Use ad-hoc signing in release builds

pol-rivero · pol-rivero · commit 100842e0519e · 2025-12-20T10:52:22.000+01:00
Better to self-sign than to not sign at all
diff --git a/README.md b/README.md
@@ -156,7 +156,10 @@ Download and execute the installer from the [releases page](https://github.com/p
 <details>
 <summary>Click to expand</summary>
 
-Download the ZIP file from the [releases page](https://github.com/pol-rivero/github-desktop-plus/releases/latest) and extract it. To run the installer, execute the file `GitHub Desktop Plus.app/Contents/MacOS/GitHub Desktop`.
+Download and extract the ZIP file from the [releases page](https://github.com/pol-rivero/github-desktop-plus/releases/latest). Click the app file to run it.
+
+> [!INFO]
+> If you encounter the error "Apple could not verify this app is free of malware", go to System Settings > Privacy & Security > Scroll down to Security and click Open Anyway on "GitHub Desktop Plus".
 
 | **64-bit x86** | **64-bit ARM (Apple Silicon)** |
 | --- | --- |
diff --git a/script/build.ts b/script/build.ts
@@ -50,11 +50,16 @@ import {
 } from 'fs'
 import { copySync } from 'fs-extra'
 
+// Always use ad-hoc code signing ('-'), even for published builds, to avoid "app is damaged" error.
+// This is the friendliest non-paid option.
+// https://wiki.freepascal.org/Code_Signing_for_macOS#Ad_hoc_signing
+const isGitHubDesktopPlus = true
 const isPublishableBuild = isPublishable()
 const isDevelopmentBuild = getChannel() === 'development'
+const useAdHocSigning = isGitHubDesktopPlus || isDevelopmentBuild
 
 const projectRoot = path.join(__dirname, '..')
-const entitlementsSuffix = isDevelopmentBuild ? '-dev' : ''
+const entitlementsSuffix = useAdHocSigning ? '-dev' : ''
 const entitlementsPath = `${projectRoot}/script/entitlements${entitlementsSuffix}.plist`
 const extendInfoPath = `${projectRoot}/script/info.plist`
 const outRoot = path.join(projectRoot, 'out')
@@ -197,13 +202,13 @@ function packageApp() {
         hardenedRuntime: true,
         entitlements: entitlementsPath,
       }),
-      type: isPublishableBuild ? 'distribution' : 'development',
+      type: useAdHocSigning ? 'development' : 'distribution',
       // For development, we will use '-' as the identifier so that codesign
       // will sign the app to run locally. We need to disable 'identity-validation'
       // or otherwise it will replace '-' with one of the regular codesigning
       // identities in our system.
-      identity: isDevelopmentBuild ? '-' : undefined,
-      identityValidation: !isDevelopmentBuild,
+      identity: useAdHocSigning ? '-' : undefined,
+      identityValidation: !useAdHocSigning,
     },
     osxNotarize,
     protocols: [
