From 6f8a1730f5b8d1c5165c130f5dbbc0aead2412fc Mon Sep 17 00:00:00 2001 From: tooomm Date: Sun, 15 Mar 2026 19:28:48 +0100 Subject: [PATCH] Update desktop-build.yml --- .github/workflows/desktop-build.yml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/.github/workflows/desktop-build.yml b/.github/workflows/desktop-build.yml index 753d4e834..f2c149c57 100644 --- a/.github/workflows/desktop-build.yml +++ b/.github/workflows/desktop-build.yml @@ -471,9 +471,33 @@ jobs: run: | if [[ -n "$MACOS_CERTIFICATE_NAME" ]]; then security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain - /usr/bin/codesign --sign="$MACOS_CERTIFICATE_NAME" --entitlements=".ci/macos.entitlements" --options=runtime --force --deep --timestamp --verbose ${{steps.build.outputs.path}} - echo "" + codesign --sign="$MACOS_CERTIFICATE_NAME" --entitlements=".ci/macos.entitlements" --options=runtime --force --deep --timestamp --verbose ${{steps.build.outputs.path}} + + echo "Inspect/Verify app signature" codesign -dv --verbose=4 ${{steps.build.outputs.path}} + + codesign -dv --verbose=3 ${{steps.build.outputs.path}} + + codesign -dv --verbose=2 ${{steps.build.outputs.path}} + + codesign -dv --verbose=1 ${{steps.build.outputs.path}} + + codesign -dv --verbose ${{steps.build.outputs.path}} + + codesign --verify ${{steps.build.outputs.path}} + + codesign --verify --deep ${{steps.build.outputs.path}} + + codesign --verify --deep --verbose ${{steps.build.outputs.path}} + + echo "Assess the application" + spctl --assess --type execute --verbose ${{steps.build.outputs.path}} + + echo "Checking Gatekeepr conformance of the app" + codesign --verify --deep --strict --verbose=2 ${{steps.build.outputs.path}} + + echo "Checking Gatekeepr conformance of the app 2" + spctl -a -t exec -vv ${{steps.build.outputs.path}} fi - name: Notarize app bundle