HTTPS clone URL
Subversion checkout URL
Adopt standard code signing in favor of DSA signing #48
andymatuschak opened this Issue · 3 comments
andymatuschak closed this issue from a commit
Thanks to Mattt Thompson (@mattt) for tag-team-ing this with me. With this change, if your app deploys only to 10.6+, then you can dispense altogether with the DSA signatures on future updates to your application: just make sure the "to" version satisfies the "from" version's Apple code signing requirements. Most of you are probably already doing that, and if you're not, you should be anyway. Specifically, Sparkle validates the designated requirement of the "from" version against the "to" version. By default, as of this writing, that means that the bundle identifiers must be the same, and that the leaf certificate of the signature is the same. So if you keep code signing your app with the same cert, Sparkle will Just Work without any additional DSA signature nonsense for you to deal with. Traditional Sparkle DSA signatures will still be honored. This support has only been extended to updates to the main app bundle. If you're updating some other bundle, you will have to use DSA signatures to secure your updates in the future. ***IMPORTANT: previously, Sparkle considered an update "safe" if both the appcast and update were distributed over https. That is nowhere near as strong a verification measure as code signing or the old-school DSA signatures, so with this change, support for unsigned, https-distributed updates has been removed. If you're targeting 10.6+, start code-signing your apps if you haven't already, and everything will be fine. If you're targeting earlier OS Xs, you'll need to start adding DSA signatures to your appcasts. When you link this changed version of Sparkle into your app, it will warn you on launch if you are not code signed and do not have a DSA public key specified in your Info.plist.