From a11e5d8e15ece4f9fb93689292a1a46aa4e77c67 Mon Sep 17 00:00:00 2001 From: Douglas Teles Date: Wed, 8 Jul 2026 11:34:58 -0300 Subject: [PATCH] flasher: restore certificate signing for macOS bundles The ad-hoc signing identity from the previous commit overrode the Developer ID certificate the CI imports, and notarization rejects ad-hoc signatures (no Developer ID, no secure timestamp), failing the macOS jobs. Back to the env-provided identity; the damaged-app README note now points at stale downloads instead, since current releases are properly notarized. --- README.md | 2 +- src-tauri/tauri.conf.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ef18007..9349daf 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ Cross-platform desktop app for flashing [Arch R](https://github.com/archr-linux/ | Linux | glibc 2.31+, `webkit2gtk-4.1`, `gtk-3`, `libayatana-appindicator3` | | macOS | macOS 10.15+, Apple Silicon | -> **macOS says the app "is damaged and can't be opened".** The app is not damaged: it is not notarized with Apple (that requires a paid Apple Developer account), so Gatekeeper blocks anything downloaded from a browser. After installing, clear the quarantine flag once: +> **macOS says the app "is damaged and can't be opened".** Releases from v1.3.5 on are signed and notarized with Apple, so this should not happen with a fresh download of the latest DMG. If you still hit it (older release, or a download that got a stale quarantine flag), clear the flag once: > > ```bash > xattr -cr "/Applications/Arch R Flasher.app" diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index 6bd13ef..1e32be4 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -39,7 +39,7 @@ ], "resources": [], "macOS": { - "signingIdentity": "-", + "signingIdentity": null, "entitlements": null } },