Looking for options to sign my app.zip while upgrading to 2.4.0 #2368
Replies: 3 comments
-
|
I found this which generates the appcast.xml but for my use case i again need to then extra the value from <ed>. bin/generate_appcast /Users/xyz/Desktop/test So looking if we have any better solution present. |
Beta Was this translation helpful? Give feedback.
-
|
Please check the |
Beta Was this translation helpful? Give feedback.
-
|
thanks for the pointer, looks like ED_SIG=`Build/sign_update DerivedData/Artifacts/app.zip -p can give me the signature i needed. |
Beta Was this translation helpful? Give feedback.
-
So far we have using the a script which builds our app from jenkins, sign using sparkle dsa_priv.pem and then we process it further to upload.
ex:
Build/sign_update ".../<path>/app.zip" /Users/$CODESIGN_USER/.keys/dsa_priv.pemsign_update -- is the same script we have from sparkle, which recommends now not to be used.
Now since we are migrating to EDSA
I did generated the private and public key and stored the public key in my info.plist as mentioned in official documentation.
https://sparkle-project.org/documentation/#:~:text=Run%20./bin/generate_keys%20tool%20(from%20the%20Sparkle%20distribution%20root).%20This%20needs%20to%20be%20done%20only%20once.%20This%20tool%20will%20do%20two%20things%3A
Question:
Since we have the build machine needs to run the script and sign the app.zip, how can i now use the script or generate the
signatures which i am in need to pass to appcast.xml.
In old spakle 1.23.0 we use the plist entry as
SUPublicDSAKeyFile
dsa_pub.pem
as per the new doc of 2.4.0 we are using this, i hope this should be enough and i dont need the .pem file generation.
SUPublicEDKey
testPublickey
Appreciate if some one can help me to resolve this query.
Beta Was this translation helpful? Give feedback.
All reactions