-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hardened Runtime is not enabled for Sparkle. macOS Mojave #1266
Comments
We haven't looked at it yet. If you'd like to help, clone Sparkle's source code and see what it takes to enable this mode for Sparkle itself. |
I attempted to enable Hardened Runtime for the above items, but then I received errors:
for each of the items I enabled it on. I'll keep trying different things though. |
I've also tried hardening the Sparkle Test App and uploading that, but I get the following error:
|
So it looks like the XPC Services Script that I had to sign the XPC Services is no longer needed in Xcode. By commenting that all out, I was able to upload to Apple's Notary service. Although I did enable hardened runtime on all the targets in Sparkle, then built the project and copied the XPC and Sparkle.framework to my project. I used the "Automatically manage signing" setting in Sparkle before archiving. I also had to comment out the code inside But I was successfully able to upload so that's good. |
I think it's safe to close this issue since the upload and notarization worked fine after doing what I mentioned in the previous comment. |
@brendand (and @kornelski), do you think everyone will need to rebuild the project themselves for Mojave, or will there be still be a binary downloadable version? I started to follow the notes above, but not having built Sparkle before, I ran into problems at your first step of "enabling hardened runtimes". I don't see a Capabilities tab anywhere for Sparkle framework. I set it for Autoupdate.app, but when I generated the framework and copied it into my app, attempting to archive still said "Autoupdate.app" and "fileop" must be rebuilt with support for the Hardened Runtime. Could you give a bit more detail? |
I can't find information whether hardened runtime is related to sandboxing. If it requires sandboxing, then it won't be supported in Sparkle 1.x. |
Mojave provides the option for a hardened runtime, which protects apps against certain attacks such as code injection, etc. AFAICT this is enabling SIP at the app level. It's optional, but it's required for Apple's new notarization service, where you submit the app for notarization to Apple, but then you distribute it yourself. In addition to enhanced security, running a notarized apps can be run by the user, without being warned off by the Gatekeeper. I'm sure delta sparkle upgrades won't work<<Incorrect; see below>>, but I don't think there'll be any other issue for Sparkle support, other than signing process as discussed here. |
It'd be nice if notarization could prevent app translocation in some way. @mackworth: Why would this break delta updates? If reconstructed properly, shouldn't the resulting app match the notarized signature? Notarization authenticating the downloaded archive instead of the signature for the code-signed app would be weird. |
Sorry, just ignorance on my part of how deltas work. BTW, @kornelski, I should mention: the hardened runtime does not restrict which files you can access, so that’s why I don’t think there’ll be any sandbox-related issue. |
So, after much trial and error, at least in my circumstance, all I needed to do was add:
Turns out I didn't need to recompile, I could just use the current downloaded Sparkle Framework binary. So, I'd suggest adding this to the documentation somewhere, but otherwise things look good to go. (Although I admit I haven't run the autoupdate on the hardened binary yet) |
Any chance we can get a little bit more of layman's guide to how to get Sparkle fixed for Mojave? As someone who has simply used the built frameworks, opening the Sparkle Xcode project doesn't even seem to build properly, using Archive produces no products, there are a billion warnings, using the All target fails unit tests, etc. I tried turning on Hardened mode but at this point can't even find built binaries of Sparkle.framework to try in my app. This is with Xcode 10 GM. Any pointers? |
Archive in Xcode is some weird thing that has never correctly worked for me for any project, ever. For me Sparkle builds cleanly without warnings on Mojave beta, and Xcode 10. But we only support Build option in Xcode. If the normal build option doesn't work flawlessly, please file bugs. |
Archive works great for me, and is mandatory to submit for the new Hardened/Notarized option. @cyphers: so the project builds fine with Xcode 9, but not with 10? I had no problem with Sparkle on Xcode 10 until I tried hardening. Definitely, don't turn on hardening until you've built properly without it. Once you have, then you can turn it on, and sign both the framework and the AutoUpdate App with the -o option. To be specific, my final build phase is Sign Bundled Frameworks:
|
Using Archive on Xcode 10 results in an Archive that has an empty Products folder... That's for the Framework target and every other target I tried. The dSYMs are present, Products is empty. That's from a fresh checkout of master, no modifications. |
