Comments (6)
Thanks for filing this. I'm aware of this issue and tried adopting gktool (which is fairly new) before (#2421, #2433). After several experiments/tests, I ran into some unreliability issues with the OS rejecting swapping the bundle atomically and presenting security/privacy alerts after using gktool in certain conditions and filed bugs to Apple (FB13117812). If the OS bugs I encountered are improved/resolved in the future I will look forward to try adopting gktool again. Until then, I don't want to risk adopting the tool. Leaving this issue open for now because I ultimately do want to adopt performing a Gatekeeper scan (after extraction/validation) in the future.
from sparkle.
Ah okay, good to know! Thank you for the explanation.
from sparkle.
MacOS 14.4 Seed 1 came out and I believe they attempted to resolve FB13117812 as mentioned in the release notes !
Trusted Execution
New Features
-
/usr/bin/syspolicy_check is a new command line tool to help determine if the provided macOS application will pass the current running configurations’ system policy. This includes the same checks performed by the Apple notary service and other macOS Trusted Execution layers such as codesign, Gatekeeper, XProtect, and more. Please see the main page for additional details. (108737781)
-
/usr/bin/gktool is a new command line tool to assess Gatekeeper Policy on applications. gktool can be called to pre-warm the system cache so users do not see the ‘Verifying…’ dialog on first launch of an application. (109793778)
from sparkle.
Those are release notes from macOS 14.0 and aren't new. However, I did some quick testing and believe the issues I was seeing are resolved in the 14.4 Beta. So I'll look at getting a PR up and testing this again soon when I get the chance.
from sparkle.
I merged changes in #2505 to do a gktool scan. There are a couple requirements:
- User must be running macOS 14.4 or later, which is still in beta currently (this path is skipped on earlier OS versions)
- Due to running into other OS issues, Sparkle's Autoupdate helper must be signed with the same team identifier as your new update, otherwise the gktool scan will be skipped. In many in-development scenarios, it is common for this to not be the case (Xcode does not recursively re-sign Sparkle's helpers with Code Sign on Copy). Hence you should test an app update on a build that is notarized, which will definitely be fully/properly signed and further test the update behavior works correctly in this case.
I have not tried what the experience is on a "big" app that would most benefit from this change. I can't test this because any such "big" app is not an app I own and isn't signed by me. Thus it would be helpful if you can test these changes. I may release a pre-release beta build soon. An official release won't be released before macOS 14.4 is released.
from sparkle.
@kaylagalway macOS 14.4 has been released and Sparkle 2.6.0-beta.2 contains the latest changes for invoking gktool. Let me know if you have a chance to test this updating from a fully properly signed build (like a notarized one). Otherwise I will likely release the update sometime next week.
from sparkle.
Related Issues (20)
- Implement a programmatic cancel of an updpate
- Downloader XPC Service needs changes to avoid Sonoma sandboxing warning prompts HOT 3
- Silencing Unknown class 'SPUStandardUpdaterController' warnings
- Create read.md
- SUScheduledCheckInterval = 3600 in info.plist not respected, Sparkle resets to 604800.0
- Custom download and install UI
- Phuoc Nguyen
- Error: No valid unarchiver found
- Uncaught exception @ SPUNoUpdateFoundRecoverySuggestion() HOT 3
- Intermediate process before asking admin password
- Sparkle Wikipedia page proposed for deletion
- Update Error! On CheckForUpdates if App Sandbox=YES In Release env
- Release notes dialog content displaying as white text on white background in dark mode HOT 3
- zip files generated from Xcode Cloud cannot be streamed during extraction HOT 7
- Missing privacy manifest file! HOT 1
- Crash @ -[SPUDownloader downloadDidFinish] SPUDownloader.m, line 252 HOT 1
- Crash in HIToolbox on macOS 12 HOT 2
- Sparkle 2.6.1 generate_appcast fails with "Could not unarchive" HOT 1
- SwiftUI canvas previews in Xcode break when Sparkle is added a dependency in a multiplatform app HOT 3
- Crash when running `checkForUpdates()` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sparkle.