Skip to content

Linux build support + cross-platform brew hardening#9

Closed
msitarzewski wants to merge 1 commit into
mainfrom
feat/linux-support
Closed

Linux build support + cross-platform brew hardening#9
msitarzewski wants to merge 1 commit into
mainfrom
feat/linux-support

Conversation

@msitarzewski

@msitarzewski msitarzewski commented May 30, 2026

Copy link
Copy Markdown
Owner

Adds Linux as a build target alongside macOS. Verified end-to-end on arm64 Ubuntu 26.04 (in a Parallels VM): builds .deb/.rpm/.AppImage, installs the .deb, launches into a GNOME/Wayland session, detects Linuxbrew, and loads packages. macOS regression-clean — 586 tests pass, cargo check clean, npm run check 0 errors.

Backend

  • keyring per-target Cargo features: macOS apple-native; Linux sync-secret-service + crypto-rust (Secret Service via gnome-keyring/kwallet, pure-Rust crypto so no system OpenSSL). github/auth.rs unchanged — unified keyring::Entry API.
  • brew/paths.rs: detect Linuxbrew prefixes (/home/linuxbrew/.linuxbrew, ~/.linuxbrew).
  • brew/exec.rs: pin every brew subprocess to a known-readable cwd (/). Fixes "current working directory must be readable" failures (surfaced on Linux as "Couldn't load packages" when launched from an unreadable dir). Hardening on macOS too.
  • disk_usage.rs: open_in_finder reveal cfg-gated — macOS open -R, Linux xdg-open on parent dir. IPC name unchanged.
  • cask_icon.rs: macOS .app/sips/defaults extraction cfg-gated; Linux short-circuits to Ok(None) (homepage-favicon cascade still works).
  • lib.rs: native menu gated to macOS (on Linux/GTK it rendered as an in-window menubar strip clashing with the transparent window; Linux now gets a clean chromeless window).

Frontend

  • platform.ts — navigator-based isMac/isLinux, zero new deps.
  • "Reveal in Finder" → "Show in file manager"; "macOS Keychain" → "system keyring" on Linux.

Packaging / CI

  • .github/workflows/linux-build.ymlubuntu-22.04 (webkit2gtk-4.1, oldest-glibc floor), builds + uploads .deb/.rpm/.AppImage.
  • tauri.conf.json linux bundle config; tauri.linux.conf.json sets transparent:false. macOS bundle untouched.
  • publish-manifest.sh emits a linux-x86_64 updater block when the AppImage + .sig are present; macOS-only path byte-identical otherwise.

Known gaps (honest)

  • Casks unsupported on Linux (brew vulns + cask icons are formula/macOS-only) — UI states this rather than faking it.
  • Linux artifacts ship unsigned for v0 (AppImage convention; deb/rpm GPG signing is a documented future step).
  • Two post-launch bug fixes ride along: the brew-cwd fix above, and the transparent-menubar fix — both found via live VM testing.

Test plan

  • CI linux-build.yml goes green, produces the three artifacts
  • macOS: cargo test (586), npm run check (0 err), app launches normally
  • (done locally) Linux arm64: install .deb, launch, brew detected, package list loads

🤖 Generated with Claude Code

@msitarzewski @claude
feat: Linux build support + cross-platform brew hardening
282d8ff 
Adds Linux as a build target alongside macOS. Verified end-to-end on
arm64 Ubuntu: builds .deb/.rpm/.AppImage, installs, launches, detects
Linuxbrew, loads packages. macOS regression-clean (586 tests pass).

Backend
- keyring: per-target Cargo features — macOS apple-native, Linux
  sync-secret-service + crypto-rust (Secret Service via gnome-keyring/
  kwallet; pure-Rust crypto, no system OpenSSL). github/auth.rs
  unchanged — unified keyring::Entry API.
- brew/paths.rs: detect Linuxbrew prefixes (/home/linuxbrew/.linuxbrew,
  ~/.linuxbrew) alongside the macOS prefixes.
- brew/exec.rs: pin every brew subprocess to a known-readable cwd ("/").
  Fixes "current working directory must be readable" failures when the
  app is launched from a dir the user can't read (surfaced on Linux as
  "Couldn't load packages"). Hardening on macOS too.
- commands/disk_usage.rs: open_in_finder reveal is cfg-gated — macOS
  `open -R`, Linux `xdg-open` on the parent dir. IPC name unchanged.
- commands/cask_icon.rs: macOS .app/sips/defaults extraction cfg-gated;
  Linux short-circuits to Ok(None) (homepage-favicon cascade still works).
- lib.rs: native menu gated to macOS. On Linux/GTK it rendered as an
  in-window menubar strip that clashed with the transparent window
  config; Linux now gets a clean chromeless window.

Frontend
- platform.ts: navigator-based isMac/isLinux, zero new deps.
- "Reveal in Finder" -> "Show in file manager" on Linux; "macOS
  Keychain" -> "system keyring" generic on Linux.

Packaging / CI
- .github/workflows/linux-build.yml: ubuntu-22.04 (webkit2gtk-4.1 era,
  oldest-glibc floor), builds + uploads .deb/.rpm/.AppImage.
- tauri.conf.json: bundle.linux deb depends + appimage config; macOS
  bundle untouched. tauri.linux.conf.json: transparent:false for Linux.
- publish-manifest.sh: emits a linux-x86_64 updater block when the
  AppImage + .sig are present; macOS-only path byte-identical otherwise.

Docs
- README Linux install + build sections; memory-bank techContext/
  decisions/activeContext/progress + task record 21-linux-support.md.

Known gaps (honest): casks unsupported on Linux (brew vulns + cask
icons are formula/macOS-only); Linux artifacts ship unsigned for v0;
the in-app vibrancy dropdown was already dead-wired (separate cleanup).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@msitarzewski