Add full disk access checks and settings
Add background themes and custom images Add shell command logging toggle Add UTF-8 locale guarantee for PTY Add Claude hook settings injection Add hotkey system for GUI Add glass panel styling Add search disabled state for agent panels Add zoom toggle command Add device report filtering Add entitlements for notarization Update version to 0.1.27
This commit is contained in:
@@ -7,6 +7,7 @@ DMG_DIR := $(APP_DIR)/src-tauri/target/$(TAURI_TARGET)/release/bundle/dm
|
||||
NATIVE_DMG_DIR := $(APP_DIR)/src-tauri/target/release/bundle/dmg
|
||||
NATIVE_TRIPLE := $(shell rustc -vV 2>/dev/null | awk '/^host:/{print $$2}')
|
||||
SIDECAR_DIR := $(APP_DIR)/src-tauri/bin
|
||||
ENTITLEMENTS := $(APP_DIR)/src-tauri/Entitlements.plist
|
||||
BUNDLE_CONFIG := src-tauri/tauri.bundle.conf.json
|
||||
APP_BUNDLE := $(APP_DIR)/src-tauri/target/$(TAURI_TARGET)/release/bundle/macos/spaceshell.app
|
||||
NATIVE_APP_BUNDLE := $(APP_DIR)/src-tauri/target/release/bundle/macos/spaceshell.app
|
||||
@@ -17,6 +18,34 @@ LANDING_VERSION := $(shell cat landing/VERSION 2>/dev/null || echo 0.0.0)
|
||||
REGISTRY ?= git.realmanual.ru
|
||||
REPO ?= spacesh
|
||||
|
||||
# Stable code-signing identity. Without a STABLE signature the app is ad-hoc
|
||||
# signed and its code identity changes every build, so macOS attributes child
|
||||
# processes (the daemon → Claude Code) to a different "responsible app" each time:
|
||||
# TCC permissions reset and agents lose their Keychain login on every rebuild.
|
||||
# Defaults to the Developer ID (Team 3PNKDC6L42) — a stable designated requirement
|
||||
# (anchor apple generic + TeamID) that Keychain/TCC trust survives across rebuilds.
|
||||
# Override with `SIGN_IDENTITY="<cert name>" make reinstall`, or `SIGN_IDENTITY=`
|
||||
# to fall back to ad-hoc. Tauri reads APPLE_SIGNING_IDENTITY for the bundle + sidecar.
|
||||
SIGN_IDENTITY ?= Developer ID Application: Vassiliy Yegorov (3PNKDC6L42)
|
||||
ifneq ($(strip $(SIGN_IDENTITY)),)
|
||||
export APPLE_SIGNING_IDENTITY := $(SIGN_IDENTITY)
|
||||
endif
|
||||
|
||||
# Notarization (required to distribute the DMG — Gatekeeper blocks un-notarized apps
|
||||
# on other Macs). Secrets: put them in a gitignored `.signing.env` (make syntax,
|
||||
# e.g. `APPLE_ID := you@example.com`) or pass on the CLI. NEVER commit them.
|
||||
# APPLE_ID — your Apple ID email
|
||||
# APPLE_PASSWORD — an app-specific password (appleid.apple.com → App-Specific Passwords)
|
||||
# APPLE_TEAM_ID — 3PNKDC6L42 (defaulted below)
|
||||
# When all three are present, `tauri build` auto-notarizes + staples the bundle.
|
||||
-include .signing.env
|
||||
APPLE_ID ?=
|
||||
APPLE_PASSWORD ?=
|
||||
APPLE_TEAM_ID ?= 3PNKDC6L42
|
||||
ifneq ($(strip $(APPLE_ID)),)
|
||||
export APPLE_ID APPLE_PASSWORD APPLE_TEAM_ID
|
||||
endif
|
||||
|
||||
# ---- Gitea generic package registry (versioned .dmg downloads) ----
|
||||
GITEA_URL ?= https://git.realmanual.ru
|
||||
GITEA_OWNER ?= pub
|
||||
@@ -53,7 +82,7 @@ bump: ## increment the patch version for BOTH the GUI (tauri.conf.json) and the
|
||||
@node scripts/bump_version.mjs
|
||||
|
||||
.PHONY: dmg
|
||||
dmg: bump targets ## bump version + build the universal (Intel + Apple Silicon) .dmg — UNSIGNED
|
||||
dmg: bump targets ## bump version + build universal .dmg (signed; notarized if .signing.env set)
|
||||
# Tauri's universal build needs BOTH the per-arch sidecars (resolved during each
|
||||
# arch sub-build) AND a fat spaceshd-universal-apple-darwin (copied into the final
|
||||
# bundle — Tauri does not lipo sidecars itself). spaceshd ships inside
|
||||
@@ -102,7 +131,16 @@ install: kill-daemon ## install the native .app to /Applications, restart daemon
|
||||
rm -rf /Applications/spacesh.app /Applications/spaceshell.app # drop the pre-rename app too
|
||||
cp -R "$(NATIVE_APP_BUNDLE)" /Applications/
|
||||
xattr -dr com.apple.quarantine /Applications/spaceshell.app
|
||||
ifneq ($(strip $(SIGN_IDENTITY)),)
|
||||
# Belt-and-suspenders: re-sign inside-out with the stable identity so neither the
|
||||
# embedded daemon nor the app is left ad-hoc if Tauri skipped the sidecar.
|
||||
codesign --force --options runtime --timestamp --entitlements "$(ENTITLEMENTS)" --sign "$(SIGN_IDENTITY)" /Applications/spaceshell.app/Contents/MacOS/spaceshd
|
||||
codesign --force --options runtime --timestamp --entitlements "$(ENTITLEMENTS)" --sign "$(SIGN_IDENTITY)" /Applications/spaceshell.app
|
||||
@codesign -dvv /Applications/spaceshell.app 2>&1 | grep -E "TeamIdentifier|Signature" || true
|
||||
endif
|
||||
@echo "Installed (native). Quit & relaunch spaceshell; the bundled daemon restarts."
|
||||
@echo "Tip: on first launch grant Full Disk Access (System Settings → Privacy & Security)"
|
||||
@echo " so terminals inside the app can run tmutil / reach protected folders."
|
||||
|
||||
.PHONY: install-universal
|
||||
install-universal: kill-daemon ## install the universal .app to /Applications
|
||||
|
||||
Reference in New Issue
Block a user