Sparkle icon indicating copy to clipboard operation
Sparkle copied to clipboard
verified publisher icon sparkle-project

generate_appcast error

Open gregkr opened this issue 7 years ago • 10 comments

Hi!

I'm trying to generate the Appcast with the ./bin/generate_appcast option, but all I get is an error:

9429:bin administrator$ ./generate_appcast dsa_priv.pem ~/temp/1
file:///Users/administrator/temp/1/Botsapp.dmg 142 __NSCFError
Written /Users/administrator/temp/1/appcast.xml based on 1 updates

appcast.xml appeared, but there is no attribute sparkle:dsaSignature="..."

That's all appcast.xml file:

<?xml version="1.0" standalone="yes"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
<channel>
<title>Botsapp</title>
<item>
<title>142</title>
<pubDate>Thu, 06 Sep 2018 12:00:01 -0700</pubDate>
<sparkle:minimumSystemVersion>10.7</sparkle:minimumSystemVersion>
<enclosure url="Botsapp.dmg" sparkle:version="142" sparkle:shortVersionString="142" length="25474560" type="application/octet-stream"/>
</item>
</channel></rss>

Thanx.

PS: Sparkle-1.20.0, MacOS High Sierra

gregkr avatar Sep 06 '18 19:09 gregkr

Sorry, we have a problem with High Sierra generating private keys that Apple's security framework can't read :( #1155 #1180

kornelski avatar Sep 07 '18 12:09 kornelski

If this isn't going to be fixed/fixable in the near future, perhaps the documentation and/or generate_appcast error message could be updated to be clearer?

nriley avatar Sep 14 '18 18:09 nriley

I generate private key in 10.14 Mojave, and generate_appcast in 10.14, too. I get same error.

Whirlwind avatar Sep 25 '18 13:09 Whirlwind

Please try the latest beta build. The stable release can't generate keys on 10.13-10-14.

kornelski avatar Sep 26 '18 04:09 kornelski

@kornelski unfortunately, generate_appcast from the latest beta build won't sign updates with specified DSA key. Everything ends up with an error "63 Error Domain=Internal CSSM error Code=-2147416063 "Internal error #80010801 at SignTransform_block_invoke......" I also tried to generate new EDDSA keys with "generate_keys" from the latest beta, but it generates only a private key. Where I can find a public key which should be added to Info.plist?

sidlauskaslukas avatar Oct 02 '18 12:10 sidlauskaslukas

We don't support creating new DSA keys any more. From now on, we only support it as a legacy feature for old apps. If you haven't already created a DSA key in the past, then you won't be using DSA at all, ever.

For new apps only the new EdDSA key is needed.

The generate_keys command prints the public key. It's not a file. It's a base64-encoded string to copy&paste into Info.plist.

kornelski avatar Oct 03 '18 09:10 kornelski

@kornelski I already had a DSA key, but as I mentioned previously I ended up with an error when I tried to sign updates with it using latest beta.

It was unclear that you have to run generate_keys twice with the latest beta to get the public key. By the way, is it enough to use EdDSA keys generated with the latest beta or I have to update the Sparkle used in the app? I'm asking this, because it's not possible to update it from cocoapods until it's in beta

sidlauskaslukas avatar Oct 03 '18 09:10 sidlauskaslukas

Did your DSA key work before? Did you generate it on macOS 10.12 or older? (there's a known problem with DSA keys generated on macOS 10.13 or later: they never worked, and will not work on any version of Sparkle. In 10.13 Apple made their OpenSSL generate keys with parameters that their Security.framework doesn't support).

Sparkle.framework version from Cocoapods won't be able to see EdDSA signatures, so you'll need to use the release archive from github to try the new keys. I'll publish the new version to Cocoapods after it gets some testing/bugfixes.

kornelski avatar Oct 03 '18 14:10 kornelski

Could the Sparkle from Cocoapods work on 10.14, now ?

Whirlwind avatar Oct 11 '18 13:10 Whirlwind

I've released the beta to cocoapods.

kornelski avatar Nov 02 '18 17:11 kornelski