EdDSA upgrade is here

The DSA algorithm that has been used by Sparkle so far is considered outdated. We're migrating to a newer, more secure EdDSA (ed25519) signatures. We still support DSA signatures for existing applications, but all new apps should use EdDSA from now on.

We now use macOS Keychain to automatically store private EdDSA keys, which is more convenient and more secure.

• Added support EdDSA (ed25519) signatures (Kornel)
  • Both old DSA and new EdDSA are still supported (and old apps can use both), but new applications should use EdDSA only, and we recommend migrating away from DSA signatures.
• generate_keys is now a Swift tool that stores EdDSA private keys in the Keychain
  • Existing apps can continue using their old DSA keys, but we've dropped support for generation of old DSA keys
  • The public EdDSA key is not a file any more. It's a string to copy&paste into Info.plist
• sign_update is now a Swift tool that signs using EdDSA from private keys in the Keychain
  • The old DSA-based signing script has been moved to bin/old_dsa_scripts
  • The old DSA-based signing script has been fixed to work on pre-10.13 systems (Thomas Tempelmann)
• generate_appcast has been updated to support EdDSA signatures
  • It can sign both DSA (if dsa_priv.pem file is specified) and EdDSA from Keychain
  • The tool now uses Caches directory and doesn't generate unnecessary delta files
• Fixed verification of delta updates on filesystems that change permissions of symlinks
• Fixed NSURLSession leak (Michael Ehrmann)

Known issues

• generate_keys, sign_update, and generate_appcast prompt for Keychain access permission every time.

New EdDSA (ed25519) signatures take 2

1.21.0a2

Generate EdDSA (ed25519) signatures

1.21.0a1

Stability fixes

• generate_appcast option to read private key directly from the keychain (Tamás Lustyik)
• Add delegate callbacks for finished download and extraction related events (Csaba Horony)
• Don't check for updates if Do Not Disturb is on (Kornel)
• Expose CodesigningVerifier, add codesign info API (sunuslee)
• Threading fixes:
  • Fix potential hang with dispatch_sync to main thread (Brian Bergstrand)
  • Fix closeCheckingWindow called from background thread (Alexey Martemyanov)
• Improve 'read-only' error message (#1192) (Adrian Thomas)
• New Spanish localisation (Ken Arroyo Ohori)
• Updated Finnish language resources (Jason Pollack)
• Hungarian localization (Csaba Horony)
• Log more information about authentication requests (Kornel)
• Explicitly specify types to silence "Messaging unqualified id" warning that's new in Xcode 10. Removed __has_feature(objc_generics) check and use generisc to help silence the warnings. (Kent Sutherland)
• Fix binary delta creation on network drives (sagecook)
• Fix compilation issues on Xcode 10 with new build system (Leo Natan)

1.20.0b1

• generate_appcast option to read private key directly from the keychain (Tamás Lustyik)
• Add delegate callbacks for fininshed download and extraction related events (Csaba Horony)
• Don't check for updates if Do Not Disturb is on (Kornel)
• Expose CodesigningVerifier, add codesign info API (sunuslee)
• Improve 'read-only' error message (#1192) (Adrian Thomas)
• Threading fixes:
  • Fix potential hang with dispatch_sync to main thread (Brian Bergstrand)
  • Fix closeCheckingWindow called from background thread (Alexey Martemyanov)
• Updated Finnish language resources (Jason Pollack)
• Hungarian localization (Csaba Horony)
• Log more information about authentication requests (Kornel)
• Explicitly specify types to silence "Messaging unqualified id" warning that's new in Xcode 10. Removed __has_feature(objc_generics) check and use generisc to help silence the warnings. (Kent Sutherland)

Just some debug info

• Logs why it asks for authorization

New downloader

• Refactoring of downloader code to avoid deprecated methods (Deadpikle)
• Changes to which methods run on the main thread.
  Note: some delegate methods may be called on non-main thread now. (Kornel)
• Update Japanese localization (1024jp)
• Update Sparkle.strings (Stefan Paychère, Adrian Thomas)
• Fix Sparkle clients polling too frequently (Jonathan Bullard)
• Handle SecTransformExecute errors (Kornel)
• Silence Touch Bar availability warnings on Xcode 9 by using API_AVAILABLE. Disable gnu-zero-variadic-macro-arguments to prevent warnings from use of API_AVAILABLE. (Kent Sutherland)
• 10.11 SDK compatibility (David Fuhrmann)

1.18.1

• Add optional updaterDidRelaunchApplication: method on SUUpdaterDelegate (App Tyrant)
• Implemented sparkle:os attribute as documented (Memphiz)
• Additional termination detection in case kpoll fails. (fujisoft)
• Included bin files in CocoaPods installation (Keith Smiley)
• Updated Dutch localization (Eitot)
• Updated German localization (Eitot)
• Updated Japanese translation (1024jp)
• Updated Portuguese translation (Victor)
• Updated to Xcode 9/Swift 4