:28 +01:00
mr. m
214fd4aff0 feat: Include X-AppImage-Version into the AppImage .desktop file, b=closes #12412, c=workflows 2026-02-17 12:13:41 +01:00
mr. m
66081e97f6 fix: Remove clip overflow from nav-bar and update rust version, b=no-bug, c=workflows, common 2026-02-12 19:58:58 +01:00
mr. m
76f17c3a57 chore: Automatically import patches from phabricator and librewolf, p=#12271 
* chore: Automatically import patches from phabricator and librewolf, b=no-bug, c=workflows, scripts

Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com>

* feat: Remove legacy flag, b=no-bug, c=common, configs

---------
 2026-02-07 18:02:40 +01:00
mr. m
368d648b65 test: Remove browser_private_mode_no_essentials.js from the tests list, b=no-bug, c=workflows, tests 2026-01-12 16:39:56 +01:00
mr. m
37eed5fcfe fix: Start working on more eslint rules, p=#11874 
* fix: Start working on more eslint rules, b=no-bug, c=common, mods, workspaces

* chore: Continue migration, b=no-bug, c=workflows, windows, glance, mods, welcome, workspaces, common, compact-mode, folders, tests, kbs, media, split-view, tabs

* chore: Finish, b=no-bug, c=common, compact-mode, folders, glance, tests, kbs, media, mods, split-view, tabs, workspaces, welcome

* fix: Fix installing deps, b=no-bug, c=common

* feat: Dont initialize git on download checks, b=no-bug, c=workflows

* feat: Remove empty JS docs, b=no-bug, c=common, compact-mode, folders, glance, kbs, media, mods, split-view, tabs, tests, workspaces

* chore: Run lint, b=no-bug, c=common, folders, glance, kbs, mods, split-view, tabs, workspaces
 2026-01-12 15:11:43 +01:00
mr. m
818b2d1af5 chore: Make sure to mark macos unifications as releases, b=no-bug, c=workflows 2026-01-10 12:26:50 +01:00
mr. m
6bce6f4874 chore: Update SDK version to 26.2 for MacOS artifact builds, b=no-bug, c=workflows, configs 2026-01-09 03:06:31 +01:00
mr. m
88068613a1 chore: Override minimum MacOS SDK version, b=no-bug, c=workflows 2026-01-09 02:45:52 +01:00
mr. m
edfb427a23 chore: Update MacOS and Windows SDKs, b=no-bug, c=workflows, windows, scripts 2026-01-09 01:37:43 +01:00
mr. m
a537f0f91d feat: Ignore errors when trying to import external mochitests while trying to sync upstream, b=no-bug, c=workflows 2026-01-06 13:02:03 +01:00
mr. m
11f29c12c5 chore: Install autopep8 for code formatting in the upstream workflow, b=no-bug, c=workflows 2026-01-06 12:53:27 +01:00
mr. m
e7631ce9cc feat: Make sure upstream sync workflow initializes git before downloading, b=no-bug, c=workflows 2026-01-06 12:48:26 +01:00
mr. m
0ae7c19c30 test: Import some mochitests from firefox, p=#10897 
* test: Import some mochitests from firefox, b=no-bug, c=tests, scripts, tabs

* feat: Added lint rules to ignore mochi tests, b=no-bug, c=tests

* chore: Finish importing tests, b=no-bug, c=workflows, tests, scripts, tabs
 2025-12-15 12:09:42 +01:00
mr. m
6a218d109a feat: Use github runners instead of blacksmith for less intensive tasks, b=no-bug, c=workflows 2025-12-11 13:35:17 +01:00
mr. m
081efe6898 fix: Fixed workflow_call not being set properly for upstream checks, b=no-bug, c=workflows 2025-11-11 12:05:32 +01:00
mr. m
2bed07f7c6 feat: Make sure to download and setup CI when checking upstream, b=no-bug, c=workflows 2025-11-11 10:01:23 +01:00
mr. m
dbe3b34609 chore: Check for upstream updates after running rc checks, p=#11254 
* chore: New upstream fetch script, b=no-bug, c=workflows, scripts

* chore: Check for upstream updates after running rc checks, b=no-bug, c=workflows

* chore: Lint, b=no-bug, c=workflows

* Fix typo in workflow name for patch check

Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com>

---------

Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com>
 2025-11-11 09:55:25 +01:00
mr. m
47395bf3ce chore: New upstream fetch script, p=#11253, c=workflows, scripts 
* chore: New upstream fetch script, b=no-bug, c=workflows, scripts

Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com>

---------

Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com>
 2025-11-11 09:46:52 +01:00
mr. m
450623aa69 chore: Include language packs into tarball, b=closes #10865, c=workflows 2025-10-19 15:23:52 +02:00
Mr. M
6a6fd4be1c chore: Only run autopep8 if python files changed, b=no-bug, c=workflows 2025-10-12 11:29:04 +02:00