mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-06 05:51:15 +08:00
aee45f5f73
Bumps the swift-deps group with 3 updates in the /apps/macos directory: [github.com/apple/swift-log](https://github.com/apple/swift-log), [github.com/sparkle-project/sparkle](https://github.com/sparkle-project/Sparkle) and [github.com/steipete/peekaboo](https://github.com/steipete/Peekaboo). Updates `github.com/apple/swift-log` from 1.12.0 to 1.13.1 - [Release notes](https://github.com/apple/swift-log/releases) - [Commits](https://github.com/apple/swift-log/compare/1.12.0...1.13.1) Updates `github.com/sparkle-project/sparkle` from 2.9.1 to 2.9.2 - [Release notes](https://github.com/sparkle-project/Sparkle/releases) - [Commits](https://github.com/sparkle-project/Sparkle/compare/2.9.1...2.9.2) Updates `github.com/steipete/peekaboo` from 3.2.1 to 3.3.0 - [Release notes](https://github.com/steipete/Peekaboo/releases) - [Commits](https://github.com/steipete/Peekaboo/compare/v3.2.1...v3.3.0) --- updated-dependencies: - dependency-name: github.com/apple/swift-log dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: swift-deps - dependency-name: github.com/sparkle-project/sparkle dependency-version: 2.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: swift-deps - dependency-name: github.com/steipete/peekaboo dependency-version: 3.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: swift-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
OpenClaw macOS app (dev + signing)
Quick dev run
# from repo root
scripts/restart-mac.sh
Options:
scripts/restart-mac.sh --no-sign # fastest dev; ad-hoc signing (TCC permissions do not stick)
scripts/restart-mac.sh --sign # force code signing (requires cert)
Packaging flow
scripts/package-mac-app.sh
Creates dist/OpenClaw.app and signs it via scripts/codesign-mac-app.sh.
Signing behavior
Auto-selects identity (first match):
- Developer ID Application
- Apple Distribution
- Apple Development
- first available identity
If none found:
- errors by default
- set
ALLOW_ADHOC_SIGNING=1orSIGN_IDENTITY="-"to ad-hoc sign
Team ID audit (Sparkle mismatch guard)
After signing, we read the app bundle Team ID and compare every Mach-O inside the app. If any embedded binary has a different Team ID, signing fails.
Skip the audit:
SKIP_TEAM_ID_CHECK=1 scripts/package-mac-app.sh
Library validation workaround (dev only)
If Sparkle Team ID mismatch blocks loading (common with Apple Development certs), opt in:
DISABLE_LIBRARY_VALIDATION=1 scripts/package-mac-app.sh
This adds com.apple.security.cs.disable-library-validation to app entitlements.
Use for local dev only; keep off for release builds.
Useful env flags
SIGN_IDENTITY="Apple Development: Your Name (TEAMID)"ALLOW_ADHOC_SIGNING=1(ad-hoc, TCC permissions do not persist)CODESIGN_TIMESTAMP=off(offline debug)DISABLE_LIBRARY_VALIDATION=1(dev-only Sparkle workaround)SKIP_TEAM_ID_CHECK=1(bypass audit)