chore: release 26.0.21

NOTES.md

@@ -4,3 +4,6 @@
     static Data
 
 add a marker for "reboot required"
+
+dummy2
+                    

README.md

@@ -59,7 +59,8 @@ GITEA_REPO="iKeyMon"
 # optional: GITEA_PRERELEASE="false"   # defaults to true until preferences are done
 # optional Sparkle feed helpers:
 # SPARKLE_EDDSA_KEY_FILE="$HOME/.config/Sparkle/iKeyMon.key"
-# SPARKLE_DOWNLOAD_BASE_TEMPLATE="https://git.24unix.net/tracer/iKeyMon/releases/download/v{{VERSION}}"
+# SPARKLE_DOWNLOAD_BASE_URL="https://git.24unix.net/tracer/iKeyMon/releases/download"
+# SPARKLE_DOWNLOAD_VERSION_PREFIX="v"   # optional
 # SPARKLE_APPCAST_OUTPUT="$ROOT_DIR/Sparkle/appcast.xml"  # default
 ```
 
@@ -72,12 +73,12 @@ If you re-run the release script for the same version, it removes any existing a
 iKeyMon uses [Sparkle](https://sparkle-project.org/) for macOS-safe updates.
 
 1. Generate an EdDSA key pair once (`./Packages/Sparkle/bin/generate_keys`). Store the private key on-disk (for example `~/.config/Sparkle/iKeyMon.key`, which the build script expects) and copy the public key into the `SUPublicEDKey` entry (see Info.plist notes below).
-2. `./scripts/build_release.sh` signs the ZIP with Sparkle’s `sign_update` tool and invokes `generate_appcast` automatically when the Sparkle variables are present. The generated feed is written to `Sparkle/appcast.xml`, so commit that file after every release. Point `SPARKLE_DOWNLOAD_BASE_TEMPLATE` at your release download prefix to ensure the feed URLs resolve correctly. The feed stays inside the repo (it is not uploaded as a release asset).
+2. `./scripts/build_release.sh` signs the ZIP with Sparkle’s `sign_update` tool and invokes `generate_appcast` automatically when the Sparkle variables are present. The generated feed is written to `Sparkle/appcast.xml`, so commit that file after every release. Set `SPARKLE_DOWNLOAD_BASE_URL` to your release-download root (e.g. `https://git.24unix.net/tracer/iKeyMon/releases/download`) and, if your host groups assets under versioned folders, set `SPARKLE_DOWNLOAD_VERSION_PREFIX` (defaults to `v`, producing URLs like `/download/v26.0.20/...`). The feed stays inside the repo (it is not uploaded as a release asset).
 3. Set `SUFeedURL` in Info.plist (or the corresponding build setting) to the raw URL of `Sparkle/appcast.xml` inside this repo (e.g. `https://git.24unix.net/tracer/iKeyMon/raw/branch/master/Sparkle/appcast.xml`).
 
 Preferences expose Sparkle’s built-in toggles for “Automatically check” and “Automatically download”, and the toolbar button simply calls Sparkle’s “Check for Updates…” sheet.
 
-> `./scripts/build_release.sh` will call `generate_appcast` for you when `SPARKLE_EDDSA_KEY_FILE` and either `SPARKLE_DOWNLOAD_BASE_TEMPLATE` (with `{{VERSION}}` placeholder) or `SPARKLE_DOWNLOAD_BASE_URL` are set. It tries to locate Sparkle’s CLI in DerivedData automatically, but you can override the path via `SPARKLE_GENERATE_APPCAST`. The resulting feed is written to `SPARKLE_APPCAST_OUTPUT` (defaults to `Sparkle/appcast.xml`).
+> `./scripts/build_release.sh` will call `generate_appcast` for you when `SPARKLE_EDDSA_KEY_FILE` and either `SPARKLE_DOWNLOAD_BASE_URL` (optionally with `SPARKLE_DOWNLOAD_VERSION_PREFIX`) or `SPARKLE_DOWNLOAD_BASE_TEMPLATE` are set. It tries to locate Sparkle’s CLI in DerivedData automatically, but you can override the path via `SPARKLE_GENERATE_APPCAST`. The resulting feed is written to `SPARKLE_APPCAST_OUTPUT` (defaults to `Sparkle/appcast.xml`).
 
 > Build settings include `INFOPLIST_KEY_SUFeedURL` and `INFOPLIST_KEY_SUPublicEDKey`. Make sure to fill both before shipping a build so Sparkle knows where to fetch updates and how to verify them.
