From 0ae700e3c77d440206dc2e6b5fd7df9d8f29ceca Mon Sep 17 00:00:00 2001
From: Brandon Evans <brandon@brandonevans.ca>
Date: Tue, 19 Jan 2021 21:37:10 -0700
Subject: [PATCH] Parse signature from release body and include in appcast

---
 AppCast/_includes/appcast.inc        |  4 ++++
 AppCast/_plugins/signature_filter.rb | 12 ++++++++++++
 README.md                            |  5 +++++
 3 files changed, 21 insertions(+)
 create mode 100644 AppCast/_plugins/signature_filter.rb

diff --git a/AppCast/_includes/appcast.inc b/AppCast/_includes/appcast.inc
index 0e1a628..335a64f 100644
--- a/AppCast/_includes/appcast.inc
+++ b/AppCast/_includes/appcast.inc
@@ -12,6 +12,8 @@
                         <description><![CDATA[{{ release.body | markdownify }}]]></description>
                         <pubDate>{{ release.published_at | date_to_rfc822 }}</pubDate>
                         {% for asset in release.assets limit:1 %}
+                            {% assign signature = release.body | sparkle_signature %}
+
                             {% assign build_nums = release.tag_name | replace_first:'v','' | replace_first:'b',',' | split:',' %}
                             {% if build_nums.size == 2 %}
                                 {% assign version_number = build_nums[0] %}
@@ -21,6 +23,7 @@
                                     url="{{ asset.browser_download_url }}"
                                     sparkle:version="{{ build_number }}"
                                     sparkle:shortVersionString="{{ version_number }}"
+                                    sparkle:edSignature="{{ signature }}"
                                     length="{{ asset.size }}"
                                     type="application/octet-stream" />
                             {% else %}
@@ -29,6 +32,7 @@
                                 <enclosure
                                     url="{{ asset.browser_download_url }}"
                                     sparkle:version="{{ version }}"
+                                    sparkle:edSignature="{{ signature }}"
                                     length="{{ asset.size }}"
                                     type="application/octet-stream" />
                             {% endif %}
diff --git a/AppCast/_plugins/signature_filter.rb b/AppCast/_plugins/signature_filter.rb
new file mode 100644
index 0000000..0a9509c
--- /dev/null
+++ b/AppCast/_plugins/signature_filter.rb
@@ -0,0 +1,12 @@
+module Jekyll
+  module SignatureFilter
+    def sparkle_signature(release_body)
+      regex = /<!-- sparkle:edSignature=(?<signature>.*) -->/m
+      signature = release_body.match(regex).named_captures["signature"]
+      raise "Didn't find a signature in the release body." if signature.empty?
+      signature
+    end
+  end
+end
+
+Liquid::Template.register_filter(Jekyll::SignatureFilter)
\ No newline at end of file
diff --git a/README.md b/README.md
index 4f70beb..6a10263 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,9 @@ scripts/package_release.sh
 # Do this from the Product directory so the app is zipped without being nested inside Product 
 pushd Product
 ../scripts/notarize.sh "test@example.com" "@keychain:altool" MyOrg Xcodes.zip
+
+# Sign the .zip for Sparkle, note the signature in the output for later
+../scripts/sign_update Xcodes.zip
 popd
 
 # Go to https://github.com/RobotsAndPencils/XcodesApp/releases
@@ -64,6 +67,8 @@ popd
 # Set its tag to the tag you just pushed
 # Set its title to a string with the format "$VERSION ($BUILD)"
 # Polish the draft release notes, if necessary
+# Add the signature to the bottom of the release notes in a comment, like:
+<!-- sparkle:edSignature=$SIGNATURE -->
 # Attach the zip that was created in the Product directory to the release
 # Publish the release
 ```