Gravity DMG

Product Introduction

1. Definition: Gravity DMG is a macOS-native application packaging tool designed to create signed, notarized disk images (DMGs) for software distribution. It falls under the technical category of macOS development utilities, specifically targeting app deployment workflows.
2. Core Value Proposition: Gravity DMG eliminates the complexity of command-line tools like hdiutil, codesign, and notarytool by automating DMG creation, code signing, and Apple notarization. Its primary value lies in enabling developers to build secure, visually polished installers in seconds—without scripting expertise—while ensuring compliance with Apple’s security standards.

Main Features

1. Visual DMG Editor:
   • How it works: Drag-and-drop interface with pre-designed space-themed backgrounds. Renders WYSIWYG (What You See Is What You Get) previews of the final DMG layout.
   • Technology: Native SwiftUI framework for macOS 13+, leveraging Core Graphics for asset positioning.
2. One-Click Notarization:
   • How it works: Direct integration with Apple’s notarytool API. Submits packages to Apple’s notarization service, polls for status, and staples tickets post-approval.
   • Technology: Secure REST API calls with JWT authentication, automating Apple’s notarization workflow end-to-end.
3. Secure Signing & Hardened Runtime:
   • How it works: Automatically signs .app bundles using Developer ID certificates, enables Apple’s Hardened Runtime, and preserves entitlements.
   • Technology: macOS codesign and security frameworks with Keychain integration for certificate management.
4. Keychain Integration:
   • How it works: Stores Developer ID credentials and Notary API keys in the macOS System Keychain, avoiding plain-text files.
   • Technology: Apple’s Keychain Services API with AES-256 encryption.
5. Smart Compression:
   • How it works: Generates DMGs in UDZO (balanced), ULFO (fast-mount), or UDBZ (max compression) formats via hdiutil optimizations.
   • Technology: Apple Disk Image frameworks with adaptive sector sizing.
6. Build Templates:
   • How it works: Saves DMG configurations as reusable templates with dynamic variables (e.g., ${VERSION}, ${DATE}).
   • Technology: JSON-based template serialization for version-controlled workflows.

Problems Solved

1. Pain Point: Manual DMG creation requires mastering fragmented CLI tools (codesign, hdiutil, notarytool), leading to scripting errors, failed notarizations, and unprofessional installer UIs.
2. Target Audience:
   • Indie macOS developers lacking DevOps resources.
   • Enterprise teams needing standardized, auditable release pipelines.
   • DevOps engineers managing code-signing for CI/CD environments.
3. Use Cases:
   • Rapidly packaging freemium apps for App Store outside distribution.
   • Ensuring Hardened Runtime compliance for security-sensitive applications.
   • Generating branded DMGs for client deliverables without design skills.

Unique Advantages

1. Differentiation vs. Competitors: Unlike open-source tools like create-dmg or GUI alternatives (e.g., DropDMG), Gravity DMG natively integrates notarization, Hardened Runtime enforcement, and Keychain security in one tool—eliminating context switching.
2. Key Innovation:
   • Autopilot Workflow: Unifies design, signing, notarization, and compression into a single click.
   • Zero-Config Security: Developer credentials never leave the Keychain, exceeding OWASP standards for secret management.

Frequently Asked Questions (FAQ)

1. Does Gravity DMG support macOS CI/CD pipelines?
   While optimized for manual builds, Gravity DMG’s JSON templates enable consistent output in automated workflows. Future CI/CD integrations are planned.
2. Is Apple Developer Program membership required?
   Yes. You need an active Apple Developer account to generate code-signing certificates and Notary API keys for public distribution.
3. How does Gravity DMG handle app updates?
   Build templates with ${VERSION} variables automate naming for iterative releases. Lifetime licenses include free minor updates.
4. Can I use one license on multiple machines?
   A single Pro License covers two macOS devices (e.g., a MacBook and iMac) for one developer.
5. What happens after the 7-day trial?
   Build/notarization features lock post-trial. Purchasing a $14.99 lifetime license unlocks all capabilities permanently.