Added afterPack script for Ad-hoc signing and verification of macOS applications.

nbox · nbox · commit c1ca5a4c7e97 · 2026-01-11T03:44:09.000+03:00
Trying to get rid of ““API Key Health Checker.app” is damaged and can’t be opened. You should move it to the Trash.”
diff --git a/build/afterPack.cjs b/build/afterPack.cjs
@@ -0,0 +1,33 @@
+/* eslint-disable no-console */
+const { execFileSync } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+
+exports.default = async function afterPack(context) {
+  if (context.electronPlatformName !== "darwin") return;
+
+  const appOutDir = context.appOutDir;
+  const appName = fs.readdirSync(appOutDir).find((f) => f.endsWith(".app"));
+  if (!appName) throw new Error(`No .app found in ${appOutDir}`);
+
+  const appPath = path.join(appOutDir, appName);
+
+  console.log(`Ad-hoc signing app bundle: ${appPath}`);
+
+  // Re-sign the whole bundle to generate CodeResources and clear "no resources" errors.
+  execFileSync("/usr/bin/codesign", ["--force", "--deep", "--sign", "-", appPath], {
+    stdio: "inherit",
+  });
+
+  // Verify signature integrity after re-signing.
+  execFileSync("/usr/bin/codesign", ["--verify", "--deep", "--strict", "--verbose=4", appPath], {
+    stdio: "inherit",
+  });
+
+  // Gatekeeper will likely reject ad-hoc signatures; this is expected.
+  try {
+    execFileSync("/usr/sbin/spctl", ["-a", "-vv", appPath], { stdio: "inherit" });
+  } catch {
+    console.log("spctl rejected (expected for ad-hoc / unsigned).");
+  }
+};
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "api-key-health-checker",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Desktop app to validate API keys for OpenAI, Gemini, YouTube, and custom endpoints with batch checks, rate limits, and reports.",
   "license": "BSD-3-Clause",
   "author": "nbox (https://github.com/nbox)",
@@ -35,6 +35,7 @@
   "build": {
     "appId": "com.nbox",
     "productName": "API Key Health Checker",
+    "afterPack": "build/afterPack.cjs",
     "mac": {
       "artifactName": "API Key Health Checker-${version}-${arch}.${ext}",
       "icon": "resources/icon.icns",
