I'm currently trying to develop a GitHub Action which creates a release of a macOS app. This app is also using Sparkle to automatically install new updates.
What I managed to do, following the docs:
master starts the GitHub workflowgenerate_appcast uses that key to update an appcast.xml, which is then put in the directory used by GitHub Pages.However, when trying to install that latest release I get an Update Error, saying: The update is improperly signed and could not be validated. Please try again later or contact the app developer.
I've tried removing the SUPublicEDKey from the project and creating the appcast manually, leaving so the sparkle:edSignature out. This worked as expected, with the latest update getting installed from the app.
Some important outputs:
> codesign --deep -vvv --verify testSparkleRelease.app
...
testSparkleRelease.app: valid on disk
testSparkleRelease.app: satisfies its Designated Requirement
> spctl -a -t exec -vv testSparkleRelease.app
testSparkleRelease.app: rejected
origin=Apple Development: Alexander Perathoner (K3WW8XS***)
I thought that maybe it should be using the Apple Distribution certificate, so I tried importing that one too, and using for the export of the archive — but got the same error.
The entire signing process happens on the GitHub runners that builds the app, following this guide.
Here's the entire project: https://github.com/AlexPerathoner/SparkleReleaseTest, in particular the appcast.xml, and the workflow file
The entire procedure is correct.
The error was in the download link prefix, which didn’t parse correctly. So Sparkle was able to find the presence of a new update, but couldn’t download it - and returned a signing issue.