hacks messing with signing

Author: Architeuthis-Flux

.github/workflows/build-and-package.yml

@@ -143,6 +143,10 @@ jobs:
         echo "Building with PyInstaller"
         python -m PyInstaller --clean --windowed --name "Jumperless" --distpath dist/macos --workpath build/macos --icon "assets/icons/icon.icns" JumperlessWokwiBridge.py
         
+        # Apply launcher script hack BEFORE code signing and notarization
+        echo "Setting up macOS launcher script hack BEFORE code signing..."
+        python Scripts/setup_macos_launcher.py
+        
     - name: Code Sign macOS App
       if: matrix.platform == 'macos'
       env:
@@ -354,9 +358,17 @@ jobs:
           - **Windows x86**: Jumperless-Windows-x86 (EXE + Python fallback)
           
           ### macOS Users - Important Note
-          If the app is code-signed with a Developer ID, you should be able to run it directly.
           
-          **If you get a security warning, try these steps:**
+          **This release includes properly notarized macOS apps that should run without security warnings.**
+          
+          **To run the app:**
+          1. **Double-click** `Jumperless.app` - Opens Terminal automatically for CLI interaction
+          2. **Or run from Terminal** for direct console output:
+             ```bash
+             /path/to/Jumperless.app/Contents/MacOS/Jumperless
+             ```
+          
+          **If you still get a security warning:**
           1. Right-click the app and select "Open" to bypass Gatekeeper
           2. Or remove the quarantine attribute:
              ```bash
@@ -377,12 +389,15 @@ jobs:
           See the README.md in each package for detailed instructions.
           
           ### What's New
+          - **Full macOS notarization support** - Apps are properly signed and notarized
+          - **No more macOS security warnings** - Apps run without quarantine issues
           - Multi-platform CI/CD pipeline with Windows x86 support
-          - macOS code signing support (notarization disabled by default for faster builds)
           - Improved packaging with modern tools
           - Better error handling and logging
           - Enhanced platform-specific optimizations
           - Linux packages now use tar.gz format
+          - **macOS Terminal launcher** - Double-click opens Terminal automatically
+          - **Proper launcher script order** - Applied before code signing to maintain notarization
           
         draft: false
         prerelease: ${{ !startsWith(github.ref, 'refs/tags/') }}

Scripts/package_app.py

@@ -335,16 +335,17 @@ def package_platform(platform, arch, output_dir):
 
     # Copy executable if it exists
     if platform == "macos":
-        # Handle .app bundle for macOS with launcher script hack
+        # Handle .app bundle for macOS without launcher script hack
         app_bundle_name = "Jumperless.app"
         app_bundle_path = Path(f"dist/{platform}/{app_bundle_name}")
         if app_bundle_path.exists():
             # Copy the entire .app bundle
             shutil.copytree(app_bundle_path, platform_dir / app_bundle_name, dirs_exist_ok=True)
             print(f"Copied .app bundle: {app_bundle_name}")
 
-            # Implement launcher script hack for persistent terminal
-            setup_macos_launcher_hack(platform_dir / app_bundle_name)
+            # Launcher script hack is now applied BEFORE code signing in CI/CD
+            # Skip it here to avoid modifying the signed app bundle
+            print("Launcher script hack skipped - applied before code signing in CI/CD workflow")
         else:
             print(f"Warning: .app bundle not found: {app_bundle_path}")
     else:

Scripts/setup_macos_launcher.py

@@ -0,0 +1,80 @@
+#!/usr/bin/env python3
+"""
+Setup macOS Launcher Script Hack
+Applies the launcher script hack BEFORE code signing and notarization
+"""
+
+import os
+import shutil
+from pathlib import Path
+
+def setup_macos_launcher_hack():
+    """
+    Implement the launcher script hack for macOS to get persistent terminal
+    This happens BEFORE code signing so the signature applies to the final version
+    """
+    print("Setting up macOS launcher script hack...")
+    
+    app_path = Path("dist/macos/Jumperless.app")
+    if not app_path.exists():
+        print(f"Warning: App bundle not found at {app_path}")
+        return False
+    
+    macos_dir = app_path / "Contents" / "MacOS"
+    original_executable = macos_dir / "Jumperless"
+    cli_executable = macos_dir / "Jumperless_cli"
+    
+    if not original_executable.exists():
+        print(f"Warning: Original executable not found at {original_executable}")
+        return False
+    
+    # Rename the original executable to Jumperless_cli
+    if cli_executable.exists():
+        cli_executable.unlink()
+    shutil.move(str(original_executable), str(cli_executable))
+    print(f"Renamed {original_executable} to {cli_executable}")
+    
+    # Create launcher script content
+    launcher_script_content = '''#!/bin/bash
+# Jumperless macOS Launcher
+# Opens Terminal and runs the CLI application
+
+# Get the directory of this script (inside the app bundle)
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+CLI_EXECUTABLE="$SCRIPT_DIR/Jumperless_cli"
+
+# Check if CLI executable exists
+if [ ! -f "$CLI_EXECUTABLE" ]; then
+    echo "Error: CLI executable not found at $CLI_EXECUTABLE"
+    exit 1
+fi
+
+# Use AppleScript to open Terminal and run the CLI app
+osascript -e "
+tell application \\"Terminal\\"
+    activate
+    set newWindow to do script \\"\\"
+    delay 0.5
+    do script \\"cd '$SCRIPT_DIR' && ./Jumperless_cli\\" in newWindow
+    set bounds of front window to {100, 100, 1000, 700}
+end tell
+"
+'''
+    
+    # Write launcher script
+    with open(original_executable, 'w') as f:
+        f.write(launcher_script_content)
+    
+    # Make launcher script executable
+    os.chmod(original_executable, 0o755)
+    print(f"Created launcher script at {original_executable}")
+    
+    return True
+
+if __name__ == "__main__":
+    success = setup_macos_launcher_hack()
+    if success:
+        print("macOS launcher script hack applied successfully")
+    else:
+        print("Failed to apply macOS launcher script hack")
+        exit(1)