Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Aug 16, 2012
  1. @andymatuschak
  2. @andymatuschak

    Fixes #133: Sparkle deleting/replacing the wrong executable when it u…

    andymatuschak committed
    -[SUHost installationPath] can return different values before and after
    the installation is performed, because it may attempt to normalize the
    installation path--but only if the normalized version of the path isn't
    already present. Which it would be after the installation had completed.
    Now we only compute the installation path once for the whole installation
Commits on Jul 5, 2012
  1. @andymatuschak

    Fixes #48: Adopt standard code signing in favor of DSA signing

    andymatuschak committed
    Thanks to Mattt Thompson (@mattt) for tag-team-ing this with me.
    With this change, if your app deploys only to 10.6+, then you can
    dispense altogether with the DSA signatures on future updates to your
    application: just make sure the "to" version satisfies the "from"
    version's Apple code signing requirements. Most of you are probably
    already doing that, and if you're not, you should be anyway.
    Specifically, Sparkle validates the designated requirement of the "from"
    version against the "to" version. By default, as of this writing, that
    means that the bundle identifiers must be the same, and that the leaf
    certificate of the signature is the same. So if you keep code signing
    your app with the same cert, Sparkle will Just Work without any
    additional DSA signature nonsense for you to deal with.
    Traditional Sparkle DSA signatures will still be honored.
    This support has only been extended to updates to the main app bundle.
    If you're updating some other bundle, you will have to use DSA signatures
    to secure your updates in the future.
    ***IMPORTANT: previously, Sparkle considered an update "safe" if both the
    appcast and update were distributed over https. That is nowhere near as
    strong a verification measure as code signing or the old-school DSA
    signatures, so with this change, support for unsigned, https-distributed
    updates has been removed. If you're targeting 10.6+, start code-signing
    your apps if you haven't already, and everything will be fine. If you're
    targeting earlier OS Xs, you'll need to start adding DSA signatures to
    your appcasts. When you link this changed version of Sparkle into your
    app, it will warn you on launch if you are not code signed and do not
    have a DSA public key specified in your Info.plist.
Commits on Aug 31, 2009
  1. @andymatuschak
Commits on Feb 11, 2009
  1. @andymatuschak

    Fixes Bug #321761: Update crashes below NSTask if /usr/bin/mdimport d…

    andymatuschak committed
    …oes not exist or is not executable
Commits on Sep 20, 2008
  1. @andymatuschak

    Fixes 271378

    andymatuschak committed
    Sparkle is now willing to install a bundle in the archive with the same bundle identifier as the running app as a fallback strategy.
    Thanks to Jim Turner for the patch.
Commits on Sep 10, 2008
  1. @andymatuschak

    More security tidbits!

    andymatuschak committed
    This patch prevents malicious downgrades, which are still possible with DSA validation: suppose there's some (signed) version with a security hole. A malicious attacker could serve an appcast with that version's URL and DSA signature, but a higher version number, forcing the user to "upgrade" to the version with the security hole.
    While I was at it, I fixed a bug that should have completely stopped .pkg installation from working since 1.5b1. Why didn't I hear anything about that? Does anyone actually use .pkgs? It still needs testing to be sure it works.
Commits on Jul 24, 2008
  1. @andymatuschak

    Fixes 244428

    andymatuschak committed
    Removed all Cocoa categories from Sparkle by integrating things into other classes or making categories on existing Sparkle classes. Whoo!
Commits on Jul 16, 2008
  1. @andymatuschak

    Beginnings of insane SUHost-based refactoring to get rid of NSBundle+…

    andymatuschak committed
    …Sparkle. More super-unstable refactorings to come...
Commits on May 15, 2008
  1. @andymatuschak

    Merging in David Smith's branch to fix bug #230123. We now copy the r…

    andymatuschak committed
    …elaunch tool out of the host before installing the update; that way, we can use the old version's tool. This insures us against future changes in the relaunch method.
Something went wrong with that request. Please try again.