程序员阿江(Relakkes) d2db9b7054 Keep local macOS test packages launchable without changing release CI
The local Apple Silicon packaging script produced app bundles that could
fail strict bundle validation because the outer .app had no sealed
resources. The fix shallow-signs only the copied canonical app bundle and
checks that the claude-sidecar code-signature hash stays unchanged.

Constraint: GitHub Actions release packaging must remain on the existing tauri-action path
Constraint: macOS Keychain ACLs are sensitive to sidecar code-signature hashes
Rejected: Set macOS signingIdentity in release CI | Tauri re-signs nested sidecars and can change Keychain caller identity
Confidence: high
Scope-risk: narrow
Directive: Do not deep-sign claude-sidecar without proving existing Keychain ACLs still work after upgrade
Tested: bash -n desktop/scripts/build-macos-arm64.sh
Tested: SKIP_INSTALL=1 desktop/scripts/build-macos-arm64.sh
Tested: codesign --verify --deep --strict --verbose=2 desktop/build-artifacts/macos-arm64/Claude\ Code\ Haha.app
Tested: open -n desktop/build-artifacts/macos-arm64/Claude\ Code\ Haha.app and /health returned ok
Not-tested: GitHub Actions release workflow, intentionally unchanged
2026-04-28 16:38:16 +08:00
..