 

Sparkle/appcast.xml

@@ -1,30 +1,30 @@
-<?xml version="1.0" standalone="yes"?>
-<rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
+<?xml version='1.0' encoding='utf-8'?>
+<rss xmlns:ns0="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>iKeyMon</title>
         <item>
-            <title>26.0.15</title>
-            <pubDate>Tue, 25 Nov 2025 18:11:17 +0100</pubDate>
-            <sparkle:version>35</sparkle:version>
-            <sparkle:shortVersionString>26.0.15</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
-            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/iKeyMon-26.0.15.zip" length="4801128" type="application/octet-stream" sparkle:edSignature="T16+tX44yN2UqIUsMJeZAxydOuLC6lcQQrlRElTkJlSWPheWLy9xPjP4T45mNSOcWTax0gRCnI50ab3geL9XAA=="/>
+            <title>26.0.21</title>
+            <pubDate>Wed, 26 Nov 2025 18:44:41 +0100</pubDate>
+            <ns0:version>49</ns0:version>
+            <ns0:shortVersionString>26.0.21</ns0:shortVersionString>
+            <ns0:minimumSystemVersion>15.2</ns0:minimumSystemVersion>
+            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/iKeyMon-26.0.21.zip" length="4802995" type="application/octet-stream" ns0:edSignature="bYXN15YyKlSmHKNXPizEW2WrVXQSgD5XOgbtzOYNL+maG8DB/jZ08A+cYtGgqUeSRd+X6Z5Ue+Tpdn4/ewsFBw==" />
         </item>
         <item>
-            <title>26.0.15</title>
-            <pubDate>Tue, 25 Nov 2025 17:42:56 +0100</pubDate>
-            <sparkle:version>34</sparkle:version>
-            <sparkle:shortVersionString>26.0.15</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
-            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/iKeyMon-26.0.15.zip" length="4800821" type="application/octet-stream" sparkle:edSignature="bojJ638CY0n+34POoJX3OBrXRAiPOYPiDTfgJOS9fCslw8YGKZLviJvcExC2PKh1HDt0Raabo0FJUJrAFUMmBQ=="/>
+            <title>26.0.20</title>
+            <pubDate>Wed, 26 Nov 2025 18:36:41 +0100</pubDate>
+            <ns0:version>47</ns0:version>
+            <ns0:shortVersionString>26.0.20</ns0:shortVersionString>
+            <ns0:minimumSystemVersion>15.2</ns0:minimumSystemVersion>
+            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/v26.0.20/iKeyMon-26.0.20.zip" length="4802865" type="application/octet-stream" ns0:edSignature="hCJu2I1Db/TaU6pCs1gZi9EO5igr49Fjt/VNnyD8+jm45WINuhzGc4lShcLPxUQTy4iNHnVhmOPYwlthVMXPAg==" />
         </item>
         <item>
-            <title>26.0.13</title>
-            <pubDate>Tue, 25 Nov 2025 00:05:46 +0100</pubDate>
-            <sparkle:version>32</sparkle:version>
-            <sparkle:shortVersionString>26.0.13</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
-            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/v26.0.13/iKeyMon-26.0.13.zip" length="4800781" type="application/octet-stream" sparkle:edSignature="KIGsFaFftWzENTEOHnpPEtk/WaUicS0xK9yMh7e98OKBxlsBkxfghoTu2xU8ZKlEqM6Ndhr5UQwZJE4uBsELAA=="/>
+            <title>26.0.16</title>
+            <pubDate>Tue, 25 Nov 2025 18:34:19 +0100</pubDate>
+            <ns0:version>39</ns0:version>
+            <ns0:shortVersionString>26.0.16</ns0:shortVersionString>
+            <ns0:minimumSystemVersion>15.2</ns0:minimumSystemVersion>
+            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/v26.0.16/iKeyMon-26.0.16.zip" length="4801351" type="application/octet-stream" ns0:edSignature="lbQEpxEElRxwyRdm0LQIxsnfh8o8Kt66wQlcl4PBs68lBmjkq0b/5EsVCElWQb0Nei/GCk6I/m2mSNL7mA3wBQ==" />
         </item>
     </channel>
 </rss>

iKeyMon.xcodeproj/project.pbxproj

@@ -310,7 +310,7 @@
 				CODE_SIGN_ENTITLEMENTS = iKeyMon.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 35;
+				CURRENT_PROJECT_VERSION = 49;
