Skip to content

Manually apply ad-hoc signature to macOS (ARM) app to fix "app is damaged" errors#7140

Closed
kthchew wants to merge 1 commit intoFreeTubeApp:developmentfrom
kthchew:fix/macos-damaged
Closed

Manually apply ad-hoc signature to macOS (ARM) app to fix "app is damaged" errors#7140
kthchew wants to merge 1 commit intoFreeTubeApp:developmentfrom
kthchew:fix/macos-damaged

Conversation

@kthchew
Copy link
Copy Markdown

@kthchew kthchew commented Apr 2, 2025

Pull Request Type

  • Bugfix
  • Feature Implementation
  • Documentation
  • Other

Related issue

Closes #6691

Description

macOS on ARM shows "app is damaged" errors due to an invalid signature. This appears to be an issue with the way electron-builder handles the build, breaking the automatic linker-applied ad-hoc signature. To fix this we can re-sign the affected parts of the app bundle using the codesign command after electron-builder does this work but before it places it into the DMG/ZIP/7z container.

Screenshots

The warning now shows as
Screenshot 2025-04-02 at 4 57 11 PM
And System Settings shows an option to bypass the warning
Screenshot 2025-04-02 at 4 57 22 PM

Testing

I tested the build GitHub actions workflow on my fork and verified that the build does not show a damaged warning on my machine. (It still shows a Gatekeeper warning, but this is expected without notarization and can be bypassed without the use of Terminal.)

Desktop

  • OS: macOS
  • OS Version: 15.4 (24E248)
  • FreeTube version: 0.23.3

Additional context

Documentation may need updating to move away from the suggestions of xattr and towards the GUI method of bypassing the warning?

@github-actions github-actions Bot added the PR: waiting for review For PRs that are complete, tested, and ready for review label Apr 2, 2025
@FreeTubeBot FreeTubeBot enabled auto-merge (squash) April 2, 2025 21:04
@kthchew kthchew mentioned this pull request Apr 2, 2025
Closed
6 tasks
@absidue
Copy link
Copy Markdown
Member

absidue commented Apr 2, 2025

It would be better to figure out what the actual issue is and fix it upstream, instead of adding a "temporary" (we all know how temporary workarounds usually become permanent technical debt) workaround here.

@absidue absidue added U: Waiting for Response from Author and removed PR: waiting for review For PRs that are complete, tested, and ready for review labels Apr 2, 2025
@kthchew
Copy link
Copy Markdown
Author

kthchew commented Apr 3, 2025

The Electron build system seems quite complex and it would probably be a complicated task to see exactly what is incompatible with the signature applied by the linker. The most practical solution would likely still be to manually run codesign after the fact, but passing in an empty identity for an ad-hoc signature rather than an actual identity.

Given that Electron seems to have a working code signing system for developers with actual certificates, I'd be willing to bet that if it were modified to accept ad-hoc identities (and automatically use them on ARM) this issue would be resolved. But yes, you're probably right that it would be ideal to fix it over there.

@kthchew
Copy link
Copy Markdown
Author

kthchew commented Apr 10, 2025

The PR over at electron-userland/electron-builder is going well, closing in favor of that one

@kthchew kthchew closed this Apr 10, 2025
auto-merge was automatically disabled April 10, 2025 03:44

Pull request was closed

@Ein-Tim
Copy link
Copy Markdown

Ein-Tim commented Apr 10, 2025

Link back to the corresponding PR: electron-userland/electron-builder#9007

This was referenced Apr 10, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Mac arm64 version broken

3 participants

@kthchew @absidue @Ein-Tim