fix(release): ad-hoc codesign macOS .app to stop "damaged" Gatekeeper error#20
Open
wct097 wants to merge 1 commit into
Open
fix(release): ad-hoc codesign macOS .app to stop "damaged" Gatekeeper error#20wct097 wants to merge 1 commit into
wct097 wants to merge 1 commit into
Conversation
… error Apple Silicon requires every executable to carry a valid code signature. The macOS bundle shipped unsigned, so once a browser download applied the com.apple.quarantine flag, Gatekeeper reported the app as "damaged — move to Trash" and blocked the normal right-click -> Open bypass. Ad-hoc sign the full bundle (codesign --force --deep --sign -) before packaging, and verify the signature. This downgrades the failure to the standard "unidentified developer" prompt, which users clear via right-click -> Open. Full notarization (removes the prompt entirely, requires a paid Apple Developer ID) remains deferred and tracked separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Downloading the v0.2.0 macOS build from the GitHub release and trying to open it produces:
The build is not actually corrupt. The
.appbundle ships unsigned, and the release pipeline has nocodesign/notarization step. On Apple Silicon, every executable must carry a valid signature; once a browser download applies thecom.apple.quarantineflag, Gatekeeper interprets "no signature" as "damaged" and blocks even the right-click → Open bypass.Fix
Ad-hoc sign the full bundle before packaging:
An ad-hoc signature satisfies the Apple Silicon "must be signed" requirement, so Gatekeeper downgrades the failure from the unrecoverable "damaged → move to Trash" to the standard "unidentified developer" prompt — which users clear with right-click → Open.
What this does not do
It does not eliminate the warning entirely. Removing it requires full notarization (a paid Apple Developer ID +
notarytool+staple), which remains deferred and tracked separately. This change is the free, zero-dependency step that makes the release usable.After merge
Re-cut the
v0.2.0release so the macOS artifact is rebuilt and signed (delete the tag + release, re-tag, let the Release workflow regenerate all three binaries).🤖 Generated with Claude Code