PlanToCode
Back to Documentation
Deployment

macOS Distribution

Signing, notarization, DMG packaging, and updater artifacts.

•
10 min read
•

Distributing on macOS requires code signing, notarization, and proper packaging. This document covers the complete process for PlanToCode.

Code Signing

All binaries must be signed with an Apple Developer ID:

  • Developer ID Application certificate for app signing
  • Developer ID Installer certificate for PKG signing
  • Certificates stored in CI secrets, imported to keychain
  • Hardened runtime enabled for notarization compatibility

Entitlements

Required entitlements for PlanToCode features:

  • com.apple.security.cs.allow-jit
  • com.apple.security.cs.allow-unsigned-executable-memory
  • com.apple.security.device.audio-input
  • com.apple.security.network.client
  • com.apple.security.files.user-selected.read-write

Build Process

Steps to build a signed release:

  1. Run pnpm tauri build --target universal-apple-darwin
  2. Tauri signs with APPLE_SIGNING_IDENTITY from environment
  3. Universal binary created with lipo for Intel + ARM
  4. DMG packaged with custom background and layout

Universal Binaries

PlanToCode ships as a universal binary:

  • Single .app supports both Intel and Apple Silicon
  • Built with --target universal-apple-darwin
  • Slightly larger binary but simpler distribution
  • Native performance on both architectures

Notarization

Apple notarization is required for Gatekeeper approval:

  • DMG submitted to Apple notary service
  • Uses notarytool with App Store Connect credentials
  • Stapling attaches notarization ticket to DMG
  • Process takes 1-5 minutes typically

In-App Updates

tauri-plugin-updater handles automatic updates:

  • Checks update endpoint on launch
  • Downloads new version in background
  • Prompts user to restart to apply
  • Signature verification before installation

Update Manifest

latest.json describes available updates:

  • version: Semantic version string
  • platforms.darwin-universal: URL and signature
  • notes: Release notes in markdown
  • pub_date: ISO 8601 publish timestamp

Common Pitfalls

Issues frequently encountered:

  • Keychain locked during CI: Unlock before signing
  • Notarization timeout: Retry with exponential backoff
  • Invalid signature: Check entitlements match capabilities
  • Gatekeeper rejection: Verify notarization stapled correctly

Verification Commands

Commands to verify signing and notarization:

  • codesign -dv --verbose=4 PlanToCode.app
  • spctl --assess --verbose PlanToCode.app
  • stapler validate PlanToCode.dmg
  • xcrun notarytool log <submission-id>