Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve robustness around dmg passwords #2627

Merged
merged 6 commits into from
Sep 15, 2024
Merged

Improve robustness around dmg passwords #2627

merged 6 commits into from
Sep 15, 2024

Conversation

zorgiepoo
Copy link
Member

@zorgiepoo zorgiepoo commented Sep 15, 2024
edited
Loading

  • Fix bug where updater's decryption password was not properly passed to installer
  • Handle failing to unarchive password-protected dmgs when a password is not expected by the updater gracefully
  • Wait for dmgs to be detached for unit tests and tools for better robustness
  • Expand tests for unarchiving dmgs with passwords and/or license agreements

Misc Checklist

  • My change requires a documentation update on Sparkle's website repository
  • My change requires changes to generate_appcast, generate_keys, or sign_update

Testing

I tested and verified my change by using one or multiple of these methods:

  • Sparkle Test App
  • Unit Tests
  • My own app
  • Other (please specify)

Tested unarchiving in sample app:

  • Regular dmg
  • license agreement dmg
  • password protected dmg
  • license agreement + password protected dmg

macOS version tested:
10.14 VM
14.6.1 (23G93)
15.0 Beta (24A5331b)

@zorgiepoo
Improve robustness around extracting disk images
6487cff 
* Handle failing to extract password protected disk images even when a decryption password isn't provided.
* Propagate error with more information when hdiutil attach fails.
* Wait for detaching disk images for unit tests (fixes not being able to run tests repeatably).
* Fix some duplicate obj-c class warnings in test target.
@zorgiepoo
Move notifying success/failure after detaching dmg in all cases
1dd0d27
@zorgiepoo
Fix compile error in generate_appcast
5bfaf1e
@zorgiepoo
Respond with empty password when no password is specified
c571a48
@zorgiepoo
Fix decryption password not being passed to installer correctly
0d138b5
@zorgiepoo zorgiepoo added this to the 2.7 milestone Sep 15, 2024
@zorgiepoo zorgiepoo merged commit 661540d into 2.x Sep 15, 2024
2 checks passed
@zorgiepoo zorgiepoo deleted the improve-dmg-robustness branch September 15, 2024 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.7
Development

Successfully merging this pull request may close these issues.
1 participant
@zorgiepoo