Add EdDSA support and sample macOS app for testing

Author: digitalmoksha

lib/motion-sparkle-sandbox.rb

@@ -12,6 +12,7 @@
 require 'motion/project/appcast'
 require 'motion/project/project'
 require 'motion/project/rake_tasks'
+require 'motion/project/indent_string'
 
 lib_dir_path = File.dirname(File.expand_path(__FILE__))
 

lib/motion/project/appcast.rb

@@ -1,65 +1,134 @@
 module Motion::Project
   class Sparkle
-    def create_release_notes
-      if File.exist?(release_notes_template_path)
-        File.open(release_notes_path.to_s, 'w') do |f|
-          template = File.read(release_notes_template_path)
-          f << ERB.new(template).result(binding)
-        end
-        App.info 'Create', "./#{release_notes_path}"
-      else
-        App.fail "Release notes template not found as expected at ./#{release_notes_template_path}"
+    # Generate the appcast.
+    # Note: We do not support the old DSA keys, only the newer EdDSA keys.
+    #       See https://sparkle-project.org/documentation/eddsa-migration
+    def generate_appcast
+      generate_appcast_app = "#{vendored_sparkle_path}/bin/generate_appcast"
+      path = (project_path + archive_folder).realpath
+      appcast_filename = (path + appcast.feed_filename)
+
+      args = []
+
+      FileUtils.mkdir_p(path) unless File.exist?(path)
+
+      App.info('Sparkle', "Generating appcast using `#{generate_appcast_app}`")
+      puts "from files in `#{path}`...".indent(11)
+
+      if appcast.use_exported_private_key && File.exist?(private_key_path)
+        # -s <private-EdDSA-key>  The private EdDSA string (128 characters). If not
+        #                         specified, the private EdDSA key will be read from
+        #                         the Keychain instead.
+        private_key = File.read(private_key_path)
+        args << "-s=#{private_key}"
       end
-    end
 
