Skip to content

macOS: wire signed, notarized DMG release path #6

Description

@akratch

Problem

The repo can build a local unsigned macOS app bundle and universal C library from source, and both verify asset-free. It does not currently have a signed/notarized redistributable DMG. The placeholder Homebrew Cask has been removed so the public tree does not imply a release artifact that does not exist.

Desired end state

  • Maintainer-only signing credentials are documented as required secrets, not committed.
  • macos/Scripts/sign_and_notarize.sh and create_dmg.sh are validated against a controlled release build.
  • Any DMG attached to a GitHub Release passes macos/Scripts/verify_asset_free.sh before upload.
  • A real Homebrew Cask or install instructions are added only after a real versioned DMG and SHA-256 exist.

Validation

  • ./macos/Scripts/build_app_bundle.sh --release
  • ./macos/Scripts/verify_asset_free.sh build-macos/MGB64.app
  • ./macos/Scripts/build_universal.sh --release
  • ./macos/Scripts/verify_asset_free.sh build-macos/libge007_lib.a
  • Signing/notarization logs from a maintainer-controlled release run

Asset rule

Do not attach prebuilt artifacts that contain ROM-derived data. Do not commit certificates, profiles, secrets, or local keychain material.

Metadata

Metadata

Assignees

No one assigned

    Labels

    macosmacOS app shell, packaging, signing, and notarizationrelease-hygienePublic release checklist, CI, docs alignment, and archive hygiene

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions