mirror of
https://github.com/awizemann/scarf.git
synced 2026-05-08 02:14:37 +00:00
Alan Wizemann
e0f0fad192
Add codesign --verify --strict --deep + spctl --assess on the extracted distribution zip inside build_variant() so any seal regression introduced by ditto / staple / future pipeline tweaks fails the release before users see "damaged" errors. Document the non-destructive recovery path in README and explicitly warn against `xattr -rc` and `codesign --force --deep --sign -` (issue #49 — both corrupt Sparkle.framework's nested XPC service / Updater.app signatures even when the outer app remains intact). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>