Skip to content

Memex v0.1.2 - signed and notarized macOS DMG

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 May 11:07
· 12 commits to main since this release
v0.1.2
cfbc2e6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

macOS distribution fix

This patch release replaces the v0.1.1 macOS distribution path with a properly signed and notarized Apple Silicon DMG.

There are no user-facing feature changes from v0.1.1. The app version was bumped so the public release history remains immutable and users can distinguish the signed/notarized build from the earlier unsigned artifact.

Fixed

  • Builds the macOS DMG with the GUI feature enabled and WebKit Inspector disabled.
  • Signs the app with Developer ID Application credentials.
  • Notarizes and staples the final DMG.
  • Verifies the uploaded DMG with codesign, spctl, and stapler.
  • Hardens the release workflow by pinning GitHub Actions to commit SHAs, disabling checkout credential persistence, avoiding workflow-dispatch shell injection, requiring an existing tag, and refusing to overwrite existing release assets.

Verification

  • GitHub Actions release workflow: https://github.com/Two-Weeks-Team/memex/actions/runs/26633383174
  • Uploaded asset digest: sha256:d6d69df15005d963ad9e1831768d1899e456f52b0cf23e21e576cfb58d66f57d
  • codesign --verify --verbose=2 Memex_0.1.2_aarch64.dmg
  • spctl --assess --type open --context context:primary-signature --verbose=4 Memex_0.1.2_aarch64.dmg
  • xcrun stapler validate Memex_0.1.2_aarch64.dmg

Upgrade note

Use this release instead of v0.1.1 on macOS. The v0.1.1 release originally shipped with an unsigned/unnotarized DMG.

Assets 3
Loading