{ "title": "from repo root", "content": "scripts/package-mac-app.sh # auto-selects identity; errors if none found\nSIGN_IDENTITY=\"Developer ID Application: Your Name\" scripts/package-mac-app.sh # real cert\nALLOW_ADHOC_SIGNING=1 scripts/package-mac-app.sh # ad-hoc (permissions will not stick)\nSIGN_IDENTITY=\"-\" scripts/package-mac-app.sh # explicit ad-hoc (same caveat)\nDISABLE_LIBRARY_VALIDATION=1 scripts/package-mac-app.sh # dev-only Sparkle Team ID mismatch workaround\n```\n\n### Ad-hoc Signing Note\n\nWhen signing with `SIGN_IDENTITY=\"-\"` (ad-hoc), the script automatically disables the **Hardened Runtime** (`--options runtime`). This is necessary to prevent crashes when the app attempts to load embedded frameworks (like Sparkle) that do not share the same Team ID. Ad-hoc signatures also break TCC permission persistence; see [macOS permissions](/platforms/mac/permissions) for recovery steps.\n\n## Build metadata for About\n\n`package-mac-app.sh` stamps the bundle with:\n\n* `OpenClawBuildTimestamp`: ISO8601 UTC at package time\n* `OpenClawGitCommit`: short git hash (or `unknown` if unavailable)\n\nThe About tab reads these keys to show version, build date, git commit, and whether it’s a debug build (via `#if DEBUG`). Run the packager to refresh these values after code changes.\n\nTCC permissions are tied to the bundle identifier *and* code signature. Unsigned debug builds with changing UUIDs were causing macOS to forget grants after each rebuild. Signing the binaries (ad‑hoc by default) and keeping a fixed bundle id/path (`dist/OpenClaw.app`) preserves the grants between builds, matching the VibeTunnel approach.", "code_samples": [], "headings": [ { "level": "h3", "text": "Ad-hoc Signing Note", "id": "ad-hoc-signing-note" }, { "level": "h2", "text": "Build metadata for About", "id": "build-metadata-for-about" }, { "level": "h2", "text": "Why", "id": "why" } ], "url": "llms-txt#from-repo-root", "links": [] }