Skip to content

🤖 Fix: Remove unnecessary DMG signing and split artifacts #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

🤖 Fix: Remove unnecessary DMG signing and split artifacts #85

merged 1 commit into from
Oct 7, 2025

Conversation

@ammario
Copy link
Member

@ammario ammario commented Oct 7, 2025

Problem

  1. PR 🤖 Fix: Enable DMG code signing #83 added dmg.sign: true which is actually unnecessary and discouraged by electron-builder
  2. Both DMG files (x64 and arm64) are being uploaded as a single artifact, making it confusing for users

Solution

  1. Removed dmg.sign: true - DMG signing is not needed and can cause issues. What matters is the .app bundle signing (which works perfectly)
  2. Split artifacts - Now uploading as separate macos-dmg-x64 and macos-dmg-arm64 artifacts for clarity

Why DMG signing is unnecessary

According to electron-builder documentation: "Signing is not required and will lead to unwanted errors in combination with notarization requirements."

The .app bundle inside the DMG is properly signed with:

  • Developer ID Application certificate
  • Hardened Runtime enabled
  • All frameworks and helpers signed
  • Valid certificate chain through Apple Root CA

✅ Verified on local machine: codesign --verify --deep --strict passes

Changes

# .github/workflows/build.yml
- name: Upload macOS DMG (x64)
  path: release/*-x64.dmg
  
- name: Upload macOS DMG (arm64)
  path: release/*-arm64.dmg
// package.json - removed dmg section entirely
"mac": {
  "target": [
    { "target": "dmg", "arch": "x64" },
    { "target": "dmg", "arch": "arm64" }
  ],
  ...
}

Generated with cmux

@ammario
🤖 Remove unnecessary DMG signing and split artifacts
4377e8d 
- Remove dmg.sign: true (not needed and discouraged per electron-builder docs)
- Split macOS artifacts into separate x64 and arm64 uploads
- The .app bundle signing is what matters, not the DMG itself

_Generated with `cmux`_
@ammario ammario force-pushed the fix-dmg-signing-v2 branch from 5d545a6 to 4377e8d Compare October 7, 2025 20:26
@ammario ammario merged commit 5d5ce0a into main Oct 7, 2025
7 checks passed
@ammario ammario deleted the fix-dmg-signing-v2 branch October 7, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ammario