Verify updater signatures before replacing the app by justingleader · Pull Request #64 · karansinghgit/speaktype

justingleader · 2026-04-23T14:34:22Z

Summary

require downloaded update bundles to match SpeakType's expected bundle ID and developer team
validate the mounted app's code signature and Gatekeeper acceptance before replacing the running app
add focused unit tests for the new signing checks

xcodebuild -project /Users/justinleader/Documents/Codex/2026-04-23-examine-this-fully-and-see-if/speaktype/speaktype.xcodeproj -scheme speaktype build-for-testing -destination 'platform=macOS' MACOSX_DEPLOYMENT_TARGET=15.0 CODE_SIGNING_ALLOWED=NO CODE_SIGNING_REQUIRED=NO -only-testing:speaktypeTests/UpdateServiceSecurityTests\n- xcodebuild -project /Users/justinleader/Documents/Codex/2026-04-23-examine-this-fully-and-see-if/speaktype/speaktype.xcodeproj -scheme speaktype test-without-building -destination 'platform=macOS' MACOSX_DEPLOYMENT_TARGET=15.0 CODE_SIGNING_ALLOWED=NO CODE_SIGNING_REQUIRED=NO -only-testing:speaktypeTests/UpdateServiceSecurityTests

Verify updater signature before app replacement

31db8b8