Use Sparkle signer for full appcasts
This commit is contained in:
parent
a84922f4f3
commit
1d45016a63
4 changed files with 63 additions and 17 deletions
|
|
@ -81,10 +81,13 @@ Its public key matches KMS key version
|
|||
|
||||
## Sparkle Appcast Signing
|
||||
|
||||
Sparkle appcasts use `sparkle-ed25519`, a non-exportable Google KMS key with
|
||||
algorithm `EC_SIGN_ED25519` and software protection level. Google KMS rejects
|
||||
Ed25519 at HSM protection level, so this key is intentionally separate from the
|
||||
HSM RSA keys used for Apple certificate CSRs and repository signing.
|
||||
Sparkle appcasts keep `sparkle-ed25519`, a Google KMS key with algorithm
|
||||
`EC_SIGN_ED25519` and software protection level, for small signing probes and
|
||||
future signing-service work. Google KMS rejects Ed25519 at HSM protection level
|
||||
and also rejects full-size macOS release archives as direct Ed25519 messages.
|
||||
The tester pipeline therefore signs normal Sparkle archives with Sparkle's
|
||||
`sign_update` and the decrypted `SPARKLE_EDDSA_KEY_PATH` release secret so the
|
||||
appcast contains the standard full-archive EdDSA signature Sparkle verifies.
|
||||
|
||||
The public EdDSA key embedded in macOS release builds is:
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue