Skip to content

Implement code signing, notarization, and Sparkle updates #9

Open
Open
Implement code signing, notarization, and Sparkle updates#9
@frankdilo

Description

@frankdilo
frankdilo
opened on Jan 17, 2026

Overview

Research how to implement proper macOS app signing, notarization, and automatic updates for Markdown Viewer, following the approach used by CodexBar.

Research Report

See the detailed research report: docs/codexbar-signing-distribution-report.md

Summary of CodexBar Approach

  • Code Signing: Developer ID Application certificate with hardened runtime
  • Notarization: App Store Connect API with stapling
  • Updates: Sparkle 2.8.1 with EdDSA (Ed25519) signatures
  • Distribution: GitHub Releases + Homebrew Cask
  • Automation: Shell scripts for packaging, signing, appcast generation

Implementation Phases

Phase 1: Code Signing & Notarization

  • Create Scripts/ directory with signing scripts
  • Set up Developer ID certificate
  • Create version.env for version management
  • Update build.sh to include signing and notarization
  • Create entitlements file

Phase 2: Sparkle Integration

  • Add Sparkle dependency to Package.swift
  • Generate EdDSA keypair
  • Embed public key in Info.plist
  • Create appcast.xml in repo root
  • Add updater UI ("Check for Updates..." menu item)
  • Create make_appcast.sh script

Phase 3: Release Automation

  • Create release.sh script
  • Set up GitHub Actions for CI
  • Document release process

Required Credentials

  • Developer ID Application certificate (Apple Developer Program)
  • App Store Connect API key (for notarization)
  • Sparkle EdDSA private key (generate locally)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions