Compare commits

..

2 Commits

Author SHA1 Message Date
68e2723747 fix(webext): tag-pinned .xpi release URL + make_latest:false (ref #532)
Publishing webext-v* with the default make_latest would steal the
"latest" release pointer from the Android APK release, breaking the
APK endpoint's /releases/latest/download/secubox-toolbox-android.apk
fallback. Publish the webext release with make_latest:false and point
the /wg/toolbox.xpi endpoint + fetch helper at the tag-pinned download
URL instead.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 10:45:40 +02:00
CyberMind
b8da257b83
Merge pull request #540 from CyberMind-FR/feature/532-plan-browser-xpi-webextension-emancipate
Some checks are pending
License Headers / check (push) Waiting to run
Browser extension: emancipate R3 toolbox cartographie live (#532)
2026-06-13 10:33:01 +02:00
4 changed files with 19 additions and 9 deletions

View File

@ -50,11 +50,14 @@ jobs:
# On webext-v* tags, publish the .xpi as a release asset under the # On webext-v* tags, publish the .xpi as a release asset under the
# stable name the toolbox fetch helper + /wg/toolbox.xpi expect. # stable name the toolbox fetch helper + /wg/toolbox.xpi expect.
# `latest/download/secubox-toolbox-webext.xpi` resolves to the # make_latest:false so this client release does NOT steal the
# newest release. # "latest" pointer from the Android APK release (which the APK
# endpoint resolves via /releases/latest/download/…). The xpi
# endpoint/fetcher therefore use a tag-pinned download URL.
- name: Publish release - name: Publish release
if: startsWith(github.ref, 'refs/tags/webext-v') if: startsWith(github.ref, 'refs/tags/webext-v')
uses: softprops/action-gh-release@v2 uses: softprops/action-gh-release@v2
with: with:
files: clients/webext-toolbox/web-ext-artifacts/secubox-toolbox-webext.xpi files: clients/webext-toolbox/web-ext-artifacts/secubox-toolbox-webext.xpi
fail_on_unmatched_files: true fail_on_unmatched_files: true
make_latest: false

View File

@ -3,12 +3,14 @@ secubox-toolbox (2.6.14-1~bookworm1) bookworm; urgency=medium
* Serve the browser ToolBoX extension .xpi from the toolbox (#532). * Serve the browser ToolBoX extension .xpi from the toolbox (#532).
- api.py GET /wg/toolbox.xpi : serves the local .xpi - api.py GET /wg/toolbox.xpi : serves the local .xpi
(/var/lib/secubox/toolbox/webext/secubox-toolbox-webext.xpi) with (/var/lib/secubox/toolbox/webext/secubox-toolbox-webext.xpi) with
content-type application/x-xpinstall ; if absent, 302 → the latest content-type application/x-xpinstall ; if absent, 302 → the
public GitHub release asset (button never dead-ends). tag-pinned GitHub release asset (button never dead-ends). The
webext release is published make_latest:false so it does not steal
"latest" from the Android APK release.
- /wg/onboard : new "🧩 Extension navigateur (cartographie)" button - /wg/onboard : new "🧩 Extension navigateur (cartographie)" button
on both the inline + _install_panels variants. on both the inline + _install_panels variants.
- sbin/secubox-toolbox-fetch-xpi : pulls the latest release asset - sbin/secubox-toolbox-fetch-xpi : pulls the release asset into the
into the serve path (best-effort, ZIP-magic sanity check). serve path (best-effort, ZIP-magic sanity check).
- postinst : create the webext serve dir + best-effort first fetch. - postinst : create the webext serve dir + best-effort first fetch.
- New client clients/webext-toolbox/ (MV3 Firefox/Chromium): live - New client clients/webext-toolbox/ (MV3 Firefox/Chromium): live
tracker badge + popup mini Round-Eye graph over /social/* ; tracker badge + popup mini Round-Eye graph over /social/* ;

View File

@ -14,7 +14,9 @@ readonly MODULE="secubox-toolbox-fetch-xpi"
DEST_DIR="/var/lib/secubox/toolbox/webext" DEST_DIR="/var/lib/secubox/toolbox/webext"
DEST="${DEST_DIR}/secubox-toolbox-webext.xpi" DEST="${DEST_DIR}/secubox-toolbox-webext.xpi"
RELEASE_URL="https://github.com/CyberMind-FR/secubox-deb/releases/latest/download/secubox-toolbox-webext.xpi" # Tag-pinned (not /latest/): the webext release is make_latest:false so it
# doesn't steal "latest" from the Android APK release. Bump on new webext-v*.
RELEASE_URL="https://github.com/CyberMind-FR/secubox-deb/releases/download/webext-v0.1.0/secubox-toolbox-webext.xpi"
log() { logger -t "$MODULE" -- "$*" 2>/dev/null || echo "[$MODULE] $*" >&2; } log() { logger -t "$MODULE" -- "$*" 2>/dev/null || echo "[$MODULE] $*" >&2; }

View File

@ -1368,10 +1368,13 @@ async def wg_toolbox_apk() -> Response:
# Browser extension (Firefox .xpi), same serve pattern as the APK (#532). # Browser extension (Firefox .xpi), same serve pattern as the APK (#532).
# Tag-pinned URL (not /latest/): the webext release is published with
# make_latest:false so it does not steal "latest" from the Android APK
# release. Bump the tag here when a new webext-v* release is cut.
_WEBEXT_XPI = Path("/var/lib/secubox/toolbox/webext/secubox-toolbox-webext.xpi") _WEBEXT_XPI = Path("/var/lib/secubox/toolbox/webext/secubox-toolbox-webext.xpi")
_WEBEXT_XPI_RELEASE = ( _WEBEXT_XPI_RELEASE = (
"https://github.com/CyberMind-FR/secubox-deb/releases/latest/download/" "https://github.com/CyberMind-FR/secubox-deb/releases/download/"
"secubox-toolbox-webext.xpi" "webext-v0.1.0/secubox-toolbox-webext.xpi"
) )