flasher: restore certificate signing for macOS bundles

The ad-hoc signing identity from the previous commit overrode the
Developer ID certificate the CI imports, and notarization rejects
ad-hoc signatures (no Developer ID, no secure timestamp), failing the
macOS jobs. Back to the env-provided identity; the damaged-app README
note now points at stale downloads instead, since current releases are
properly notarized.
This commit is contained in:
Douglas Teles
2026-07-08 11:34:58 -03:00
parent 213fc5723c
commit a11e5d8e15
2 changed files with 2 additions and 2 deletions
+1 -1
View File
@@ -32,7 +32,7 @@ Cross-platform desktop app for flashing [Arch R](https://github.com/archr-linux/
| Linux | glibc 2.31+, `webkit2gtk-4.1`, `gtk-3`, `libayatana-appindicator3` | | Linux | glibc 2.31+, `webkit2gtk-4.1`, `gtk-3`, `libayatana-appindicator3` |
| macOS | macOS 10.15+, Apple Silicon | | macOS | macOS 10.15+, Apple Silicon |
> **macOS says the app "is damaged and can't be opened".** The app is not damaged: it is not notarized with Apple (that requires a paid Apple Developer account), so Gatekeeper blocks anything downloaded from a browser. After installing, clear the quarantine flag once: > **macOS says the app "is damaged and can't be opened".** Releases from v1.3.5 on are signed and notarized with Apple, so this should not happen with a fresh download of the latest DMG. If you still hit it (older release, or a download that got a stale quarantine flag), clear the flag once:
> >
> ```bash > ```bash
> xattr -cr "/Applications/Arch R Flasher.app" > xattr -cr "/Applications/Arch R Flasher.app"
+1 -1
View File
@@ -39,7 +39,7 @@
], ],
"resources": [], "resources": [],
"macOS": { "macOS": {
"signingIdentity": "-", "signingIdentity": null,
"entitlements": null "entitlements": null
} }
}, },