sjs/vibetunnel
1
0
Fork 0
mirror of https://github.com/samsonjs/vibetunnel.git synced 2026-04-27 15:17:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix EdDSA signatures with correct private key

Browse source 
- Update generate-appcast.sh to use private key file exclusively
- Add validation to ensure private key exists before signing
- Regenerate appcast signatures with correct key
- Add private/ directory to .gitignore for security
This commit is contained in:
Peter Steinberger 2025-06-19 04:58:42 +02:00
parent 585a593ecc
commit b2b340fd1e
3 changed files with 32 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -102,3 +102,6 @@ default.profdata
# Tuist generated files # Tuist generated files
Derived/ Derived/
Workspace.xcworkspace/ Workspace.xcworkspace/
# Sparkle private keys - NEVER commit these
private/

4
appcast-prerelease.xml
View file

@ -34,7 +34,7 @@
url="https://github.com/amantus-ai/vibetunnel/releases/download/v1.0.0-beta.2/VibeTunnel-1.0.0-beta.2.dmg" url="https://github.com/amantus-ai/vibetunnel/releases/download/v1.0.0-beta.2/VibeTunnel-1.0.0-beta.2.dmg"
length="22201465" length="22201465"
type="application/octet-stream" type="application/octet-stream"
sparkle:edSignature="TNrYDY8jH9PyJb3lRqvARthil/B5NfEC7RRB/s/Q5SARkgDZrKWSYHjKcbFnlHX6qDF1MdSx8czUN05bALGeDg==" sparkle:edSignature="VuOks4uaCl1UNuz+229Pqn4sXmLYU3+Jp2tWGyHzVGUei3bPuyXX9OD+p2vxrCKJSn/XqJbWp03c6dKd384PBw=="
/> />
<sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion> <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
</item> </item>
@ -53,7 +53,7 @@
url="https://github.com/amantus-ai/vibetunnel/releases/download/v1.0-beta.1/VibeTunnel-1.0-beta.1.dmg" url="https://github.com/amantus-ai/vibetunnel/releases/download/v1.0-beta.1/VibeTunnel-1.0-beta.1.dmg"
length="17928597" length="17928597"
type="application/octet-stream" type="application/octet-stream"
sparkle:edSignature="lm3eCKxuykGYj1oRG3uRm3QB+3azo7EGGeuP2SzZHsobnKGBxq48H21rN9WDi2mry8NbGM9YwjdjfzS56h7GDA==" sparkle:edSignature="9h7sCoJVawjj3PJePiyrIebQDNlMG3Kqp253QcMYdJEnXzWafTYBo5LUPNHosVisPW6dV3Gc0Il5bjGuizLXAw=="
/> />
<sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion> <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
</item> </item>

51
scripts/generate-appcast.sh
View file

@ -23,6 +23,14 @@ GITHUB_USERNAME="${GITHUB_USERNAME:-amantus-ai}"
GITHUB_REPO="${GITHUB_USERNAME}/${GITHUB_REPO:-vibetunnel}" GITHUB_REPO="${GITHUB_USERNAME}/${GITHUB_REPO:-vibetunnel}"
SPARKLE_PRIVATE_KEY_PATH="private/sparkle_private_key" SPARKLE_PRIVATE_KEY_PATH="private/sparkle_private_key"
# Verify private key exists
if [ ! -f "$SPARKLE_PRIVATE_KEY_PATH" ]; then
echo -e "${RED}❌ Error: Sparkle private key not found at $SPARKLE_PRIVATE_KEY_PATH${NC}"
echo "This file is required to sign updates for Sparkle."
echo "Please ensure the private key is available before running this script."
exit 1
fi
# Colors for output # Colors for output
GREEN='\033[0;32m' GREEN='\033[0;32m'
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
@ -84,37 +92,30 @@ generate_signature() {
return 0 return 0
fi fi
# Try to use sign_update from Keychain first (preferred method) # Find sign_update binary
local sign_update_bin=""
if command -v sign_update >/dev/null 2>&1; then if command -v sign_update >/dev/null 2>&1; then
# First try without -f flag to use Keychain sign_update_bin="sign_update"
local signature=$(sign_update "$file_path" -p 2>/dev/null) elif [ -f ".build/artifacts/sparkle/Sparkle/bin/sign_update" ]; then
sign_update_bin=".build/artifacts/sparkle/Sparkle/bin/sign_update"
elif [ -f "build/SourcePackages/artifacts/sparkle/Sparkle/bin/sign_update" ]; then
sign_update_bin="build/SourcePackages/artifacts/sparkle/Sparkle/bin/sign_update"
else
echo -e "${RED}❌ Error: Could not find sign_update binary${NC}" >&2
echo "Please ensure Sparkle is built or sign_update is in PATH" >&2
exit 1
fi
# Sign using the private key file (no fallback)
local signature=$($sign_update_bin "$file_path" -f "$SPARKLE_PRIVATE_KEY_PATH" -p 2>/dev/null)
if [ -n "$signature" ] && [ "$signature" != "-----END PRIVATE KEY-----" ]; then if [ -n "$signature" ] && [ "$signature" != "-----END PRIVATE KEY-----" ]; then
echo "$signature" echo "$signature"
return 0 return 0
fi fi
# If Keychain didn't work and we have a private key file, try that echo -e "${RED}❌ Error: Failed to generate signature for $filename${NC}" >&2
if [ -f "$SPARKLE_PRIVATE_KEY_PATH" ]; then echo "Please ensure the private key at $SPARKLE_PRIVATE_KEY_PATH is valid" >&2
signature=$(sign_update "$file_path" -f "$SPARKLE_PRIVATE_KEY_PATH" -p 2>/dev/null) exit 1
if [ -n "$signature" ] && [ "$signature" != "-----END PRIVATE KEY-----" ]; then
echo "$signature"
return 0
fi
fi
fi
# Try using the bundled tool from Sparkle framework
local sign_tool="/Applications/Sparkle Test App.app/Contents/Frameworks/Sparkle.framework/Versions/B/Resources/sign_update"
if [ -f "$sign_tool" ]; then
local signature=$("$sign_tool" "$file_path" -p 2>/dev/null)
if [ -n "$signature" ] && [ "$signature" != "-----END PRIVATE KEY-----" ]; then
echo "$signature"
return 0
fi
fi
print_warning "Could not generate signature for $filename"
echo ""
} }
# Function to format date for appcast # Function to format date for appcast