Problem
The Electron auto-updater (electron-updater / ShipIt) fails on macOS with:
Update check failed: Code signature at URL
file:///Users/.../Library/Caches/dev.tuttle.app.ShipIt/update.../Tuttle.app/
did not pass validation: code failed to satisfy specified code requirement(s)
The app is built with "identity": "-" (ad-hoc signing), which means:
Signature=adhoc, TeamIdentifier=not set
- ShipIt cannot verify the downloaded update matches the running app's identity
- Every update check fails with a code signature validation error
PR #343 only suppressed the error toast and added the identity: "-" field — it did not fix the root cause.
Root Cause
macOS's native update mechanism (ShipIt/Squirrel) requires a valid Developer ID code signature to verify that an update comes from the same developer as the installed app. Ad-hoc signing has no verifiable identity, so verification always fails.
Blocked By
Until the app is properly signed with a Developer ID certificate, ShipIt-based auto-updates cannot work.
Fix (after #320 is resolved)
Once the app is signed with a real Developer ID:
- Remove
"identity": "-" from ui/package.json mac config (or set to the real identity)
- Ensure both the
.app bundle and the tuttle-rpc sidecar binaries are signed
- Verify that
electron-updater can download, verify, and install an update from GitHub Releases
Workaround (optional, before #320)
As an interim measure, the updater could fall back to opening the GitHub Releases page in the browser when an update is detected, instead of attempting auto-install via ShipIt. This avoids the signature check entirely.
Acceptance Criteria
Problem
The Electron auto-updater (electron-updater / ShipIt) fails on macOS with:
The app is built with
"identity": "-"(ad-hoc signing), which means:Signature=adhoc,TeamIdentifier=not setPR #343 only suppressed the error toast and added the
identity: "-"field — it did not fix the root cause.Root Cause
macOS's native update mechanism (ShipIt/Squirrel) requires a valid Developer ID code signature to verify that an update comes from the same developer as the installed app. Ad-hoc signing has no verifiable identity, so verification always fails.
Blocked By
Until the app is properly signed with a Developer ID certificate, ShipIt-based auto-updates cannot work.
Fix (after #320 is resolved)
Once the app is signed with a real Developer ID:
"identity": "-"fromui/package.jsonmac config (or set to the real identity).appbundle and thetuttle-rpcsidecar binaries are signedelectron-updatercan download, verify, and install an update from GitHub ReleasesWorkaround (optional, before #320)
As an interim measure, the updater could fall back to opening the GitHub Releases page in the browser when an update is detected, instead of attempting auto-install via ShipIt. This avoids the signature check entirely.
Acceptance Criteria
autoUpdater.checkForUpdates()completes without signature errors