From c084aa931045c721bf0662596b77fcde1331f48f Mon Sep 17 00:00:00 2001
From: LukeGus <bugattiguy527@gmail.com>
Date: Sat, 25 Oct 2025 02:31:46 -0500
Subject: [PATCH] fix: Fix .dmg signing

---
 build/entitlements.mac.inherit.plist | 14 ++++++++++
 build/entitlements.mac.plist         | 14 ++++++++++
 build/notarize.js                    | 39 ++++++++++++++++++++++++++++
 electron-builder.json                |  8 +++---
 4 files changed, 72 insertions(+), 3 deletions(-)
 create mode 100644 build/entitlements.mac.inherit.plist
 create mode 100644 build/entitlements.mac.plist
 create mode 100644 build/notarize.js

diff --git a/build/entitlements.mac.inherit.plist b/build/entitlements.mac.inherit.plist
new file mode 100644
index 00000000..ee90b853
--- /dev/null
+++ b/build/entitlements.mac.inherit.plist
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+	<true/>
+</dict>
+</plist>
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
new file mode 100644
index 00000000..ee90b853
--- /dev/null
+++ b/build/entitlements.mac.plist
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+	<true/>
+</dict>
+</plist>
diff --git a/build/notarize.js b/build/notarize.js
new file mode 100644
index 00000000..4c072696
--- /dev/null
+++ b/build/notarize.js
@@ -0,0 +1,39 @@
+const { notarize } = require('@electron/notarize');
+
+exports.default = async function notarizing(context) {
+  const { electronPlatformName, appOutDir } = context;
+
+  // Only notarize macOS builds
+  if (electronPlatformName !== 'darwin') {
+    return;
+  }
+
+  // Skip notarization if credentials are not provided
+  const appleId = process.env.APPLE_ID;
+  const appleIdPassword = process.env.APPLE_ID_PASSWORD;
+  const teamId = process.env.APPLE_TEAM_ID;
+
+  if (!appleId || !appleIdPassword || !teamId) {
+    console.log('Skipping notarization: Apple ID credentials not provided');
+    return;
+  }
+
+  const appName = context.packager.appInfo.productFilename;
+
+  console.log(`Notarizing ${appName}...`);
+
+  try {
+    await notarize({
+      appBundleId: 'com.karmaa.termix',
+      appPath: `${appOutDir}/${appName}.app`,
+      appleId: appleId,
+      appleIdPassword: appleIdPassword,
+      teamId: teamId,
+    });
+
+    console.log(`Successfully notarized ${appName}`);
+  } catch (error) {
+    console.error('Notarization failed:', error);
+    // Don't fail the build if notarization fails
+  }
+};
diff --git a/electron-builder.json b/electron-builder.json
index 0981a6df..9b3f7dec 100644
--- a/electron-builder.json
+++ b/electron-builder.json
@@ -98,14 +98,16 @@
     "category": "public.app-category.developer-tools",
     "hardenedRuntime": true,
     "gatekeeperAssess": false,
-    "entitlements": "build/entitlements.mas.plist",
-    "entitlementsInherit": "build/entitlements.mas.inherit.plist",
+    "entitlements": "build/entitlements.mac.plist",
+    "entitlementsInherit": "build/entitlements.mac.inherit.plist",
     "type": "distribution",
     "minimumSystemVersion": "10.15"
   },
   "dmg": {
-    "artifactName": "termix_macos_${arch}_${version}_dmg.${ext}"
+    "artifactName": "termix_macos_${arch}_${version}_dmg.${ext}",
+    "sign": true
   },
+  "afterSign": "build/notarize.js",
   "mas": {
     "provisioningProfile": "build/Termix_Mac_App_Store.provisionprofile",
     "entitlements": "build/entitlements.mas.plist",