Migrate Burrow.app off GPL mo β bundle the MIT burrow-engine#218
Draft
caezium wants to merge 2 commits into
Draft
Migrate Burrow.app off GPL mo β bundle the MIT burrow-engine#218caezium wants to merge 2 commits into
caezium wants to merge 2 commits into
Conversation
added 2 commits
June 26, 2026 08:05
β¦ff GPL mo) The shipping app resolves upstream mo (now GPL). This bundles OUR MIT engine fork inside the app so users run it with zero install and never touch GPL upstream. - scripts/bundle-engine.sh: stages the engine RUNTIME (mole + lib/ + status-go/analyze-go + LICENSE; no Go source) into Resources/engine. Verified standalone: the bundled mole runs status --json AND --watch correctly from the copied location (sources lib/ relative to itself). - project.yml: postCompileScripts build phase runs the bundler when the engine source is present (vendor/burrow-engine submodule or $BURROW_ENGINE_SRC); falls back gracefully. - MoleCLI: resolve order is bundled engine -> installed burrow-engine -> legacy mo. Install hints repoint off tw93/Mole. Keeps the 'Mole CLI Β© tw93' credit (graceful migration). Verified: bundle script (live), MoleCLI parses, project.yml generates. PENDING a real xcodebuild: nested-binary signing (engine must be codesigned for the app sig to validate) + vendoring the engine as a submodule for reproducible release builds.
β¦r build phases) The bundle build phase stages the engine, but Xcode's CodeSign runs AFTER all phases, so the resource seal is stale (breaks FDA #177). The final inside-out re-sign must happen post-build: - scripts/build.sh: canonical local build = xcodebuild + codesign --force --deep (engine sealed). - bundle-engine.sh ad-hoc-signs the nested Go binaries. Verified: build.sh-style seal passes codesign --verify --deep --strict; bundled engine runs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Shipping Burrow resolves upstream mo, which relicensed MIT β GPL-3.0 on 2026-06-11 (+ trademark policy). GPL is incompatible with a closed product. This migrates the app onto our MIT engine fork (
burrow-engine, pinned at mo's last MIT commit9daf936/ V1.42.0), bundled inside the app β zero install, never touches GPL upstream.What this does
scripts/bundle-engine.shβ stages the engine runtime (mole+lib/+status-go/analyze-go+ MITLICENSE; no Go source, ~8.6 MB) intoResources/engine/, ad-hoc-signing the nested Go binaries.scripts/build.shβ canonical build:xcodebuild+ a post-buildcodesign --force --deep. Xcode's CodeSign runs after all build phases, so the engine's resource seal is finalized here (a stale seal breaks FDA β Full Disk Access remains undetected after enabling it in System SettingsΒ #177/release(macos): ad-hoc re-sign frameworks when unsigned β fixes FDA (#177)Β #178).project.ymlβ apostBuildScriptsphase stages the engine when its source is present (vendor/burrow-enginesubmodule or$BURROW_ENGINE_SRC); dev builds without it fall back to a system engine.MoleCLI.swiftβ resolution is now bundled engine β installedburrow-engineβ legacymo. Install hints repoint offtw93/Mole; keeps theMole CLI Β© tw93credit (graceful, license-forced migration).β Verified (real
xcodebuild)mole status --json(and--watchNDJSON) runs correctly from inside the.app.scripts/build.shoutput passescodesign --verify --deep --strict. Nested engine binaries signed; app seal valid.β³ Remaining
vendor/burrow-enginesubmodule for reproducible release/CI builds.Test