From 80f8ae40439d3bda6e971c63ac1bc1bb6c8d319d Mon Sep 17 00:00:00 2001
From: hatimhtm <106043141+hatimhtm@users.noreply.github.com>
Date: Sat, 21 Mar 2026 10:51:54 +0000
Subject: [PATCH] Add code signature verification for app updates

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
---
 Click2Minimize/AppDelegate.swift | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/Click2Minimize/AppDelegate.swift b/Click2Minimize/AppDelegate.swift
index 55a4109..02b29c1 100644
--- a/Click2Minimize/AppDelegate.swift
+++ b/Click2Minimize/AppDelegate.swift
@@ -474,15 +474,28 @@ class AppDelegate: NSObject, NSApplicationDelegate {
                     do {
                         // Copy the app to the /Applications folder
                         let appSourceURL = URL(fileURLWithPath: "\(mountedVolumePath)/Click2Minimize.app") // Adjust if necessary
-                        if FileManager.default.fileExists(atPath: appDestinationURL.path) {
-                            try FileManager.default.removeItem(at: appDestinationURL) // Remove old version if it exists
-                        }
-                        try FileManager.default.copyItem(at: appSourceURL, to: appDestinationURL)
-                        print("Successfully installed Click2Minimize to /Applications.")
                         
-                        // Prompt the user to relaunch the app
-                        DispatchQueue.main.async {
-                            self.promptUserToRelaunch()
+                        // Verify code signature before copying
+                        let verifyTask = Process()
+                        verifyTask.launchPath = "/usr/bin/codesign"
+                        verifyTask.arguments = ["--verify", "--deep", "--strict", appSourceURL.path]
+                        verifyTask.launch()
+                        verifyTask.waitUntilExit()
+
+                        if verifyTask.terminationStatus == 0 {
+                            if FileManager.default.fileExists(atPath: appDestinationURL.path) {
+                                try FileManager.default.removeItem(at: appDestinationURL) // Remove old version if it exists
+                            }
+                            try FileManager.default.copyItem(at: appSourceURL, to: appDestinationURL)
+                            print("Successfully installed Click2Minimize to /Applications.")
+
+                            // Prompt the user to relaunch the app
+                            DispatchQueue.main.async {
+                                self.promptUserToRelaunch()
+                            }
+                        } else {
+                            print("Code signature verification failed.")
+                            self.openBrowserForManualUpgrade()
                         }
                         
                     } catch {