- Register Apple Silicon Mac as act_runner with label macos-arm64
- Add build-macos-arm64 job to Gitea Actions release pipeline
- Produces unsigned .dmg artifact for aarch64-apple-darwin
- Update CICD-Pipeline.md to reflect Gitea Actions agents
Previously cipher_page_size was set AFTER the verification SELECT,
making it a no-op (SQLCipher locks page size on first access). This
caused two bugs:
1. Databases were created with the default page size regardless of the
setting, then flushed on close using misaligned 4KB mmap pages on
16KB kernel → corrupted file → SQLITE_NOTADB on reopen.
2. Reopening an existing DB used default (potentially wrong) page size
for the initial read → decryption failure.
Fix: batch all cipher settings (key, page_size, kdf_iter, algorithms)
into a single execute_batch call BEFORE the first SELECT. This ensures:
- New databases are created with 16KB pages (aligned to Asahi kernel)
- Existing 16KB-page databases are reopened with the correct page size
- Close/flush operations use properly aligned mmap → no corruption
Note: existing 4KB-page databases (from v0.1.0) remain incompatible
and must be deleted once on upgrade.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
On Linux, WebKit inherits GTK system text colors for form controls,
causing dark-on-dark text in dark mode. Explicitly set color and
-webkit-text-fill-color on inputs/textareas/buttons, and add
color-scheme: dark to .dark so WebKit uses the correct system UI
color scheme.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Two startup crashes on first-party Tauri plugin init:
- tauri-plugin-updater registered with no plugins.updater config → removed
- tauri-plugin-cli was already removed in a prior commit
SQLCipher page size fix:
- cipher_page_size 4096 → 16384
- 4KB SQLCipher pages cause malloc() failures on Linux kernels with
16KB page size (Asahi Linux aarch64+16k, Apple Silicon)
- 16384 is a valid page size that works on both 4KB and 16KB page kernels
- New installs get a 16KB-page database; existing 4KB-page DBs must
be deleted for the new page size to take effect
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Gitea 1.22 expression evaluator rewrites github.ref_name to
format('{0}', github.ref_name) which produces '%!t(string=v0.1.0)'
instead of 'v0.1.0'. Use the pre-set shell env var directly.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
tauri-plugin-cli was registered in lib.rs but tauri.conf.json had no
plugins.cli configuration, causing PluginInitialization panic at startup.
The CLI plugin is not needed for a GUI desktop app — removed.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
rust:1.88-slim has an empty package cache. apt-get install git
was failing with 'Unable to locate package git'.
Add apt-get update -qq before every apt-get install in checkout steps.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
actions/checkout@v4 requires Node.js which is not in rust:1.88-slim.
Replace with direct git init+fetch+checkout using the Gitea instance URL.
Also fix release.yml: each build job creates the release (idempotent)
and uploads its own artifacts inline via Gitea API.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
when: platform: is evaluated at compile time (server=amd64) and silently
drops the arm64 step. Per-step platform routing requires Woodpecker 2.x.
Document the make release-arm64 workaround for linux/arm64 builds.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Woodpecker 0.15.4 does not support per-step agent platform routing —
when: platform: is evaluated at compile time against the server and
drops the step entirely. Use 'make release-arm64 GOGS_TOKEN=<token>'
on the local aarch64 machine to build and upload arm64 artifacts.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Top-level platform: key conflicts with commands: in Woodpecker 0.15.4 YAML
parser — treated as a plugin attribute. Move to when: platform: condition
which is supported for agent platform routing in this version.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Install Woodpecker agent as systemd user service on local aarch64 machine
(Fedora Asahi 42). Add build-linux-arm64 step to release pipeline using
platform: linux/arm64 to route to the native arm64 agent. Update upload
step to include artifacts/linux-arm64/ in the release upload loop.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Add src-tauri/.cargo/config.toml with --exclude-all-symbols linker flag
for x86_64-pc-windows-gnu. MinGW auto-exports ~106k public Rust symbols
into the cdylib export table, exceeding the 65,535 PE ordinal limit.
The desktop binary links against rlib (static) so the cdylib export table
is unused. An empty export table is a valid DLL.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
SQLCipher requires OpenSSL when cross-compiling for Windows with mingw-w64.
bundled-sqlcipher-vendored-openssl compiles OpenSSL from source — no system
OpenSSL needed for any target. Add perl to CI steps (required by OpenSSL build).
- build-windows-amd64: cross-compile with mingw-w64 for x86_64-pc-windows-gnu
- upload: uses gogs_default network + uploads both linux and windows artifacts
- arm64: QEMU agent deployed at woodpecker_agent_arm64 (linux/arm64 platform)
- artifacts/ excluded from git via .gitignore
Cross-compiling webkit2gtk-4.1-dev for arm64 from x86_64 fails due to
held broken packages. arm64 requires native arm64 CI runner.
amd64 release artifacts still upload correctly.
