Randomize the download archive name the installer extracts/executes - Githubissues

sparkle-project / Sparkle

A software update framework for macOS

https://sparkle-project.org

Other

7.28k stars 1.04k forks source link

Randomize the download archive name the installer extracts/executes #2584

Closed zorgiepoo closed 1 month ago

zorgiepoo commented 1 month ago

Randomize the download archive name the installer extracts/executes for better security hardening.

Misc Checklist

[ ] My change requires a documentation update on Sparkle's website repository
[ ] My change requires changes to generate_appcast, generate_keys, or sign_update

Testing

I tested and verified my change by using one or multiple of these methods:

[x] Sparkle Test App
[ ] Unit Tests
[x] My own app
[ ] Other (please specify)

Need to test:

[x] UUID string is not the same on subsequent runs
[x] zip archives
[x] tar archives
[x] dmg archives
[x] pkg updates
[x] delta updates
[x] older OS systems

macOS version tested: 14.5 (23F79) 10.14.6 VM