65 lines
1.6 KiB
Markdown
65 lines
1.6 KiB
Markdown
# Clawdbot macOS app (dev + signing)
|
|
|
|
## Quick dev run
|
|
|
|
```bash
|
|
# from repo root
|
|
scripts/restart-mac.sh
|
|
```
|
|
|
|
Options:
|
|
|
|
```bash
|
|
scripts/restart-mac.sh --no-sign # fastest dev; ad-hoc signing (TCC permissions do not stick)
|
|
scripts/restart-mac.sh --sign # force code signing (requires cert)
|
|
```
|
|
|
|
## Packaging flow
|
|
|
|
```bash
|
|
scripts/package-mac-app.sh
|
|
```
|
|
|
|
Creates `dist/Clawdbot.app` and signs it via `scripts/codesign-mac-app.sh`.
|
|
|
|
## Signing behavior
|
|
|
|
Auto-selects identity (first match):
|
|
1) Developer ID Application
|
|
2) Apple Distribution
|
|
3) Apple Development
|
|
4) first available identity
|
|
|
|
If none found:
|
|
- errors by default
|
|
- set `ALLOW_ADHOC_SIGNING=1` or `SIGN_IDENTITY="-"` to ad-hoc sign
|
|
|
|
## Team ID audit (Sparkle mismatch guard)
|
|
|
|
After signing, we read the app bundle Team ID and compare every Mach-O inside the app.
|
|
If any embedded binary has a different Team ID, signing fails.
|
|
|
|
Skip the audit:
|
|
```bash
|
|
SKIP_TEAM_ID_CHECK=1 scripts/package-mac-app.sh
|
|
```
|
|
|
|
## Library validation workaround (dev only)
|
|
|
|
If Sparkle Team ID mismatch blocks loading (common with Apple Development certs), opt in:
|
|
|
|
```bash
|
|
DISABLE_LIBRARY_VALIDATION=1 scripts/package-mac-app.sh
|
|
```
|
|
|
|
This adds `com.apple.security.cs.disable-library-validation` to app entitlements.
|
|
Use for local dev only; keep off for release builds.
|
|
|
|
## Useful env flags
|
|
|
|
- `SIGN_IDENTITY="Apple Development: Your Name (TEAMID)"`
|
|
- `ALLOW_ADHOC_SIGNING=1` (ad-hoc, TCC permissions do not persist)
|
|
- `CODESIGN_TIMESTAMP=off` (offline debug)
|
|
- `DISABLE_LIBRARY_VALIDATION=1` (dev-only Sparkle workaround)
|
|
- `SKIP_TEAM_ID_CHECK=1` (bypass audit)
|