-    def create_appcast
-      create_release_folder
-      appcast_file = File.open("#{sparkle_release_path}/#{appcast.feed_filename}", 'w') do |f|
-        xml_string = ''
-        doc = REXML::Formatters::Pretty.new
-        doc.write(appcast_xml, xml_string)
-        f << "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
-        f << xml_string
-        f << "\n"
+      # --download-url-prefix <url> A URL that will be used as prefix for the URL from
+      #                             where updates will be downloaded.
+      args << "--download-url-prefix=#{appcast.package_url}" if appcast.package_url.present?
+
+      # --release-notes-url-prefix <url> A URL that will be used as prefix for constructing
+      #                                  URLs for release notes.
+      args << "--release-notes-url-prefix=#{appcast.notes_url}" if appcast.notes_url.present?
+
+      # --link <link>           A URL to the application's website which Sparkle may
+      #                         use for directing users to if they cannot download a
+      #                         new update from within the application. This will be
+      #                         used for new generated update items. By default, no
+      #                         product link is used.
+
+      # --versions <versions>   An optional comma delimited list of application
+      #                         versions (specified by CFBundleVersion) to generate
+      #                         new update items for. By default, new update items
+      #                         are inferred from the available archives and are only
+      #                         generated if they are in the latest 5 updates in the
+      #                         appcast.
+
+      # --maximum-deltas <maximum-deltas>
+      #                         The maximum number of delta items to create for the
+      #                         latest update for each minimum required operating
+      #                         system. (default: 5)
+
+      # --channel <channel-name>
+      #                         The Sparkle channel name that will be used for
+      #                         generating new updates. By default, no channel is
+      #                         used. Old applications need to be using Sparkle 2 to
+      #                         use this feature.
+
+      # --major-version <major-version>
+      #                         The last major or minimum autoupdate sparkle:version
+      #                         that will be used for generating new updates. By
+      #                         default, no last major version is used.
+
+      # --phased-rollout-interval <phased-rollout-interval>
+      #                         The phased rollout interval in seconds that will be
+      #                         used for generating new updates. By default, no
+      #                         phased rollout interval is used.
+
+      # --critical-update-version <critical-update-version>
+      #                         The last critical update sparkle:version that will be
+      #                         used for generating new updates. An empty string
+      #                         argument will treat this update as critical coming
+      #                         from any application version. By default, no last
+      #                         critical update version is used. Old applications
+      #                         need to be using Sparkle 2 to use this feature.
+
+      # --informational-update-versions <informational-update-versions>
+      #                         A comma delimited list of application
+      #                         sparkle:version's that will see newly generated
+      #                         updates as being informational only. An empty string
+      #                         argument will treat this update as informational
+      #                         coming from any application version. By default,
+      #                         updates are not informational only. --link must also
+      #                         be provided. Old applications need to be using
+      #                         Sparkle 2 to use this feature.
+
+      # -o <output-path>        Path to filename for the generated appcast (allowed
+      #                         when only one will be created).
+
+      # -f <private-dsa-key-file> Path to the private DSA key file. Only use this
+      #                           option for transitioning to EdDSA from older updates.
+      # Note: only for supporting a legacy app that used DSA keys.  Check if the
+      # default DSA key exists in `sparkle/config/dsa_priv.pem` and if it does,
+      # add it to the command.
+      if File.exist?(legacy_private_key_path)
+        App.info 'Sparkle', "Also signing with legacy DSA key at #{legacy_private_key_path}"
+        args << "-f=#{legacy_private_key_path}"
       end
-      if appcast_file
-        App.info 'Create', "./#{sparkle_release_path}/#{appcast.feed_filename}"
-      else
-        App.info 'Fail', "./#{sparkle_release_path}/#{appcast.feed_filename} not created"
+
+      args << "-o=#{appcast_filename}" if appcast_filename.present?
+
+      App.info 'Executing', [generate_appcast_app, *args, path.to_s].join(' ')
+
+      results, status = Open3.capture2e(generate_appcast_app, *args, path.to_s)
+
+      App.info('Sparkle', "Saved appcast to `#{appcast_filename}`") if status.success?
+      puts results.indent(11)
+
+      if status.success?
+        puts
+        puts "SUFeedURL     : #{feed_url}".indent(11)
+        puts "SUPublicEDKey : #{public_EdDSA_key}".indent(11)
       end
     end
 
-    def appcast_xml
-      rss = REXML::Element.new 'rss'
-      rss.attributes['xmlns:atom'] = 'http://www.w3.org/2005/Atom'
-      rss.attributes['xmlns:sparkle'] = 'http://www.andymatuschak.org/xml-namespaces/sparkle'
-      rss.attributes['xmlns:version'] = '2.0'
-      rss.attributes['xmlns:dc'] = 'http://purl.org/dc/elements/1.1/'
-      channel = rss.add_element 'channel'
-      channel.add_element('title').text = @config.name
-      channel.add_element('description').text = "#{@config.name} updates"
-      channel.add_element('link').text = @config.info_plist['SUFeedURL']
-      channel.add_element('language').text = 'en'
-      channel.add_element('pubDate').text = Time.now.strftime('%a, %d %b %Y %H:%M:%S %z')
-      atom_link = channel.add_element('atom:link')
-      atom_link.attributes['href'] = @config.info_plist['SUFeedURL']
-      atom_link.attributes['rel'] = 'self'
-      atom_link.attributes['type'] = 'application/rss+xml'
-      item = channel.add_element 'item'
-      item.add_element('title').text = "#{@config.name} #{@config.short_version}"
-      item.add_element('pubDate').text = Time.now.strftime('%a, %d %b %Y %H:%M:%S %z')
-      guid = item.add_element('guid')
-      guid.text = "#{@config.name}-#{@config.short_version}"
-      guid.attributes['isPermaLink'] = false
-      item.add_element('sparkle:releaseNotesLink').text = appcast.notes_url.to_s
-      enclosure = item.add_element('enclosure')
-      enclosure.attributes['url'] = appcast.package_url.to_s
-      enclosure.attributes['length'] = @package_size.to_s
-      enclosure.attributes['type'] = 'application/octet-stream'
-      enclosure.attributes['sparkle:version'] = @config.version
-      enclosure.attributes['sparkle:shortVersionString'] = @config.short_version
-      enclosure.attributes['sparkle:dsaSignature'] = @package_signature
-      rss
+    def generate_appcast_help
+      generate_appcast_app = "#{vendored_sparkle_path}/bin/generate_appcast"
+      results, _status = Open3.capture2e(generate_appcast_app, '--help')
+      puts results
+    end
+
+    def create_release_notes
+      App.fail "Release notes template not found as expected at ./#{release_notes_template_path}" unless File.exist?(release_notes_template_path)
+
+      create_release_folder
+
+      File.open(release_notes_path.to_s, 'w') do |f|
+        template = File.read(release_notes_template_path)
+        f << ERB.new(template).result(binding)
+      end
+
+      App.info 'Create', "./#{release_notes_path}"
     end
 
