A macOS bootstrap orchestration tool for automated device provisioning.
- Universal binary (arm64 + x86_64)
- Automated package installation from JSON manifest
- SwiftDialog integration for UI feedback
- Session tracking and resume capability
- Network-aware with retry logic
- LaunchDaemon for automatic execution
- Comprehensive logging
BootstrapMate uses date-based versioning: YYYY.MM.DD.HHMM
Examples:
2026.02.08.2230- Built February 8, 2026 at 22:30 UTC- Auto-generated from build timestamp unless
VERSIONis specified
Check installed version:
/usr/local/bootstrapmate/installapplications --version- macOS 13.0 or later
- Xcode Command Line Tools
- Swift 6.0 or later
- Apple Developer ID certificates for signing
BootstrapMate uses environment variables for signing configuration. These should never be committed to the repository.
-
Copy the example environment file:
cp resources/.env.example .env
-
Edit
.envwith your Apple Developer credentials:# Your Developer ID Application certificate SIGNING_IDENTITY_APP=Developer ID Application: Your Name (TEAM_ID) # Your Developer ID Installer certificate SIGNING_IDENTITY_PKG=Developer ID Installer: Your Name (TEAM_ID) # Your notarization credentials profile NOTARIZATION_PROFILE=your_profile_name # Your Apple Developer Team ID NOTARIZATION_TEAM_ID=YOUR_TEAM_ID
-
Important: The
.envfile is excluded from git by.gitignoreto protect your credentials
- Signing Identities: Run
security find-identity -v -p codesigningto list available certificates - Team ID: Found in your Apple Developer account or in the certificate name
- Notarization Profile: Create with
xcrun notarytool store-credentials
Build the complete signed and notarized installer:
make buildThis will:
- Compile the Swift binary (universal: arm64 + x86_64)
- Create the app bundle structure
- Sign the binary and app bundle
- Build the installer package
- Sign the installer package
- Notarize with Apple
- Staple the notarization ticket
- Verify all signatures
make help- Show all available targetsmake swift-build- Compile Swift binary onlymake build-pkg- Build unsigned packagemake sign-pkg- Sign the packagemake verify- Verify signatures and notarizationmake clean- Remove build artifacts
Instead of using a .env file, you can pass variables directly:
make build \
SIGNING_IDENTITY_APP="Developer ID Application: Your Name (TEAM_ID)" \
SIGNING_IDENTITY_PKG="Developer ID Installer: Your Name (TEAM_ID)" \
NOTARIZATION_PROFILE="your_profile" \
NOTARIZATION_TEAM_ID="YOUR_TEAM_ID"Sources/
BootstrapMateCore/ - Core library code
Managers/ - Business logic managers
Utilities/ - Shared utilities and constants
BootstrapMateCLI/ - Command-line executable
Tests/
BootstrapMateCoreTests/ - Test suite
packaging/ - Installer source files
scripts/ - Postinstall scripts
LaunchDaemons/ - LaunchDaemon plist
resources/ - App bundle resources
resources/ - Examples and helper scripts
.env.example - Environment configuration template
preflight.sh - Pre-bootstrap device validation script
setup-credentials.example.sh - Credentials setup example
setup-notarization.sh - Notarization setup helper
# Run tests
swift test
# Build debug version
swift build
# Build release (universal)
swift build -c release --arch arm64 --arch x86_64The following files should never be committed:
.env- Contains your private credentials (blocked by .gitignore)
The following files should be committed:
resources/.env.example- Template for other developersMakefile- Contains no sensitive information
All signing identities, team IDs, and notarization credentials are kept in the .env file or environment variables. The repository contains no hardcoded credentials.