All geek questions in one place

How to change the source code of the application after the building? Xcode-Sparkle

I am making a Mac agent that needs to use two variables, these two variables must be set every time the user loads the agent, my first attempt was to modify the file Info.plistand sign for Sparkle, but after that I realized that every time when I modify this file and make a signature, this signature will be different from already loaded agents and may cause a problem with Sparkle:

  1. Segue for security issues. Because Sparkle downloads executable code to your user systems, you must be very careful about security. So that Sparkle knows that the downloaded update is not corrupted and does not appear from you (instead of a malicious attacker), we recommend: List item

    • Signing a published update archive with a DSA signature corresponding to the public DSA key included in your application.

https://sparkle-project.org/documentation/

Any tips on how to achieve this?

Here is the script I did to modify and sign:

import plistlib, sys, tempfile, subprocess, os, datetime


# Read the plist file generated by xCode, and write the OrganizationID and OrganizationToken.
plist_file = plistlib.Plist.fromFile("Agent.app/Contents/Info.plist") 
plist_file['OrganizationID'] = sys.argv[1]
plist_file['OrganizationToken'] = sys.argv[2]


plistlib.writePlist(plist_file, "Agent.app/Contents/Info.plist")

VERSION = plist_file['CFBundleVersion']
DOWNLOAD_BASE_URL="https://url/core/mac/agent"
RELEASENOTES_URL= DOWNLOAD_BASE_URL + "/release-notes.html#version-$VERSION"
ARCHIVE_FILENAME="Agent %s.zip" % str(VERSION)
DOWNLOAD_URL="%s/$%s" % (DOWNLOAD_BASE_URL, ARCHIVE_FILENAME)
KEYCHAIN_PRIVKEY_NAME="sparkle_private_key/dsa_priv.pem"
os.environ['openssl']= "/usr/bin/openssl"
SIGNATURE= '$openssl dgst -sha1 -binary < "%s" | $openssl dgst -dss1 -sign "%s" | $openssl enc -base64' %  (ARCHIVE_FILENAME, KEYCHAIN_PRIVKEY_NAME)
signature = subprocess.check_output(SIGNATURE, shell=True).strip()
SIZE = 'stat -f %%z "%s"' % ARCHIVE_FILENAME
size = subprocess.check_output(SIZE, shell=True).strip()
PUBDATE = 'LC_TIME=en_US date +"%a, %d %b %G %T %z"'
pubdate = subprocess.check_output(PUBDATE, shell=True).strip()


xml = '''<rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">
<channel>
<title>Update</title>
<link>
http://sparkle-project.org/files/sparkletestcast.xml
</link>
<description>Most recent changes with links to updates.</description>
<language>en</language>
<item>
<title>Version %s</title>
<sparkle:releaseNotesLink>
%s
</sparkle:releaseNotesLink>
<pubDate>%s</pubDate>
<enclosure
url="%s"
sparkle:version="%s"
type="application/octet-stream"
length="%s"
sparkle:dsaSignature="%s"
/>
</item>
</channel>
</rss>''' % (VERSION, RELEASENOTES_URL, pubdate, DOWNLOAD_URL, VERSION,  size, signature)
+4
source share
1 answer

, (, Info.plist ), DSA (, ), , , HTTP ( ). , . , " " , Mac (Sierra ), DSA Sparkle ( , . ), codesign Info.plist, , , macOS .

, DSA, Sparkle , ( appcast HTTP - ).

, , - , (, , , MAC- , , , , ), , , .

, ! , , , .

+1

Source: https://habr.com/ru/post/1656742/

More articles:


All Articles