     def release_notes_template_path
@@ -71,7 +140,7 @@ def release_notes_content_path
     end
 
     def release_notes_path
-      sparkle_release_path + appcast.notes_filename.to_s
+      sparkle_release_path + (appcast.notes_filename || "#{app_name}.#{@config.short_version}.html")
     end
 
     def release_notes_content
@@ -94,29 +163,31 @@ class Appcast
                     :notes_filename,
                     :package_base_url,
                     :package_filename,
-                    :archive_folder
+                    :archive_folder,
+                    :use_exported_private_key
 
       def initialize
         @feed_base_url = nil
         @feed_filename = 'releases.xml'
         @notes_base_url = nil
-        @notes_filename = 'release_notes.html'
+        @notes_filename = nil
         @package_base_url = nil
         @package_filename = nil
         @base_url = nil
         @archive_folder = nil
+        @use_exported_private_key = false
       end
 
       def feed_url
-        "#{feed_base_url || base_url}/#{feed_filename}"
+        "#{feed_base_url || base_url}#{feed_filename}"
       end
 
       def notes_url
-        "#{notes_base_url || base_url}/#{notes_filename}"
+        notes_base_url || base_url
       end
 
       def package_url
-        "#{package_base_url || base_url}/#{package_filename}"
+        package_base_url || base_url
       end
     end
   end

lib/motion/project/indent_string.rb

@@ -0,0 +1,16 @@
+# https://makandracards.com/makandra/6087-ruby-indent-a-string
+String.class_eval do
+  def indent(count, char = ' ', skip_first_line: false)
+    gsub(/([^\n]*)(\n|$)/) do |match|
+      last_iteration = ($1 == "" && $2 == "")
+      line = ""
+      line << (char * count) unless last_iteration || skip_first_line
+      line << $1
+      line << $2
+
+      skip_first_line = false
+
+      line
+    end
+  end
+end

lib/motion/project/package.rb

@@ -13,14 +13,16 @@ def package
       App.info 'Size', @package_size.to_s
 
       sign_package
-      create_appcast
       create_release_notes
+
       `open #{sparkle_release_path}`
     end
 
     def create_zip_file
       App.fail 'You need to build your app with the Release target to use Sparkle' unless File.exist?(app_bundle_path)
 
+      App.info 'Create', "./#{sparkle_release_path}/#{zip_file}"
+
       if File.exist?("#{sparkle_release_path}/#{zip_file}")
         App.fail "Release already exists at ./#{sparkle_release_path}/#{zip_file} (remove it manually with `rake sparkle:clean`)"
       end
@@ -31,18 +33,24 @@ def create_zip_file
 
       FileUtils.mv "#{app_release_path}/#{zip_file}", "./#{sparkle_release_path}/"
 
