Remove Sparkle Sandboxing configuration
zorgiepoo opened this issue · 4 comments
Due to a sandboxing issue new to macOS Sonoma, users may see a one-time warning when checking for updates about "Downloader" differs from previously opened versions. See sparkle-project/Sparkle#2514 for more information.
Applite can simply resolve this issue by removing its sandboxed configuration for Sparkle because Applite itself is not sandboxed. This involves removing the SUEnableDownloaderService and SUEnableInstallerLauncherService keys in its Info.plist, as well as removing the com.apple.security.temporary-exception.mach-lookup.global-name key in its entitlements file. These settings were retrieved from Sparkle's Sandboxing guide but again, this app is not sandboxed. (Even if the app was to be sandboxed, it would likely not need the downloader XPC Service)
@zorgiepoo Thanks for letting me know. I run into some issues though, can you help me out? I removed the keys you mentioned from the Info.plist and entitlements, but this causes app signing to fail. In the Sparkle Sandboxing guide it mentions:
Removing XPC Services
You should not use Sparkle’s XPC Services for applications that are not sandboxed. In this case, you may choose to remove Sparkle’s XPC Services in a post install script when copying the framework to your application. Alternatively you can alter Sparkle’s ConfigCommon.xcconfig to not embed the XPC Services. This is optional and up to you. The same applies if you do sandbox your application but do not need to use or embed the Downloader XPC Service in particular.
I found the ConfigCommon.xcconfig file. But I don't want to modify it directly because it is pulled from GitHub every time I update the Sparkle package inside Xcode. Is there a way to modify the configurations in another way so I don't have to do it whenever I pull changes from the repo?
Removing the XPC services is optional and not required (I will try to better clarify that). Try to get it to working without following that section first. What code signing error messages are you running into?
Turns out the issue wasn't related to Sparkle. I just had to agree to the updated terms on the developer portal. Apple is weird sometimes. I was confused because it failed when signing Sparkle.
Will push an update soon.
I published the changes in the v1.2.3 update.