Home > Mobile >  Sparkle Signing GitHub Actions Xcode 14 macOS
Sparkle Signing GitHub Actions Xcode 14 macOS

Time:01-02

I'm currently trying to develop a GitHub Action which creates a release of a macOS app. This app is also using Sparkle to automatically install new updates.

What I managed to do, following the docs:

  1. A comment on a pull request to master starts the GitHub workflow
  2. The project is archived and exported as a .app.
  3. The .app gets zipped
  4. My private Sparkle key gets imported from GitHub secrets to a file
  5. Sparkle's tool generate_appcast uses that key to update an appcast.xml, which is then put in the directory used by GitHub Pages.
  6. The PR is merged, which triggers the rebuild of pages. The updated appcast gets online and checking for updates shows the latest release, as expected.

However, when trying to install that latest release I get an Update Error, saying: The update is improperly signed and could not be validated. Please try again later or contact the app developer.

I've tried removing the SUPublicEDKey from the project and creating the appcast manually, leaving so the sparkle:edSignature out. This worked as expected, with the latest update getting installed from the app.

Some important outputs:

> codesign --deep -vvv --verify testSparkleRelease.app
...
testSparkleRelease.app: valid on disk
testSparkleRelease.app: satisfies its Designated Requirement

> spctl -a -t exec -vv testSparkleRelease.app
testSparkleRelease.app: rejected
origin=Apple Development: Alexander Perathoner (K3WW8XS***)

I thought that maybe it should be using the Apple Distribution certificate, so I tried importing that one too, and using for the export of the archive — but got the same error.

The entire signing process happens on the GitHub runners that builds the app, following this guide.

Here's the entire project: https://github.com/AlexPerathoner/SparkleReleaseTest, in particular the appcast.xml, and the workflow file

CodePudding user response:

The entire procedure is correct.

The error was in the download link prefix, which didn’t parse correctly. So Sparkle was able to find the presence of a new update, but couldn’t download it - and returned a signing issue.

Page link:https//www.codepudding.com/Mobile/659546.html

Prev:Set the width of a resizable window with a Button in MacOS SwiftUI
Next:Get 'id' from '$route.params'-URL to call it in useQuery
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding