Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Packaging for bundles, installers, and updates

Jump to bottom
Brian Clifton edited this page Mar 30, 2017 · 7 revisions

Creating the binaries and installer

In order do run any build commands, you'll need an environment variable set for CHANNEL (set to 'dev', 'beta', or 'stable').

For more information, see docs/buildingReleases.md which has a more detailed overview of our release process.

macOS:

From within brave-browser you can create a .app file for distribution:

CHANNEL=dev npm run build-package

After the .app file is built you can create a dmg and update zip with:

IDENTIFIER=XYZ npm run build-installer

Where XYZ is your signing identifier.

Windows 7,8,10 x64:

You'll also need to set the CERT and CERT_PASSWORD environment variables with your authenticode signing cert and password if you want to build an installer.

To set these values, you can either set the environment on a per-session basis ($env:CHANNEL="dev") or update your system/user environment variables.

You must also have NSIS 3.0rc2 or later installed and makensis's folder must be in your PATH.

To create a folder with the app .exe and all dependencies you can run:

CHANNEL=dev npm run build-package

After the above folder is created, you can create a setup (exe, msi, RELEASES file and update nupkg) with:

npm run build-installer

Linux:

To create a package:

CHANNEL=dev npm run build-package

To create a dev package:

CHANNEL=dev npm run build-package

Finally run:

npm run build-installer

You will see a .deb and .rpm files in dist/

Creating a release - the official build process

These notes are for Brave Software employees. Resources like our certificates are protected (not publicly available) because we are the only entity which can sign our builds.

1) One time setup

  • In GitHub, open up the Personal Access Tokens area (under settings).
  • Click Generate new token and give the token these permissions:
    • admin:org_hook
    • admin:repo_hook
    • read:gpg_key
    • read:org
    • read:public_key
    • read:user
    • repo
    • user:email
  • Save the token somewhere secure. It won't be shown to you again.

Windows

  • Get a copy of the certificate from a Brave team member
  • Create a CERT environment variable which has the value set to the location of the file. ex: C:\brave.pfx. It's important that you do NOT store the certificate inside the folder where your browser-laptop code is.
  • Python should already be installed; be sure to install the requests pip package. You can do this via `pip install requests
  • Be sure to have separate cloned copies of browser-laptop (in different directories) for 32 bit and 64 bit Windows (ex: c:\brave32 and c:\brave64)
  • NOTE: You can't use the same directory because when the build occurs, it'll wipe out any existing builds that are in the same folder (ex: if you build 32 bit after 64 bit, the 64 bit dist folder will be destroyed). The build will upload to GitHub fine, but when the release is ready to go public, the assets are missing.

macOS

  • Get a copy of the certificate from a Brave team member
  • Open Keychain Access and then open the My Certificates section
  • Drag the certificate file from the finder into Keychain Access and (when prompted) enter the password

Linux

  • Setup a VM or have a native instance running Ubuntu 14.04 (64 bit)
  • sudo apt-get install build-essential clang libdbus-1-dev libgtk2.0-dev libnotify-dev libgnome-keyring-dev libgconf2-dev libasound2-dev libcap-dev libcups2-dev libxtst-dev libxss1 libnss3-dev gcc-multilib g++-multilib curl gperf bison libgnome-keyring-dev build-essential rpm ninja-build

2) Creating the binaries

  • Update the package.json with the new version
  • Update Muon version, if needed

Windows

  • For 64-bit, BUILD=Preview7 GITHUB_TOKEN=token-here CHANNEL=dev CERT_PASSWORD='password-here' TARGET_ARCH=x64 ./tools/cibuild.py
  • For 32-bit, BUILD=Preview7 GITHUB_TOKEN=token-here CHANNEL=dev CERT_PASSWORD='password-here' TARGET_ARCH=ia32 ./tools/cibuild.py

macOS

  • BUILD=Preview7 GITHUB_TOKEN=token-here IDENTIFIER=certificate-identifer-here CHANNEL=dev ./tools/cibuild.py

Linux

  • BUILD=Preview7 GITHUB_TOKEN=token-here CHANNEL=dev ./tools/cibuild.py

3) Publishing

  • Visit our releases page and verify the binaries build with step 2 are shown
  • Once all binaries are uploaded, click "Edit" next to the release title
  • If this is a preview release or release candidate (ex: not a customer facing release), be sure to check the "This is a pre-release" checkbox
  • Announce the release to folks

Making a release public

  • During the release process, a checklist will be created. For example, here is a checklist from 0.14.0

  • Symbols will be uploaded (for Muon)

  • Release notes are finalized

  • Uploads are done

    • We'll want to use the original machines/vms which generated the last releases. They should still be on disk from when you built them before
    • Clone Vault Updater locally and set it up 
      git clone git@github.com:brave/vault-updater.git
cd vault-updater
npm install
git checkout -b dev-<version>
npm run build
    • Now we can run the uploader script:

    S3_KEY="YOUR_KEY" S3_SECRET="YOUR_SECRET" node tools/uploader.js --channel=dev --send --source=../browser-laptop --os=osx

    • --os= can be set to:
      • osx
      • windows (both 32 bit and 64 bit)
      • winx64 (64 bit only)
      • winia32 (32 bit only)
      • linux

insecurity test

Vertical Side Tabs Tab Suspender

Clone this wiki locally