Version 4.0.8 - Disable signature verification for auto-updates

umfhero · umfhero · commit 3594d85a2a6f · 2026-02-05T17:18:04.000Z
- Added forceDevUpdateConfig to bypass signature checks
- Added verifyUpdateCodeSignature: false in build config
- Allows auto-updates to work without code signing certificate
- This is safe for personal/testing use
- For production, proper code signing should be implemented
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "poly-hub",
-  "version": "4.0.7",
+  "version": "4.0.8",
   "description": "P2P file sharing between trusted users over Tailscale",
   "main": "src/main/main.js",
   "scripts": {
@@ -66,7 +66,8 @@
         }
       ],
       "icon": "assets/icon.ico",
-      "publisherName": "Poly-Hub"
+      "publisherName": "Poly-Hub",
+      "verifyUpdateCodeSignature": false
     },
     "nsis": {
       "oneClick": false,
diff --git a/src/main/autoUpdater.js b/src/main/autoUpdater.js
@@ -12,6 +12,10 @@ let mainWindow;
 autoUpdater.autoDownload = false;
 autoUpdater.autoInstallOnAppQuit = true;
 
+// IMPORTANT: Disable signature verification for unsigned builds
+// Remove this in production with proper code signing
+autoUpdater.forceDevUpdateConfig = true;
+
 // Set update feed URL explicitly
 autoUpdater.setFeedURL({
     provider: 'github',
diff --git a/version.json b/version.json
@@ -1,5 +1,5 @@
 {
-  "version": "4.0.7",
+  "version": "4.0.8",
   "buildDate": "2026-02-05",
   "name": "Poly-Hub"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "version": "4.0.7",`
	`2`	`+ "version": "4.0.8",`
`3`	`3`	`"buildDate": "2026-02-05",`
`4`	`4`	`"name": "Poly-Hub"`
`5`	`5`	`}`