From 9ffbf4ae1ccfb1a54b6c8cd3b7bdb256e5011b1d Mon Sep 17 00:00:00 2001
From: Kateryna Kostiuk <kateryna.kostiuk@savoirfairelinux.com>
Date: Fri, 27 Jan 2023 12:35:07 -0500
Subject: [PATCH] macOS: update signature for Sparkle
This patch sets up app updates to use EdDSA signature as now
it is required by Sparkle
Change-Id: I68a581e21850f04a819f4fe7ea49a33766031e01
---
CMakeLists.txt | 9 ++---
extras/packaging/update/sparkle/dsa_pub.pem | 36 -------------------
.../packaging/update/sparkle/sign_update.sh | 11 ------
.../update/sparkle/sparkle-xml-updater.sh | 14 ++++----
resources/Info.plist | 4 +--
5 files changed, 10 insertions(+), 64 deletions(-)
delete mode 100644 extras/packaging/update/sparkle/dsa_pub.pem
delete mode 100755 extras/packaging/update/sparkle/sign_update.sh
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 92d4d65fd..ab92d866c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -449,12 +449,6 @@ else() # APPLE
HINTS ${sparkle_dir})
add_definitions(-DENABLE_SPARKLE)
message("Sparkle is here:" ${SPARKLE_FRAMEWORK})
- set(PUBLIC_KEY_PATH "${sparkle_dir}/dsa_pub.pem")
- set_source_files_properties(
- ${PUBLIC_KEY_PATH}
- PROPERTIES
- MACOSX_PACKAGE_LOCATION Resources)
- set(PUBLIC_KEY ${PUBLIC_KEY_PATH})
endif()
if(BETA)
message(STATUS "Beta config enabled")
@@ -722,7 +716,7 @@ else()
${CMAKE_CURRENT_SOURCE_DIR}/resources/images/jami.icns)
set(libs ${QT_LIBS} ${SYSTEM_CONFIGURATUION} qrencode ${LIBCLIENT_NAME})
if(ENABLE_SPARKLE)
- set(resources ${resources} ${PUBLIC_KEY} ${SPARKLE_FRAMEWORK})
+ set(resources ${resources} ${SPARKLE_FRAMEWORK})
set(libs ${libs} ${SPARKLE_FRAMEWORK})
endif(ENABLE_SPARKLE)
target_sources(${PROJECT_NAME} PRIVATE ${resources})
@@ -766,6 +760,7 @@ else()
else()
set_target_properties(${PROJECT_NAME} PROPERTIES
SPARKLE_URL "${SPARKLE_URL}"
+ SPARKLE_PUBLIC_KEY "${SPARKLE_PUBLIC_KEY}"
XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/resources/entitlements/Jami.entitlements"
XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME TRUE)
endif()
diff --git a/extras/packaging/update/sparkle/dsa_pub.pem b/extras/packaging/update/sparkle/dsa_pub.pem
deleted file mode 100644
index 97455e2f2..000000000
--- a/extras/packaging/update/sparkle/dsa_pub.pem
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIGRzCCBDoGByqGSM44BAEwggQtAoICAQCp4+JqCDyIMIMGtvpMvEPsQJ2SLJrt
-y16KsLNmcUXLMMSmHdiC2EEZMhfp4OyuXwLGewA1NXBrBS6+6GidA0hh/IhclMUs
-9kjzplVK4mOdKdSvFwuoJ9fdth+ySAXnhpcyLVFKQeoZ/jP20IhW9p+qZE4EMUlx
-Pmls+MbNcZLu/HKiGI4XMN2K4yCxLSFjlpEPcT4yBYAZb+YRdY0v2HK3e9Jnja1b
-Jfm23NaTRxkWzAu2Cm2S8G7JRo3Uuaw7RUmaAkmVWXFC0ZloGKBSeey6y1EuUtVy
-dju3DRVI3RuvmB4yFJvdfgctTR2U6N26H733aOLFsvsSr6/hNp7q0ryDEfjqyW+R
-SJwKZIRwl0WTsxwUzw+OejQH9CNcgkRaPgWBntnZ4OWSr2gFPkolt+VpLhSvKiSb
-0ef3vZBuTp3KNCDGE20OVfQSeCstUyLZpLeG7tRyJEP/aCni9YTpIhZ5B9XNFe2J
-jfzZE2VefKJWpxI1THfPgb0hto6zBuc8kpcKRPqwTRUHQuNwjAuAUKFV3GM9aoUC
-KISWXPg2p1z8LgkuM8sgGEhn0BYEfpJFP3wc1OtIlv0t8Bqm1QR1y6hD/uxCYqq+
-KR9/0eOsNH7dO/+7ydZjvVcBZ3TeGhvLQB/0Iic4Y895WMvN8bSB7NOZ8ODesO0J
-zg2UkMdxdntiKQIhAKISld6gn3g1WSPXvWqT9mZzBly0hXr4DnGI1UtCeQm3AoIC
-AQCMiu6knB8mbhcb7bOGhm3JEfi42+j3zavBYOga7LxP18Fobbf+5bHP3kMdNx8y
-Paf0q0BkGtRC0WyH0ja05vR0bS9dSUT7qshQXm+/BsA/fnWPC54NcGSfRlj1UqHc
-NN39r68EseO7w+w5x1gYFY7Jx/wJqR7gbYgS2GhgIrUo4+vBurl2bVtx6cAwsNXa
-h0GUPAGQUu6qJaM5cpZL2Fkx+ac73q9i3WAlCECrkLpvOkLBSbYNvRR1rlhGawGr
-Z96zEBEcW5FPJvPsjY2WaOvaRfGF9Y0MK8WXptdxY41jdts7n7kRKuwheUrm0bHm
-aCRkGwhtc6hsMdrSzNFLDDScaSjYMx5erqnAKMyieyoiD8gyYN5mhZUokTBdpT1m
-n7lrpQ0KfJtNKFtNUfNmU406vMEiTPKG4wxX/RxdzUqLSKNV1j0JHN6kx4Sq/vLN
-EzO85ZaA79nBd2/8+ktWRiOuCiLu913Obgw3muNKYNVmH6iJibAYP+n7uUZHCzO4
-MxccO5gy1umgTx/16Sya5ov+xt7CmS7kE4M4GzQ+AwXqzx3Mo8O72OWJP7RoRPxt
-KTNiNZcjFrPkP4MkAogKNDt3McUXmKzfWEa+EvKHtXav7yiKoZ/kmQCawYQyvKFP
-oBloHZ5N2iPnRGfABmFk/exF1Nb2dlhtD1hNYqtD3IWmVAOCAgUAAoICAFSPpbKF
-wWcMAwTP7nEWZUr/8efPftwR2Q3F00dbh3ND+Yv7VRam6br+sPnrrPElWL+pPoFy
-Vg7qJ6qmsOBgB+dDSiJ5w5L+aIj+vtmQHyCbbLTkCqzC5AO4pMaaXhg5hRQJw6JN
-VkLByDsqHmjGG5ZLILzzKLi88X5Tz/Zz5FHWisnwRSGQaoZ5xJOCLfPLTOnASB/Q
-uR5nBpYjImZslsPnDwTXVLqqOFo2TiQ3BXGV3BGpP83jaoDSVMjgc2NJNLw7X++b
-mEFkALkG9uhhO57dTShwI+S3IzJfIBhSFW59bkY/N0f8peKAiUXmi3M/QWCvfh4k
-+WRBaRiq+Ap+wV+IM+PH/INm0uEJ97mP5+7dPMZDNq1iPnJOKhqyXskq6i/Z9eg5
-ZzgBw6Pxj6cNhZeg8OQuTfCGIV0m0FtfOZZVUs6l1JlMGb9bGbx2cDJBoI1DQxpG
-X01TCtyNF4ShHbFmMG4JLuxBm99YuUJud2wPXToD9pxGWbh7naJwHzL7ywQQ/A0+
-gSPE436MLSYPVeGr1RdIxFudZcoGZ2gG6V1aqZfNNlVO++UQ0wNTecFMPhdaC4O/
-mnufQC8fSX9qBdnuWfkQQk8bE0kvqz4WSZ+B9Q7bEr7XeOcWibscCslIM2Rs68DK
-ZnO5P9x/rPIJLCXY4xQYBryQCMu6JC5ibWzP
------END PUBLIC KEY-----
diff --git a/extras/packaging/update/sparkle/sign_update.sh b/extras/packaging/update/sparkle/sign_update.sh
deleted file mode 100755
index bb2fbab5e..000000000
--- a/extras/packaging/update/sparkle/sign_update.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -e
-set -o pipefail
-if [ "$#" -ne 2 ]; then
- echo "Usage: $0 update_archive private_key"
- exit 1
-fi
-
-openssl=/usr/bin/openssl
-$openssl dgst -sha1 -binary < "$1" | $openssl dgst -dss1 -sign "$2" | base64 $BASE64_OPTS
-
diff --git a/extras/packaging/update/sparkle/sparkle-xml-updater.sh b/extras/packaging/update/sparkle/sparkle-xml-updater.sh
index ddfd22217..b9a404439 100755
--- a/extras/packaging/update/sparkle/sparkle-xml-updater.sh
+++ b/extras/packaging/update/sparkle/sparkle-xml-updater.sh
@@ -6,13 +6,12 @@ REPO_FOLDER=$1
SPARKLE_FILE=$2
REPO_URL=$3
PACKAGE=$4
-DSA_KEY=$5
-CHANNEL_NAME=$6
-VERSION=$7
-BUILD=$8
+CHANNEL_NAME=$5
+VERSION=$6
+BUILD=$7
-if [ ! -f ${PACKAGE} -o ! -f ${DSA_KEY} ]; then
- echo "Can't find package or dsa key, aborting..."
+if [ ! -f ${PACKAGE} ]; then
+ echo "Can't find package, aborting..."
exit 1
fi
@@ -20,7 +19,6 @@ if [ -f ${REPO_FOLDER}/${SPARKLE_FILE} ]; then
ITEMS=$(sed -n "/<item>/,/<\/item>/p" ${REPO_FOLDER}/${SPARKLE_FILE})
fi
-PACKAGE_SIZE=`stat -f%z ${PACKAGE}`
DATE_RFC2822=`date "+%a, %d %b %Y %T %z"`
cat << EOFILE > ${REPO_FOLDER}/${SPARKLE_FILE}
@@ -37,7 +35,7 @@ cat << EOFILE > ${REPO_FOLDER}/${SPARKLE_FILE}
<sparkle:version>${BUILD}</sparkle:version>
<sparkle:shortVersionString>${VERSION}</sparkle:shortVersionString>
<sparkle:minimumSystemVersion>10.15.0</sparkle:minimumSystemVersion>
- <enclosure url="${REPO_URL}/$(basename ${PACKAGE})" length="$PACKAGE_SIZE" type="application/octet-stream" sparkle:dsaSignature="$(./sign_update.sh ${PACKAGE} ${DSA_KEY})" />
+ <enclosure url="${REPO_URL}/$(basename ${PACKAGE})" type="application/octet-stream" $(./sign_update ${PACKAGE}) />
</item>
$(echo -e "${ITEMS}")
</channel>
diff --git a/resources/Info.plist b/resources/Info.plist
index 19dec6658..3f9dd2b30 100644
--- a/resources/Info.plist
+++ b/resources/Info.plist
@@ -24,8 +24,8 @@
<string>public.app-category.social-networking</string>
<key>NSHumanReadableCopyright</key>
<string>${MACOSX_BUNDLE_COPYRIGHT}</string>
- <key>SUPublicDSAKeyFile</key>
- <string>dsa_pub.pem</string>
+ <key>SUPublicEDKey</key>
+ <string>${SPARKLE_PUBLIC_KEY}</string>
<key>SUFeedURL</key>
<string>${SPARKLE_URL}</string>
<key>NSPrincipalClass</key>
--
GitLab