how to sign your update in sparkle

Question

Can anybody tell me how to sign updates for mac application in sparkle. I checked https://github.com/sparkle-project/Sparkle/wiki/publishing-an-update

But did't get any clear idea.Please tell me

Is this done by Mac developer id ? And what are the other ways except Developer id of signing updates.

Answer 1

Indeed, as pointed out in the documentation you refer to, you may either:

(A) Codesign your application, using your Apple developer certificate - you should do that using Apple's signing tools and workflow. If you want to go command line style, that would be in the line of:

• codesigning: codesign -f -s "$identity" "$somepath"
• entitlements: codesign --entitlements "$entitlements_path" --resource-rules "$tpl" -f -s "$identity" "$somepath"

You will find more about that at Apple: https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

or (B) if you can't / won't codesign, then you can still sign the update itself with a DSA key. This is documented in the page you linked. Pretty much, you should use the Sparkle provided scripts: ruby sign_update.rb path_to_your_update.zip path_to_your_dsa_priv.pem

And you should then add the signature into the appcast.

If you really want to do that all by yourself, then you could fire-up openssl and go something in the line - but again, why not use Sparkle nice scripts? ;)

# Generate keys
/usr/bin/openssl dsaparam 1024 < /dev/urandom > dsaparam.pem
/usr/bin/openssl gendsa dsaparam.pem -out dsa_priv.pem
/usr/bin/openssl dsa -in dsa_priv.pem -pubout -out dsa_pub.pem
rm dsaparam.pem

# Sign the update
/usr/bin/openssl dgst -sha1 -binary < "${dmgFinal}" | /usr/bin/openssl dgst -dss1 -sign "dsa_priv.pem" | /usr/bin/openssl enc -base64

Hope that helps.