我正在做一個需要使用兩個變量的Mac代理,每次用戶下載代理時都需要設置這兩個變量,我的第一個嘗試是修改Info.plist
文件併爲Sparkle執行簽名,但在那之後,我意識到,每次我修改該文件,然後執行簽名,該簽名會從已下載的代理商不同,可能導致與旌宇一個問題:如何修改後的應用程序的源代碼? xCode-Sparkle
Segue公司出於安全考慮因爲Sparkle正在將可執行代碼下載到用戶的系統中,所以您必須非常小心安全性。 爲了讓旌宇知道下載的更新不被破壞,並從你(而不是惡意攻擊者)排 ,我們建議:列表項
- 代碼簽名具有DSA簽名匹配公衆所發佈的更新檔案包含在您的應用程序中的DSA密鑰。
就如何實現這一目標的任何建議嗎?
下面是我在做修改並執行簽名的腳本:
import plistlib, sys, tempfile, subprocess, os, datetime
# Read the plist file generated by xCode, and write the OrganizationID and OrganizationToken.
plist_file = plistlib.Plist.fromFile("Agent.app/Contents/Info.plist")
plist_file['OrganizationID'] = sys.argv[1]
plist_file['OrganizationToken'] = sys.argv[2]
plistlib.writePlist(plist_file, "Agent.app/Contents/Info.plist")
VERSION = plist_file['CFBundleVersion']
DOWNLOAD_BASE_URL="https://url/core/mac/agent"
RELEASENOTES_URL= DOWNLOAD_BASE_URL + "/release-notes.html#version-$VERSION"
ARCHIVE_FILENAME="Agent %s.zip" % str(VERSION)
DOWNLOAD_URL="%s/$%s" % (DOWNLOAD_BASE_URL, ARCHIVE_FILENAME)
KEYCHAIN_PRIVKEY_NAME="sparkle_private_key/dsa_priv.pem"
os.environ['openssl']= "/usr/bin/openssl"
SIGNATURE= '$openssl dgst -sha1 -binary < "%s" | $openssl dgst -dss1 -sign "%s" | $openssl enc -base64' % (ARCHIVE_FILENAME, KEYCHAIN_PRIVKEY_NAME)
signature = subprocess.check_output(SIGNATURE, shell=True).strip()
SIZE = 'stat -f %%z "%s"' % ARCHIVE_FILENAME
size = subprocess.check_output(SIZE, shell=True).strip()
PUBDATE = 'LC_TIME=en_US date +"%a, %d %b %G %T %z"'
pubdate = subprocess.check_output(PUBDATE, shell=True).strip()
xml = '''<rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">
<channel>
<title>Update</title>
<link>
http://sparkle-project.org/files/sparkletestcast.xml
</link>
<description>Most recent changes with links to updates.</description>
<language>en</language>
<item>
<title>Version %s</title>
<sparkle:releaseNotesLink>
%s
</sparkle:releaseNotesLink>
<pubDate>%s</pubDate>
<enclosure
url="%s"
sparkle:version="%s"
type="application/octet-stream"
length="%s"
sparkle:dsaSignature="%s"
/>
</item>
</channel>
</rss>''' % (VERSION, RELEASENOTES_URL, pubdate, DOWNLOAD_URL, VERSION, size, signature)