SparkleProject/sparkle-project.github.io
1
0
Fork 0
mirror of https://github.com/sparkle-project/sparkle-project.github.io.git synced 2025-11-01 15:35:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update recommendation to use separate feeds instead of sparkle:os (#224)

Browse Source 
Also bump latest version to 2.6.3 in security/reliability page.
This commit is contained in:
Zorg
2024-06-15 16:56:31 -07:00
committed by GitHub
parent 922a8f9801
commit 6052ae0c80
2 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/publishing/index.md
+4 -8
View File
@@ -478,17 +478,13 @@ func updaterDidNotFindUpdate(_ updater: SPUUpdater, error: Error) {
}
```
## Alternate download locations for other operating systems
## Support for other operating systems
Sparkle is available for [Windows](http://winsparkle.org).
Sparkle is available for other platforms and operating systems. Check out [WinSparkle](https://winsparkle.org) and [NetSparkle](https://netsparkleupdater.github.io/NetSparkle/).
To keep the appcast file compatible with the standard Sparkle implementation, a new tag has to be used for cross platform support. It is suggested to use the following to specify downloads for non macOS systems:
We recommend using separate appcast feeds for macOS and Windows versions of your app.
```xml
<sparkle:enclosure sparkle:os="os_name" ... />
```
Replace _os_name_ with either "windows" or "linux", respectively (mind the lower case!). Feel free to add other OS names as needed.
While there is partial support for having macOS and non-macOS items in the same appcast feed (using a `sparkle:os` attribute in a `sparkle:enclosure` element), it is not recommended.
## API Specification
documentation/security-and-reliability/index.md
+1 -1
View File
@@ -9,7 +9,7 @@ These are a list of *major* security and reliability improvements in Sparkle, or
| Version | Changes |
| --------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| 2.6.2 | Fixes a security issue that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle's (Ed)DSA signing checks ([#2550](https://github.com/sparkle-project/Sparkle/pull/2550)); updating is strongly recommended and a fix is also backported to 1.27.3. Fixes an issue for sandboxed apps that enable the Downloader XPC Service from conflicting with each other and presenting a system dialog that "Downloader" differs from previously opened versions affecting macOS 14 and later ([#2511](https://github.com/sparkle-project/Sparkle/pull/2511)). Performs a Gatekeeper scan for signed app updates on macOS 14.4 and later so users don't see a system "Verifying..." dialog when an app update is relaunched ([#2505](https://github.com/sparkle-project/Sparkle/pull/2505)). |
| 2.6.3 | Fixes a security issue that allows an attacker to replace an existing signed update with another payload, which bypasses Sparkle's (Ed)DSA signing checks ([#2550](https://github.com/sparkle-project/Sparkle/pull/2550)); updating is strongly recommended and a fix is also backported to 1.27.3. Fixes an issue for sandboxed apps that enable the Downloader XPC Service from conflicting with each other and presenting a system dialog that "Downloader" differs from previously opened versions affecting macOS 14 and later ([#2511](https://github.com/sparkle-project/Sparkle/pull/2511)). Performs a Gatekeeper scan for signed app updates on macOS 14.4 and later so users don't see a system "Verifying..." dialog when an app update is relaunched ([#2505](https://github.com/sparkle-project/Sparkle/pull/2505)). |
| 2.5.2 | Fixes a rare corruption issue resulting in missing files in the installed bundle, which Gatekeeper may reject ([#2479](https://github.com/sparkle-project/Sparkle/pull/2479)). Adopts macOS 14 Sonoma's cooperative app activation APIs instead of using `-[NSApplication activateIgnoringOtherApps:]` which was deprecated in macOS 14 (mainly impacts background/dockless running apps) ([#2409](https://github.com/sparkle-project/Sparkle/pull/2409)). Fixes updates not installing when executed from a Sparkle CLI utility as root (sudo) user on macOS 14 Sonoma (impacts few out-of-app updaters) ([#2432](https://github.com/sparkle-project/Sparkle/pull/2432)). |
| 2.4.2 | Fixes `NSKeyedUnarchiver` decoding warning of appcast item that contains delta updates ([#2383](https://github.com/sparkle-project/Sparkle/pull/2383)). Hardens verification of passing the update's download to Sparkle's Autoupdate helper ([#2392](https://github.com/sparkle-project/Sparkle/pull/2392)). |
| 2.2.2 | Deprecates the `-s` flag to `generate_appcast` and `sign_update` for passing the private EdDSA key as a command line argument which is insecure ([#2170](https://github.com/sparkle-project/Sparkle/pull/2170)). Please use the Keychain, or pass the key as standard input in CI environments when using `--ed-key-file -` instead. Run these tools with `-h` for further information. |