cloud goes social

Icon

computer, travel, movies, music, cuisine and more

May 27, 2010 1

Sparkle script in XCode

So,
for a project that I’m working on (Reader Notifier Reloaded, more about it in a following post), I’ve been using Sparkle. It is a great tool for providing updates to the users.

Since Sparkle is using public/private key cryptography in order to sign the updates and guarantee their authenticity there is some “fiddling” one has to do in order to push out an update. Marc Liyanage provides us with a great way to do all the signing, packaging and xml generation for updates.

I’ve been using his technique and just adapted the shell script to make it work on my Snow Leopard 10.6.3 without the need of the libxml perl library.

In particular I’ve changed the SIGNATURE part to:

SIGNATURE=$(
	myvar=$(security find-generic-password -g -s "Sparkle Private Key" 2>&1 1>/dev/null | sed 's/.*-----BEGIN DSA PRIVATE KEY-----\\012\(.*\)\\012-----END DSA PRIVATE KEY-----.*/-----BEGIN DSA PRIVATE KEY-----\
\1\
-----END DSA PRIVATE KEY-----/g' | sed 's/\\012/\
/g')

echo "$myvar" > tmp.tmp

openssl dgst -sha1 -binary < "$ARCHIVE_FILENAME" \
| openssl dgst -dss1 -sign tmp.tmp \
| openssl enc -base64

rm tmp.tmp
)

So, here’s the script I’m using, if anyone wants it!

set -o errexit

if [[ $BUILD_STYLE != "Deploy" ]]; then
	echo Distribution target requires "'Deploy'" build style
	exit
fi

VERSION=$(defaults read "$BUILT_PRODUCTS_DIR/$PRODUCT_NAME.app/Contents/Info" CFBundleVersion)
DOWNLOAD_BASE_URL="http://www.example.com/some_product"
RELEASENOTES_URL="http://www.example.com/some_product/$VERSION.html"

ARCHIVE_FILENAME="${PRODUCT_NAME}_$VERSION.zip"
DOWNLOAD_URL="$DOWNLOAD_BASE_URL/$ARCHIVE_FILENAME"
KEYCHAIN_PRIVKEY_NAME="Sparkle Private Key"

WD=$PWD
cd "$BUILT_PRODUCTS_DIR"
rm -f "$PRODUCT_NAME"*.zip
ditto -ck --keepParent "$PRODUCT_NAME.app" "$ARCHIVE_FILENAME"

SIZE=$(stat -f %z "$ARCHIVE_FILENAME")
PUBDATE=$(LC_TIME=en_US date +"%a, %d %b %G %T %z")
SIGNATURE=$(
	myvar=$(security find-generic-password -g -s "Sparkle Private Key" 2>&1 1>/dev/null | sed 's/.*-----BEGIN DSA PRIVATE KEY-----\\012\(.*\)\\012-----END DSA PRIVATE KEY-----.*/-----BEGIN DSA PRIVATE KEY-----\
\1\
-----END DSA PRIVATE KEY-----/g' | sed 's/\\012/\
/g')

echo "$myvar" > tmp.tmp

openssl dgst -sha1 -binary < "$ARCHIVE_FILENAME" \
| openssl dgst -dss1 -sign tmp.tmp \
| openssl enc -base64

rm tmp.tmp
)

[ $SIGNATURE ] || { echo Unable to load signing private key with name "'$KEYCHAIN_PRIVKEY_NAME'" from keychain; false; }

cat > $VERSION.xml <<EOF
<item>
	<title>Version $VERSION</title>
	<sparkle:releaseNotesLink>$RELEASENOTES_URL</sparkle:releaseNotesLink>
	<pubDate>$PUBDATE</pubDate>
	<enclosure
		url="$DOWNLOAD_URL"
		sparkle:version="$VERSION"
		type="application/octet-stream"
		length="$SIZE"
		sparkle:dsaSignature="$SIGNATURE"
	/>
</item>
EOF

ABOUT

CLOUD GOES SOCIAL is the personal blog of Claudio Marforio.
He holds a MSc in Computer Science with focus on Information Security granted by ETH Zurich. He is currently a PhD Student in the System Security Group of ETH Zurich

Categories

Donate

If you appreciate my work, my applications, this blog in general or you simply feel like rewarding me for something please consider donate.
Any amount will motivate me in keeping up with the blog and the applications.


Thank you!

Donors

F. Olsen, W. Chang, W. Edmondson, C. Sharff, M. Brown, G. Helton, J. de Ruiter, K. Langner, K. Smith, T. OHalloran, B. Zabarauskas

Listening to ...