-      App.info 'Create', "./#{sparkle_release_path}/#{zip_file}"
-
       @package_file = zip_file
       @package_size = File.size "./#{sparkle_release_path}/#{zip_file}"
     end
 
     def sign_package
       package = "./#{sparkle_release_path}/#{zip_file}"
-      @package_signature = `#{openssl} dgst -sha1 -binary < "#{package}" | #{openssl} dgst -dss1 -sign "#{private_key_path}" | #{openssl} enc -base64`
-      @package_signature = @package_signature.strip
+      sign_update_app = "#{vendored_sparkle_path}/bin/sign_update"
+      args = []
+
+      if appcast.use_exported_private_key && File.exist?(private_key_path)
+        # -s <private-key>        The private EdDSA (ed25519) key
+        private_key = File.read(private_key_path)
+        args << "-s=#{private_key}"
+      end
+
+      results, _status = Open3.capture2e(sign_update_app, *args, package)
 
-      App.info 'Signature', "\"#{@package_signature}\""
+      App.info 'Signature', results
     end
   end
 end

lib/motion/project/rake_tasks.rb

@@ -1,8 +1,16 @@
-# Rake tasks
+# Sparkle specific rake tasks
 namespace :sparkle do
-  task :install do
-    sparkle = App.config.sparkle
-    sparkle.install
+  desc 'Sparkle Help'
+  task :help do
+    puts <<~HELP
+      During initial Sparkle setup, run these rake tasks:
+
+      1. `rake setup_certificates`
+      2. `rake setup`
+
+      Then after running `rake build:release`, you can run
+      `rake sparkle:package`
+    HELP
   end
 
   desc 'Setup Sparkle configuration'
@@ -11,7 +19,7 @@
     sparkle.setup
   end
 
-  desc 'Create a ZIP file with you application .app release build'
+  desc 'Create a ZIP file with your application .app release build'
   task :package do
     App.config_without_setup.build_mode = :release
     sparkle = App.config.sparkle
@@ -23,36 +31,27 @@
     sparkle.generate_keys
   end
 
-  desc 'Sign the ZIP file with appropriate certificates'
+  desc 'Generate the EdDSA signature for a package'
   task :sign do
     App.config_without_setup.build_mode = :release
     sparkle = App.config.sparkle
     sparkle.sign_package
   end
 
-  task :recreate_public_key do
-    sparkle = App.config.sparkle
-    sparkle.generate_public_key
-  end
-
-  task :copy_release_notes_templates do
-    App.config_without_setup.build_mode = :release
-    sparkle = App.config.sparkle
-    sparkle.copy_templates(force = true)
-  end
-
-  desc 'Generate the appcast xml feed'
-  task :feed do
+  desc "Generate the appcast xml feed using Sparkle's `generate_appcast`"
+  task :generate_appcast do
     App.config_without_setup.build_mode = :release
     sparkle = App.config.sparkle
-    sparkle.create_appcast
+    sparkle.generate_appcast
   end
 
-  desc "Generate the appcast using Sparkle's `generate_appcast`"
-  task :generate_appcast do
-    App.config_without_setup.build_mode = :release
-    sparkle = App.config.sparkle
-    results = `#{sparkle.vendored_sparkle_path}/generate_appcast -f "#{sparkle.private_key_path}" "#{sparkle.archive_folder}"`
+  namespace :generate_appcast do
+    desc "Show help for Sparkle's `generate_appcast`"
+    task :help do
+      App.config_without_setup.build_mode = :release
+      sparkle = App.config.sparkle
+      sparkle.generate_appcast_help
+    end
   end
 
   desc 'Update the release notes of this build'
@@ -62,10 +61,6 @@
     sparkle.create_release_notes
   end
 
-  # desc "Upload to configured location"
-  # task :upload do
-  # end
-
   desc 'Clean the Sparkle release folder'
   task :clean do
     dir = Motion::Project::Sparkle::RELEASE_PATH