diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0285527..c07f0cf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -101,11 +101,10 @@ jobs:
         run: |
           DMG_PATH=$(ls src-tauri/target/universal-apple-darwin/release/bundle/dmg/*.dmg | head -1)
           rm -f "${DMG_PATH}.sig"
-          # 用 python 将私钥写入文件，避免 shell 多行环境变量传递问题
-          # 注意：清空 TAURI_SIGNING_PRIVATE_KEY 环境变量，避免与 -f 参数冲突
+          # 将私钥写入临时文件（strip 去掉首尾空白）
           python3 -c "import os; open('/tmp/private.key','w').write(os.environ['TAURI_SIGNING_PRIVATE_KEY'].strip())"
-          unset TAURI_SIGNING_PRIVATE_KEY
-          npx tauri signer sign -f /tmp/private.key -p "$TAURI_SIGNING_PRIVATE_KEY_PASSWORD" "$DMG_PATH"
+          # 用 env -u 清除 TAURI_SIGNING_PRIVATE_KEY 环境变量，避免与 -f 参数冲突
+          env -u TAURI_SIGNING_PRIVATE_KEY npx tauri signer sign -f /tmp/private.key -p "$TAURI_SIGNING_PRIVATE_KEY_PASSWORD" "$DMG_PATH"
           rm -f /tmp/private.key
         env:
           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}