fix: Fix .dmg signing

build/entitlements.mac.inherit.plist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+	<true/>
+</dict>
+</plist>

build/entitlements.mac.plist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+	<true/>
+</dict>
+</plist>

build/notarize.js

@@ -0,0 +1,39 @@
+const { notarize } = require('@electron/notarize');
+
+exports.default = async function notarizing(context) {
+  const { electronPlatformName, appOutDir } = context;
+
+  // Only notarize macOS builds
+  if (electronPlatformName !== 'darwin') {
+    return;
+  }
+
+  // Skip notarization if credentials are not provided
+  const appleId = process.env.APPLE_ID;
+  const appleIdPassword = process.env.APPLE_ID_PASSWORD;
+  const teamId = process.env.APPLE_TEAM_ID;
+
+  if (!appleId || !appleIdPassword || !teamId) {
+    console.log('Skipping notarization: Apple ID credentials not provided');
+    return;
+  }
+
+  const appName = context.packager.appInfo.productFilename;
+
+  console.log(`Notarizing ${appName}...`);
+
+  try {
+    await notarize({
+      appBundleId: 'com.karmaa.termix',
+      appPath: `${appOutDir}/${appName}.app`,
+      appleId: appleId,
+      appleIdPassword: appleIdPassword,
+      teamId: teamId,
+    });
+
+    console.log(`Successfully notarized ${appName}`);
+  } catch (error) {
+    console.error('Notarization failed:', error);
+    // Don't fail the build if notarization fails
+  }
+};

electron-builder.json

@@ -98,14 +98,16 @@
     "category": "public.app-category.developer-tools",
     "hardenedRuntime": true,
     "gatekeeperAssess": false,
-    "entitlements": "build/entitlements.mas.plist",
-    "entitlementsInherit": "build/entitlements.mas.inherit.plist",
+    "entitlements": "build/entitlements.mac.plist",
+    "entitlementsInherit": "build/entitlements.mac.inherit.plist",
     "type": "distribution",
     "minimumSystemVersion": "10.15"
   },
   "dmg": {
-    "artifactName": "termix_macos_${arch}_${version}_dmg.${ext}"
+    "artifactName": "termix_macos_${arch}_${version}_dmg.${ext}",
+    "sign": true
   },
+  "afterSign": "build/notarize.js",
   "mas": {
     "provisioningProfile": "build/Termix_Mac_App_Store.provisionprofile",
     "entitlements": "build/entitlements.mas.plist",