docs: update changelog with Sparkle updater fixes and improvements

Document the key fixes that made Sparkle updates work: - Using ditto instead of zip to preserve code signatures - XPC service entitlements for sandboxed apps - In-app logging for update debugging - Re-enabled sandbox with minimal entitlements
2025-12-30 19:23:36 +01:00
parent 2a848c3251
commit 5dc5621871
1 changed files with 19 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,24 @@
 # Changelog
 ## Unreleased
 ### Fixed
 - Fixed Sparkle updater ZIP archive creation: replaced `zip` command with `ditto` to properly preserve app bundle code signatures during extraction, resolving "damaged app" errors on update installation.
 - Fixed code signature issues for sandboxed apps by removing entitlements parameter from non-sandboxed builds.
 - Fixed Sparkle framework deep code signing to handle complex framework structure.
 - Fixed missing XPC service entitlements (`com.apple.security.xpc.aConnectionServices`, `com.apple.security.xpc.aStatusServices`) required for Sparkle installer to communicate with sandboxed app.
 ### Changed
 - Re-enabled app sandbox with minimal entitlements (network.client only) for improved security while maintaining Sparkle update functionality.
 - Enhanced Sparkle error logging to include error domain and code information, making update failures easier to diagnose.
 - Updated build script to use `ditto -c -k --keepParent` for creating update ZIPs, which properly preserves code signatures that `zip` command breaks.
 ### Added
 - Added in-app Sparkle update logs in Preferences → Updates tab with Show/Hide toggle for real-time debugging of update operations.
 - Log entries include timestamps and distinguish between info and error messages.
 - Users can clear logs manually and logs persist during the session (max 100 entries).
 ### Previous Changes
 - Flattened the project structure so sources live at the repository root instead of the nested `iKeyMon/` folder and updated the Xcode project accordingly.
 - Fixed build settings (entitlements, preview assets) and placeholder previews to work with the new layout.
 - Migrated the updated API layer and unified `ServerInfo` model from the previous branch.
@@ -10,5 +28,5 @@
 - Introduced repository-wide version management via `version.json` + `scripts/sync_version.sh`, ensuring Xcode targets and release artifacts stay aligned.
 - Enhanced `scripts/build_release.sh` to timestamp/harden signatures, notarize DMGs, and optionally publish tagged releases (pre-release by default) with ZIP/DMG assets directly to Gitea when credentials are configured.
 - Integrated Sparkle (via Swift Package Manager) to handle automatic update checks, downloads, signature verification, and relaunches, replacing the previous custom updater UI. Preferences now simply surface Sparkle's check/download toggles.
- `scripts/build_release.sh` can optionally run Sparkle’s `generate_appcast` (when signing key and download prefix env vars are set), producing a ready-to-host `appcast.xml` alongside the ZIP/DMG artifacts.
+- `scripts/build_release.sh` can optionally run Sparkle's `generate_appcast` (when signing key and download prefix env vars are set), producing a ready-to-host `appcast.xml` alongside the ZIP/DMG artifacts.
 - Further reduced MainView console noise by removing redundant refresh/onAppear logs.