ghost
commented
8 years ago Alternatively, and perhaps much simpler, for codesigned mac apps, only allow updates that are also codesigned with the same ID. (Or is this already the case?)
Open ghost opened 8 years ago
ghost
commented
8 years ago Alternatively, and perhaps much simpler, for codesigned mac apps, only allow updates that are also codesigned with the same ID. (Or is this already the case?)
ghost
commented
8 years ago 
joshaber
commented
8 years ago Alternatively, and perhaps much simpler, for codesigned mac apps, only allow updates that are also codesigned with the same ID. (Or is this already the case?)
Yup, this is already the case. We verify the signature before allowing the update: https://github.com/Squirrel/Squirrel.Mac/blob/e9e2188cda3efb4bc08b1719bdef71880f9dc9b1/Squirrel/SQRLCodeSignature.m#L103
ghost
commented
8 years ago OK great thanks would be nice if that piece of information was included in the documentation.
But I'm not sure what that does; does this compare the code signature ID of the app with the code signature ID of the update, or does it only check if the update is codesigned? (which could have a different ID)? is this what initWithRequirement is for? Is this done by default, or only if the user specifies it? (I'm just wondering what electron autoUpdate module does).
joshaber
commented
8 years ago OK great thanks would be nice if that piece of information was included in the documentation.
Yup it would 😬
does this compare the code signature ID of the app with the code signature ID of the update, or does it only check if the update is code signed?
It verifies that their signatures match.
Is this done by default, or only if the user specifies it?
It is done by default. There's no support for not doing it.
Would be nice if squirrel.mac would follow "The Update Framework" specification as it is much more secure than what is used now.
In order to securely download and verify target files, TUF requires a few extra files to exist on a repository. These are called metadata files. TUF metadata files contain additional information, including information about which keys are trusted, the cryptographic hashes of files, signatures on the metadata, metadata version numbers, and the date after which the metadata should be considered expired.https://theupdateframework.github.io/ https://github.com/theupdateframework/tuf https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt