Sparkle

DSA Keys - Completely Lost

Asked by tmaaz

Sparkle Team,

Thanks so much for this great service. I appreciate all the hard work the Sparkle Team has put into this project --

I'm going to apologize in advance for being so verbose here... but I'm having an issue that I can't seem to figure out. I followed all the instructions, read everything to the letter multiple times, added things and built things as the instructions said to, and read through all the forums... but I'm still confused by the DSA Key section, which seems to be a lynch pin to this service working.

I must not be doing something right or there is a gap in the instructions, because nothing happens when I try to do a "check for update" from my app. I tried out the sample app you provide, and it works flawlessly -- I click the "check for update" menu item, and the activity window pops up briefly, then the update window pops up, and all is good.

However in my app, I click the "check for update" menu item, and nothing happens. No sign or hint that it's doing anything, or faulting out. Then my "check for update" menu item greys out, and I can't test it again without quitting the app and restarting it.

So, I guess my questions are:

1) Are there detailed, step-by-step instructions for adding the keys (e.g., exactly what goes where, what needs to be connected to what, how to debug or test it (to see some sort of feedback/information about what it's doing when it tries to connect, and if it's not working, why), and what the private key does since you don't actually seem to add it to your app build or the XML file, per the existing instructions)? The instructions pertaining to the keys seem a little too simple right now, and I think there are some things that are maybe being perceived as a 'given' that need to be done... but as a self-professed 'noob', I don't know what they are.

2) Is there additional code that needs to be added to the application, that's not explicitly spelled out in the existing instructions? (For those of us running/creating AppleScript Studio apps we would need this info, since, generally speaking, we don't know a lot about the code necessary on the "other side of the fence".) Per the existing instructions, it seems super-simple to create the key, add the key and info to the build, add the resource, then it's presumed that you also add the info to the xml file (since that's not spelled out)... but is that it? Something seems to be missing.

3) There's no mention of replacing the DSA Key string that's in the sample XML file, but I presumed that this was necessary. However, if I leave the sample xml file's key as-is or if I change it to the private or public keys I created, nothing seems to change; nothing happens. I don't know if there some sort of logging or debugging tool specific to Sparkle that I could run, and watch where the breakdown is.

4) For the uninitiated, what is the string format allowed for version numbers? It doesn't seem to matter if I have it inserted as a single digit (6), or a multi-digit "dot release" build string (0.6), or even a multi-digit rev build (0.6.1 or 0.6.r1) -- maybe I haven't even gotten to this point, and it's faulting out before it even gets to the point where it's comparing strings... but showing examples on how we can and can't version our app would also be very helpful.

Thanks so much for taking the time to read this, and any help you can offer -- I'm really looking forward to being able to use this! I just feel like I'm missing a key piece of information, and it's all going to work just fine.

Thanks,

tmaaz

Question information

Language:
English Edit question
Status:
Answered
For:
Sparkle Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Hofman (cmhofman) said : 		#1

There are detailed step by step instructions when you follow the Documentation link on the sparkle home page. For an app you don't need to write any code, you only should edit Info.plist.

If nothing happens, this is not related to DSA signing, because that is checked only after the download of the new version.

As for 4, the best is to follow Apple's guidelines on version numbers: integers separated by periods, especially for the version (CFBundleVersion and sparkle:version). Sparkle also supports some more formats (like alphabetical), but comparison may not work as well or as you may expect.

Revision history for this message
Andy Matuschak (andymatuschak) said : 		#2

Hm. It sounds like your problems may not be related to DSA signing. But if you click Check for Updates and nothing happens, there should be a message outputted to the Console: check that and let us know what you see.

I should probably add a link to the docs to some Wikipedia page about the theory of public/private encryption theory, but basically, you're not adding your private key to anything you distribute because it's *secret*. You use it to sign your updates on your machine, and then the public key, which is derived from it, can then be used to verify that those updates originated from you.

As for the XML file (the appcast), that string is a signature, not a key; it's a "fingerprint" of your update, signed by your private key as way of proof that said update came from you. You can learn how to generate the signature on the "Publishing an Update" page: http://sparkle.andymatuschak.org/documentation/pmwiki.php/Documentation/PublishingAnUpdate

I hope that helps!

Can you help with this problem?

Provide an answer of your own, or ask tmaaz for more information if necessary.

To post a message you must log in.