 				DEVELOPMENT_ASSET_PATHS = "\"Preview Content\"";
 				DEVELOPMENT_TEAM = Q5486ZVAFT;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -325,7 +325,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 26.0.15;
+				MARKETING_VERSION = 26.0.21;
 				PRODUCT_BUNDLE_IDENTIFIER = net.24unix.iKeyMon;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_EMIT_LOC_STRINGS = YES;
@@ -341,7 +341,7 @@
 				CODE_SIGN_ENTITLEMENTS = iKeyMon.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 35;
+				CURRENT_PROJECT_VERSION = 49;
 				DEVELOPMENT_ASSET_PATHS = "\"Preview Content\"";
 				DEVELOPMENT_TEAM = Q5486ZVAFT;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -356,7 +356,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 26.0.15;
+				MARKETING_VERSION = 26.0.21;
 				PRODUCT_BUNDLE_IDENTIFIER = net.24unix.iKeyMon;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_EMIT_LOC_STRINGS = YES;

scripts/build_release.sh

@@ -29,12 +29,8 @@ find_generate_appcast() {
 generate_appcast() {
   local generator
   generator="$(find_generate_appcast)"
-  local download_prefix=""
-  if [[ -n "${SPARKLE_DOWNLOAD_BASE_TEMPLATE:-}" ]]; then
-    download_prefix="${SPARKLE_DOWNLOAD_BASE_TEMPLATE//\{\{VERSION\}\}/$VERSION}"
-  else
-    download_prefix="${SPARKLE_DOWNLOAD_BASE_URL:-}"
-  fi
+  local download_prefix="${SPARKLE_DOWNLOAD_BASE_URL:-}"
+  local version_prefix="${SPARKLE_DOWNLOAD_VERSION_PREFIX:-}"
 
   if [[ -z "$generator" || -z "${SPARKLE_EDDSA_KEY_FILE:-}" || -z "$download_prefix" ]]; then
     echo "ℹ️ Skipping Sparkle appcast generation (generator/key/download prefix not configured)."
@@ -46,6 +42,13 @@ generate_appcast() {
   local staging_dir
   staging_dir="$(mktemp -d)"
   cp "$ARTIFACTS_DIR"/*.zip "$staging_dir"/ 2>/dev/null || true
+
+  if ! ls "$staging_dir"/*.zip >/dev/null 2>&1; then
+    echo "ℹ️ Skipping Sparkle appcast generation (no ZIP archives found)."
+    rm -rf "$staging_dir"
+    return
+  fi
+
   echo "🧾 Generating Sparkle appcast at $output"
   if ! "$generator" \
     --download-url-prefix "$download_prefix" \
@@ -54,6 +57,7 @@ generate_appcast() {
     "$staging_dir"; then
     echo "⚠️ Sparkle appcast generation failed."
   fi
+  rewrite_appcast_urls "$output" "$version_prefix"
   rm -rf "$staging_dir"
 }
 
@@ -70,6 +74,89 @@ sign_update_artifacts() {
   fi
 }
 
+rewrite_appcast_urls() {
+  local appcast="$1"
+  local version_prefix="$2"
+  local marker="${SPARKLE_DOWNLOAD_VERSION_MARKER:-/releases/download/}"
+  if [[ -z "$version_prefix" || -z "$marker" ]]; then
+    return
+  fi
+
+  python3 - "$appcast" "$marker" "$version_prefix" <<'PY'
+import sys
+import xml.etree.ElementTree as ET
+
+path, marker, prefix = sys.argv[1:]
+tree = ET.parse(path)
+root = tree.getroot()
+ns = {'sparkle': 'http://www.andymatuschak.org/xml-namespaces/sparkle'}
+changed = False
+
+for item in root.findall('.//item'):
+    short = item.find('sparkle:shortVersionString', ns)
+    enclosure = item.find('enclosure')
+    if short is None or enclosure is None:
+        continue
+    version = (short.text or '').strip()
+    url = enclosure.get('url')
+    if not version or not url or marker not in url:
+        continue
+    desired = f"{marker}{prefix}{version}/"
+    if desired in url:
+        continue
+    base, rest = url.split(marker, 1)
+    if rest.startswith(f"{prefix}{version}/"):
+        continue
+    new_rest = f"{prefix}{version}/{rest.lstrip('/')}"
+    enclosure.set('url', f"{base}{marker}{new_rest}")
+    changed = True
+
+if changed:
+    ET.indent(tree, space="    ", level=0)
+    tree.write(path, encoding='utf-8', xml_declaration=True)
+PY
+}
+
+submit_for_notarization() {
+  local target="$1"
+  local label="$2"
+  echo "📝 Submitting ${label} for notarization..."
+  xcrun notarytool submit "$target" \
+    --apple-id "$NOTARY_APPLE_ID" \
+    --team-id "$NOTARY_TEAM_ID" \
+    --password "$NOTARY_PASSWORD" \
+    --wait
+}
+
+notarize_app_bundle() {
+  local bundle="$1"
+  local label="$2"
+  if [[ -z "${NOTARY_APPLE_ID:-}" || -z "${NOTARY_TEAM_ID:-}" || -z "${NOTARY_PASSWORD:-}" ]]; then
+    echo "ℹ️ Skipping notarization for ${label} (NOTARY_* variables not set)."
+    return 1
+  fi
+
+  local tmp_dir
+  tmp_dir="$(mktemp -d)"
+  local archive="$tmp_dir/$(basename "$bundle").zip"
+  ditto -c -k --keepParent "$bundle" "$archive"
+
+  submit_for_notarization "$archive" "$label"
+  xcrun stapler staple "$bundle"
+  rm -rf "$tmp_dir"
+}
+
+notarize_artifact() {
+  local artifact="$1"
+  local label="$2"
+  if [[ -z "${NOTARY_APPLE_ID:-}" || -z "${NOTARY_TEAM_ID:-}" || -z "${NOTARY_PASSWORD:-}" ]]; then
+    echo "ℹ️ Skipping notarization for ${label} (NOTARY_* variables not set)."
+    return 1
+  fi
+  submit_for_notarization "$artifact" "$label"
+  xcrun stapler staple "$artifact"
+}
+
 if [[ -f "$CREDENTIALS_FILE" ]]; then
   set -a
   # shellcheck disable=SC1090
@@ -113,6 +200,8 @@ else
   echo "⚠️ Skipping codesign (CODESIGN_IDENTITY not set)."
 fi
 
+notarize_app_bundle "$APP_PATH" "iKeyMon.app"
+
 STAGING_DIR=$(mktemp -d)
 mkdir -p "$STAGING_DIR"
 cp -R "$APP_PATH" "$STAGING_DIR/"
@@ -138,15 +227,9 @@ hdiutil create -volname "iKeyMon" -srcfolder "$STAGING_DIR" -ov -format UDZO "$A
 sign_update_artifacts
 
 if [[ -n "${NOTARY_APPLE_ID:-}" && -n "${NOTARY_TEAM_ID:-}" && -n "${NOTARY_PASSWORD:-}" ]]; then
-  echo "📝 Submitting DMG for notarization..."
-  xcrun notarytool submit "$ARTIFACTS_DIR/$DMG_NAME" \
-    --apple-id "$NOTARY_APPLE_ID" \
-    --team-id "$NOTARY_TEAM_ID" \
-    --password "$NOTARY_PASSWORD" \
-    --wait
-  xcrun stapler staple "$ARTIFACTS_DIR/$DMG_NAME"
+  notarize_artifact "$ARTIFACTS_DIR/$DMG_NAME" "$DMG_NAME"
 else
-  echo "⚠️ Skipping notarization (NOTARY_* variables not set)."
+  echo "⚠️ Skipping DMG notarization (NOTARY_* variables not set)."
 fi
 rm -rf "$STAGING_DIR"
 

signing.env.example

@@ -11,6 +11,7 @@ GITEA_REPO="iKeyMon"
 
 # Sparkle appcast generation (optional)
 # SPARKLE_EDDSA_KEY_FILE="$HOME/.config/Sparkle/iKeyMon.key"
-# SPARKLE_DOWNLOAD_BASE_TEMPLATE="https://git.24unix.net/tracer/iKeyMon/releases/download/v{{VERSION}}"
+# SPARKLE_DOWNLOAD_BASE_URL="https://git.24unix.net/tracer/iKeyMon/releases/download"
+# SPARKLE_DOWNLOAD_VERSION_PREFIX="v"   # prepended before each short version in URLs
 # SPARKLE_APPCAST_OUTPUT="$ROOT_DIR/Sparkle/appcast.xml"  # defaults to this path
 # SPARKLE_GENERATE_APPCAST="/path/to/generate_appcast"  # auto-detected if unset

version.json

@@ -1,3 +1,3 @@
 {
-  "marketing_version": "26.0.15"
+  "marketing_version": "26.0.21"
 }