That's fascinating. I just did the same thing (Github; Master Branch; Main screen; Clone or Download; Open in Xcode 10 GM (10A254a), Clone in New Folder, Selected Distribution Scheme, Archive (ignored 92 warnings) Then Organizer, Distribute Content, Built Products, Select new Folder on Desktop, Export. ) I got the applications: Sparkle Test App, Binary Delta and generate_appcast. Tried again with All, and did get a linker failure in the Unit Tests. Not sure why that was. |
You can also find the built production release in the build folder, even if they don't get included in the archive export. |
Confirming @mackworth, doing everything in his last 3 comments here seems to result in success. Or at least it provides a build that Xcode says is notarized but then Xcode doesn't highlight the export notarized app button. I think there are some Xcode bugs here probably unrelated to any of this, but I did get a notification of success FWIW. |
@mackworth Confirming that I was able to get this to result in success also. Thanks for sharing. On some of my apps, I didn't even get the option in Organizer to send these to Apple for notary services. After some troubleshooting, I learned this was because of the I had to modify your script slightly to get it to work. Using IDENTITY="${EXPANDED_CODE_SIGN_IDENTITY_NAME}" |
From reading the conversation above, I take it the only way to support notarization is to build Sparkle from source and enable hardening on it? |
@adib I didn't have to build from source. Just apply the code signing script I mentioned and the 'standard' Sparkle configuration worked. Received notice from Apple that the app was notarized (took several days). |
No, I found if you modify the Sign Bundled Frameworks phase as described above, it works just fine, although you may need to go the SKIP_INSTALL change as well
… On Oct 21, 2018, at 10:27 PM, Sasmito Adibowo ***@***.***> wrote:
From reading the conversation above, I take it the only way to support notarization is to build Sparkle from source and enable hardening on it?
|
Thanks, @mackworth, I'm going through the same pain right now. I added your script as a new Run Script phase for my top-level app target and was successful in archiving and uploading it for notarization. Now to figure out how to do this using xcodebuild ... For anyone else struggling with notarization, I also discovered that Apple will only notarize an archive that contains a single product. So you need to set In our case, where our final build actually produces three separate apps for distribution, it looks like we're going to have to re-factor our production scripts to archive and notarize each app separately. |
I got our sandboxed app built with Sparkle and the hardened runtime enabled, and it was accepted by Apple's notarization service. In case anyone else finds this looking for a more concise procedure, here are the steps I followed. Build
TestIn the past, I tested Sparkle updates by temporarily lowering the I built our app with Xcode 10.1 on macOS 10.14.1, but the deployment target is set to 10.12. I successfully tested updates on both 10.14.1 and 10.12. NotarizeAt this point, Apple's notary service accepts the app as having the hardened runtime enabled. It took a few minutes to negotiate the connection and complete the upload, and a few minutes more for the app to be "Ready to Distribute". At that point, there was an "Export Notarized App" button visible at the bottom-right corner of the Organizer window. Running command |
I asked for some clarification at Apple's developer forums. Quinn “The Eskimo!” replied with some typically great information. https://forums.developer.apple.com/message/340768#340768 It turns out you only have to enable the hardened runtime for apps and app-like targets—e.g., share extensions. It pretty much boils down to this: if a target has a Capabilities tab—apps, share extensions, etc.—then enable it there. If not, then don't worry. My only remaining question there is how to handle the code signing of deeply-embedded apps, like Sparkle's Updater. Specifically, I want to know if the I'll update my previous post once I have that cleared up, and I get our apps finalized. |
@kornelski It looks like the A couple of suggestions:
I'd tackle it, but I'm not proficient in Python. If you like, I can open an issue. |
Yes, please open an isssue. And give it a try at implementation — at this point you know this better than I do :) |
@kornelski I opened #1319. It occurs to me that just adding "-o runtime" and renaming the script is sufficient. The instructions can be then be updated to reflect the new name and the step of signing the embedded executables. |
When I attempt to upload a Developer ID Mac app to Apple using Xcode 10 on Mojave (beta 3), I get the following error:
"org.sparkle-project.InstallerConnection.xpc", "org.sparkle-project.InstallerLauncher.xpc", "org.sparkle-project.InstallerStatus.xpc", "Autoupdate", "Updater.app", "Autoupdate", and "Updater.app" must be rebuilt with support for the Hardened Runtime. Enable the Hardened Runtime capability in the project editor, then test your app, rebuild your archive, and upload again.
I'm wondering if there's any instructions that would help to resolve this situation? I've enabled Hardened Runtime in my own app, but I'm not sure how to get it all working properly for Sparkle as well.
The text was updated successfully, but these errors were encountered: