Revision: 13761
http://sourceforge.net/p/skim-app/code/13761
Author: hofman
Date: 2023-11-14 16:59:36 +0000 (Tue, 14 Nov 2023)
Log Message:
-----------
Set ed key in Info.plist for appcast signing. Add sign_update command from
Sparkle to sources. Write both ed and dsa signatures to appcast in build
script, old versions may be looking for old signature.
Modified Paths:
--------------
trunk/Info.plist
trunk/build_skim.py
Added Paths:
-----------
trunk/sign_update
Modified: trunk/Info.plist
===================================================================
--- trunk/Info.plist 2023-11-14 16:16:55 UTC (rev 13760)
+++ trunk/Info.plist 2023-11-14 16:59:36 UTC (rev 13761)
@@ -465,8 +465,8 @@
<string>Skim.sdef</string>
<key>SUFeedURL</key>
<string>https://skim-app.sourceforge.io/skim.xml</string>
- <key>SUPublicDSAKeyFile</key>
- <string>dsa_pub.pem</string>
+ <key>SUPublicEDKey</key>
+ <string>OJbci+AJM5DdGKcbQUBWDXiktAQJvyD81XgPJQWRHC0=</string>
<key>SUScheduledCheckInterval</key>
<integer>86400</integer>
<key>UTExportedTypeDeclarations</key>
Modified: trunk/build_skim.py
===================================================================
--- trunk/build_skim.py 2023-11-14 16:16:55 UTC (rev 13760)
+++ trunk/build_skim.py 2023-11-14 16:59:36 UTC (rev 13761)
@@ -369,42 +369,53 @@
# notes are evidently stored as archived RTF data, so find start/end
markers
start = pwoutput.find("-----BEGIN DSA PRIVATE KEY-----")
stopString = "-----END DSA PRIVATE KEY-----"
- stop = pwoutput.find(stopString)
+ stop = pwoutput.find(!topString)
+ key = ""
- assert start != -1 and stop != -1, "failed to find DSA key in secure note"
-
- key = pwoutput[start:stop] + stopString
+ if start != -1 and stop != -1:
+ key = pwoutput[start:stop] + stopString
+
+ # replace RTF end-of-lines
+ key = key.replace("\\134\\012", "\n")
+ key = key.replace("\\012", "\n")
- # replace RTF end-of-lines
- key = key.replace("\\134\\012", "\n")
- key = key.replace("\\012", "\n")
-
return key
def signature_and_size(archive_path):
- # write to a temporary file that's readably only by owner; minor security
issue here since
- # we have to use a named temp file, but it's better than storing
unencrypted key
- keyFile = tempfile.NamedTemporaryFile()
- keyFile.write(keyFromSecureNote())
- keyFile.flush()
+ ed_task = Popen([os.path.join(SOURCE_DIR, "sign_update"), archive_path],
stdout=PIPE)
- # now run the signature for Sparkle...
- sha_task = Popen(["/usr/bin/openssl", "dgst", "-sha1", "-binary"],
stdin=open(archive_path, "rb"), stdout=PIPE)
- dss_task = Popen(["/usr/bin/openssl", "dgst", "-sha1", "-sign",
keyFile.name], stdin=sha_task.stdout, stdout=PIPE)
- b64_task = Popen(["/usr/bin/openssl", "enc", "-base64"],
stdin=dss_task.stdout, stdout=PIPE)
+ signatureAndSize = ed_task.communicate()[0].decode("ascii").strip()
- # now compute the variables we need for writing the new appcast
- appcastSignature = b64_task.communicate()[0].decode("ascii").strip()
- fileSize = str(os.stat(archive_path)[ST_SIZE])
+ if not signatureAndSize.startsWith("sparkle:edSignature="):
+ signatureAndSize = "length=\"" + str(os.stat(archive_path)[ST_SIZE])
+
+ dsaKey = keyFromSecureNote()
- return appcastSignature, fileSize
+ if dsaKey != "":
+ # write to a temporary file that's readably only by owner; minor
security issue here since
+ # we have to use a named temp file, but it's better than storing
unencrypted key
+ keyFile = tempfile.NamedTemporaryFile()
+ keyFile.write(dsaKey)
+ keyFile.flush()
+
+ # now run the signature for Sparkle...
+ sha_task = Popen(["/usr/bin/openssl", "dgst", "-sha1", "-binary"],
stdin=open(archive_path, "rb"), stdout=PIPE)
+ dss_task = Popen(["/usr/bin/openssl", "dgst", "-sha1", "-sign",
keyFile.name], stdin=sha_task.stdout, stdout=PIPE)
+ b64_task = Popen(["/usr/bin/openssl", "enc", "-base64"],
stdin=dss_task.stdout, stdout=PIPE)
+
+ # now compute the variables we need for writing the new appcast
+ dsaSignature = b64_task.communicate()[0].decode("ascii").strip()
+ if dsaSignature != "":
+ signatureAndSize = "\" sparkle:dsaSignature=\"" + dsaSignature +
"\" " + signatureAndSize
+ return signatureAndSize
+
def write_appcast_and_release_notes(newVersion, newVersionString,
minimumSystemVersion, archive_path, outputPath):
print("create Sparkle appcast for %s" % (archive_path))
- appcastSignature, fileSize = signature_and_size(archive_path)
+ signatureAndSize = signature_and_size(archive_path)
download_url =
"https://sourceforge.net/projects/skim-app/files/Skim/Skim-"; + newVersionString
+ "/" + os.path.basename(archive_path) + "/download"
appcastDate = strftime("%a, %d %b %Y %H:%M:%S +0000", gmtime())
if archive_path.endswith("dmg"):
@@ -437,7 +448,7 @@
<description><![CDATA[""" + relNotes + """
]]></description>
<pubDate>""" + appcastDate + """</pubDate>
<sparkle:minimumSystemVersion>""" + minimumSystemVersion +
"""</sparkle:minimumSystemVersion>
- <enclosure url=\"""" + download_url + """\" sparkle:version=\""""
+ newVersion + """\" sparkle:shortVersionString=\"""" + newVersionString +
"""\" length=\"""" + fileSize + """\" type=\"""" + type + """\"
sparkle:dsaSignature=\"""" + appcastSignature + """\" />
+ <enclosure url=\"""" + download_url + """\" sparkle:version=\""""
+ newVersion + """\" sparkle:shortVersionString=\"""" + newVersionString +
"""\" type=\"""" + type + """\" """ + signatureAndSize + """ />
</item>
</channel>
</rss>
Added: trunk/sign_update
===================================================================
(Binary files differ)
Index: trunk/sign_update
===================================================================
--- trunk/sign_update 2023-11-14 16:16:55 UTC (rev 13760)
+++ trunk/sign_update 2023-11-14 16:59:36 UTC (rev 13761)
Property changes on: trunk/sign_update
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
Skim-app-commit mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/skim-app-commit
