mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-28 10:01:31 +02:00
Shadowbroker
2dc1fcc778
What this release does
----------------------
1. Establishes a fresh Tauri updater signing keypair. The previous keypair
(pubkey baked into v0.9.79 / v0.9.8) had no matching private key on
any maintainer-controlled machine — every prior release shipped
without signatures, so auto-update has never actually worked. v0.9.81
rotates to a new pubkey and ships signed installers + latest.json so
every release from here is a one-click upgrade.
2. Fixes the ``admin_session_required`` race in TopRightControls.tsx.
The updateAction state used to default to ``auto_apply`` at React-init
time. A click on the Update button before the async runtime probe
completed went down the auto_apply path (POST /api/system/update),
which throws ``admin_session_required`` on fresh sessions. Desktop
installs now default to ``manual_download`` based on synchronous
``window.__TAURI__`` detection at useState init.
One-time cost for current installs
----------------------------------
Anyone on v0.9.79 or v0.9.8 will see the in-app Update button still
trigger the broken path on their existing install (the fix only takes
effect once they're ON v0.9.81). The MANUAL DOWNLOAD button in the
update dialog opens the GitHub release page, where they grab the .msi
and run it. After that one manual hop, all future updates are seamless.
Release artifacts
-----------------
ShadowBroker_v0.9.81.zip 6.06 MB
42f8a51f9a5690d1e7349d90d8ecf2d163c9061d6cf90c69ee03647a785437ff
ShadowBroker_0.9.81_x64_en-US.msi 122.4 MB
a45b177c26c95d2b28d71592d7147e88ff4e104865f214fde11249d311ec9e25
ShadowBroker_0.9.81_x64-setup.exe 76.5 MB
eca884b9d37eeccd0f11c91dcc6f6ae1b3609d9dee72bd73c37c9a427babfef2
Plus .sig files for the .msi and .exe, plus a signed latest.json for
the Tauri updater endpoint.
Sizes match the v0.9.79 / v0.9.8 reference shape within drift for
the new TopRightControls patch.
release_digests.json keeps v0.9.79 + v0.9.8 blocks alongside v0.9.81
so operators still on those versions continue to validate cleanly
during the rollout transition.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
ShadowBroker Helm Chart
A Helm chart for deploying ShadowBroker services (backend and frontend).
Prerequisites
- Helm >= 3.0
- Kubernetes cluster with access to the
bjw-s-labsHelm repository - Your OWN ingress controller, Gateway API, etc
ingress-nginx has been deprecated and as of writing this we do not feel comfortable hard-coding in an ingress implementation!
Consider using ingress controllers like Traefik and Cert-Manager for automatic SSL/TLS termination and dynamic route management.
Installation
Add the Helm repository
helm repo add bjw-s-labs https://bjw-s-labs.github.io/helm-charts/
helm repo update
Install the chart
helm install shadowbroker ./chart --create-namespace
Or use the repository:
helm install shadowbroker bjw-s-labs/app-template \
--namespace shadowbroker \
-f values.yaml
Configuration
Backend Service
The backend deployment runs with the following settings by default:
| Parameter | Description | Default |
|---|---|---|
controllers.backend.type |
Controller type | deployment |
controllers.backend.strategy |
Update strategy | RollingUpdate |
controllers.backend.rollingUpdate.unavailable |
Max unavailable during update | 1 |
controllers.backend.containers.main.runAsUser |
Security context user | 1001 |
controllers.backend.containers.main.runAsGroup |
Security context group | 1001 |
controllers.backend.containers.main.image.repository |
Container image | registry.gitlab.com/bigbodycobain/shadowbroker/backend (or ghcr.io/bigbodycobain/shadowbroker-backend) |
controllers.backend.containers.main.image.tag |
Container tag | latest |
controllers.backend.service.type |
Service type | ClusterIP |
controllers.backend.service.ports.http.port |
HTTP port | 8000 |
Backend Environment Variables
The following environment variables are configured via secrets:
AIS_API_KEY- API key for AIS serviceOPENSKY_CLIENT_ID- OpenSky client IDOPENSKY_CLIENT_SECRET- OpenSky client secret
These can be injected using a Secret resource or Kubernetes ConfigMap.
Frontend Service
The frontend deployment configuration:
| Parameter | Description | Default |
|---|---|---|
controllers.frontend.type |
Controller type | deployment |
controllers.frontend.strategy |
Update strategy | RollingUpdate |
controllers.frontend.rollingUpdate.unavailable |
Max unavailable during update | 1 |
controllers.frontend.containers.main.runAsUser |
Security context user | 1001 |
controllers.frontend.containers.main.runAsGroup |
Security context group | 1001 |
controllers.frontend.containers.main.image.repository |
Container image | registry.gitlab.com/bigbodycobain/shadowbroker/frontend (or ghcr.io/bigbodycobain/shadowbroker-frontend) |
controllers.frontend.containers.main.image.tag |
Container tag | latest |
Frontend Environment Variables
BACKEND_URL- Backend API URL (defaults to Kubernetes service discovery)
Service Configuration
| Parameter | Description | Default |
|---|---|---|
service.backend.type |
Service type | ClusterIP |
service.backend.ports.http.port |
Backend HTTP port | 8000 |
service.frontend.type |
Service type | ClusterIP |
service.frontend.ports.http.port |
Frontend HTTP port | 3000 |
Uninstall
helm uninstall shadowbroker -n shadowbroker
Development
For development with local images, modify the image paths and tags:
controllers:
backend:
containers:
main:
image:
repository: localhost/my-backend-image
tag: dev-latest
frontend:
containers:
main:
image:
repository: localhost/my-frontend-image
tag: dev-latest
Values Schema
This chart uses the app-template Helm chart as a base. Refer to the app-template documentation for additional customization options.