Problem
The repo can build a local unsigned macOS app bundle and universal C library from source, and both verify asset-free. It does not currently have a signed/notarized redistributable DMG. The placeholder Homebrew Cask has been removed so the public tree does not imply a release artifact that does not exist.
Desired end state
- Maintainer-only signing credentials are documented as required secrets, not committed.
- macos/Scripts/sign_and_notarize.sh and create_dmg.sh are validated against a controlled release build.
- Any DMG attached to a GitHub Release passes macos/Scripts/verify_asset_free.sh before upload.
- A real Homebrew Cask or install instructions are added only after a real versioned DMG and SHA-256 exist.
Validation
- ./macos/Scripts/build_app_bundle.sh --release
- ./macos/Scripts/verify_asset_free.sh build-macos/MGB64.app
- ./macos/Scripts/build_universal.sh --release
- ./macos/Scripts/verify_asset_free.sh build-macos/libge007_lib.a
- Signing/notarization logs from a maintainer-controlled release run
Asset rule
Do not attach prebuilt artifacts that contain ROM-derived data. Do not commit certificates, profiles, secrets, or local keychain material.
Problem
The repo can build a local unsigned macOS app bundle and universal C library from source, and both verify asset-free. It does not currently have a signed/notarized redistributable DMG. The placeholder Homebrew Cask has been removed so the public tree does not imply a release artifact that does not exist.
Desired end state
Validation
Asset rule
Do not attach prebuilt artifacts that contain ROM-derived data. Do not commit certificates, profiles, secrets, or local keychain material.