ronzhinme
commented
2 years ago Hello, Thanks for your question!
Updaterlib is my pet home project and unfortunately, I have no time for it now. I suppose you may implement security checks stronger than a sha 512 verification by yourself. You may reimplement void Updater::checkUpdateSignature() for that. The function reads the value from XML file at line auto signatureStr = getNextVersionAttribute("signature");
then function calculates the new value by calling _getSHA512FromUpdate(sha512Signature)
and then it compares the values at line auto result = memcmp(signature, sha512Signature, SHA512_DIGEST_LENGTH);
On other hand, I think, you may use the omaha client for Windows, AppImage for Linux, and sparkle-project for macOs. I already used them before and it works fine for me. Look at them https://github.com/google/omaha --- official Omaha client https://github.com/Crystalnix/omaha --- Crystalnix Omaha client https://github.com/Crystalnix/appdater-examples --- some simple examples for omaha client https://github.com/omaha-consulting/omaha-server --- web service omaha for statistics (work for omaha and sparkle-project) https://github.com/sparkle-project/Sparkle --- sparkle-project for macOs https://appimage.org --- AppImage for Linux
Hello,
Updaterlib would be exactly what we are looking for if... ...It implemented security checks stronger than a sha 512 verification.
Signing and checking signature of both version manifest file and update binaries seems to be a standard feature for application autoupdaters ?
We need to publish C/C++ application to windows, macos and linux, with autoupdate as a functional requirement. We would have loved to stay in a pure C/C++ context but we are now looking for .net core solutions ( just to meet the autoupdate requirement, self-contained builds, because we have no control on what is installed on the target Windows, macOs and Linux desktops ) that would just wrapp our core C/C++ processings...
Regards Gwen