-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add script to verify signature #896
Comments
I made a quick & dirty command line tool in my Manuscripts.app fork of Sparkle over here for the purpose. |
Yeah, having such a utility around would be nice. This can also be done using
|
I'm happy to prepare a less hacky version of that command-line tool if given a bit more instructions on the kind of conventions I should follow (command line arguments). |
A tool would be nice indeed. I verify my apps in a slightly different way:
|
How about a
We could use our own verification code, but I would like to avoid creating another Xcode target if possible. [edit]: changed |
Why would you like to avoid XCode targets? |
IMO best option would be a build target + a prebuilt copy under the
|
I have found that increasing the number of targets for a project increases management complexity (and in my experience makes merging unpleasant). Moreover it doesn't have to be objc code or more build configurations we have to maintain if it can be written as a script in the same manner as sign_update In either case I think the signature should be accepted from standard input actually since sign_update prints it to standard output.
|
Sure, but a) this target would have to be touched almost never and b) if changes were to be made to the signing code, then nothing needs updating, and related to b, c) the validation is exercising exactly the same validation code as what Sparkle uses in production.
|
Good points, but I think the code may not be purposeful enough to outweigh the cost of adding an additional build target (I think a cost is incurred by just having it around); I think the objc code would be more likely to need updating than a shell script as well. IMO, having I think it may be very useful to know if verification output via |
Setting OpenSSL command line interface and its history and deprecation status in Apple's SDK aside, the easiest way to maintain such a tool in my mind is for a build system to tell if something's changed in a way that it would no longer build, rather than to sometime in the future notice that bitrot has happened? Hacking something together in bash that does not visibly break on platform changes does not mean it couldn't somehow break (breakage just wasn't observed). If a tool like this is considered handy enough to be included in the repo, what would be most useful IMO would be to review the build settings for that two source code file target are sensible and that the command line interface and error handling suffice for the purposes of a diagnostic tool, rather than writing the same thing in an interpreted shell scripting language that depends on openssl beside what Apple's SDK provides.
|
My point that it is not very much code also simulated by a built-in tool is why I got the feeling that it may have not been worthwhile enough to create a whole target for. I realize that figuring out how to do it with the command line tool may have been challenging, which is partly why I pasted commands showing how to achieve it. That alone does not mean a new target is the way to go. The other day someone here was running I think (note: as a final product) that a script could currently be the simplest change to accept into the overall project. However I do realize the same verification code is not being exercised, and maybe using openssl isn't ideal, but it's kind of unfortunate to have our tools result to different methods. |
I’ve stumbled on this issue so here’s a
|
Maybe I am missing something but I cannot find documentation anywhere for how I would verify a signature, given a) a zip / dmg of the update, b) the signature in the form available in an appcast, and the private key that was used to (supposedly) create the signature.
I have a case where I would like to run such a verification on my appcast to find some bad entries where I need to recreate the signature (my app includes an appcast with deltas, and the signatures from the deltas appear to be valid but I appear to have corrupted a few of the signatures for the full-sized updates).
The text was updated successfully, but these errors were encountered: