chore: release 26.0.20

NOTES.md

@@ -5,5 +5,5 @@
 
 add a marker for "reboot required"
 
-dummy
+dummy2
                     

README.md

@@ -72,7 +72,7 @@ If you re-run the release script for the same version, it removes any existing a
 iKeyMon uses [Sparkle](https://sparkle-project.org/) for macOS-safe updates.
 
 1. Generate an EdDSA key pair once (`./Packages/Sparkle/bin/generate_keys`). Store the private key on-disk (for example `~/.config/Sparkle/iKeyMon.key`, which the build script expects) and copy the public key into the `SUPublicEDKey` entry (see Info.plist notes below).
-2. `./scripts/build_release.sh` signs the ZIP with Sparkle’s `sign_update` tool and invokes `generate_appcast` automatically when the Sparkle variables are present. The generated feed is written to `Sparkle/appcast.xml`, so commit that file after every release. Point `SPARKLE_DOWNLOAD_BASE_TEMPLATE` at your release download prefix to ensure the feed URLs resolve correctly. The feed stays inside the repo (it is not uploaded as a release asset).
+2. `./scripts/build_release.sh` signs the ZIP with Sparkle’s `sign_update` tool and invokes `generate_appcast` automatically when the Sparkle variables are present. The generated feed is written to `Sparkle/appcast.xml`, so commit that file after every release. Point `SPARKLE_DOWNLOAD_BASE_TEMPLATE` at your release-download prefix (e.g. `https://git.24unix.net/tracer/iKeyMon/releases/download/v{{VERSION}}`) so the generated URLs match where Gitea serves assets. The feed stays inside the repo (it is not uploaded as a release asset).
 3. Set `SUFeedURL` in Info.plist (or the corresponding build setting) to the raw URL of `Sparkle/appcast.xml` inside this repo (e.g. `https://git.24unix.net/tracer/iKeyMon/raw/branch/master/Sparkle/appcast.xml`).
 
 Preferences expose Sparkle’s built-in toggles for “Automatically check” and “Automatically download”, and the toolbar button simply calls Sparkle’s “Check for Updates…” sheet.

Sparkle/appcast.xml

@@ -2,13 +2,21 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>iKeyMon</title>
+        <item>
+            <title>26.0.20</title>
+            <pubDate>Wed, 26 Nov 2025 18:36:41 +0100</pubDate>
+            <sparkle:version>47</sparkle:version>
+            <sparkle:shortVersionString>26.0.20</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
+            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/iKeyMon-26.0.20.zip" length="4802865" type="application/octet-stream" sparkle:edSignature="hCJu2I1Db/TaU6pCs1gZi9EO5igr49Fjt/VNnyD8+jm45WINuhzGc4lShcLPxUQTy4iNHnVhmOPYwlthVMXPAg=="/>
+        </item>
         <item>
             <title>26.0.16</title>
             <pubDate>Tue, 25 Nov 2025 18:34:19 +0100</pubDate>
             <sparkle:version>39</sparkle:version>
             <sparkle:shortVersionString>26.0.16</sparkle:shortVersionString>
             <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
-            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/iKeyMon-26.0.16.zip" length="4801351" type="application/octet-stream" sparkle:edSignature="lbQEpxEElRxwyRdm0LQIxsnfh8o8Kt66wQlcl4PBs68lBmjkq0b/5EsVCElWQb0Nei/GCk6I/m2mSNL7mA3wBQ=="/>
+            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/v26.0.16/iKeyMon-26.0.16.zip" length="4801351" type="application/octet-stream" sparkle:edSignature="lbQEpxEElRxwyRdm0LQIxsnfh8o8Kt66wQlcl4PBs68lBmjkq0b/5EsVCElWQb0Nei/GCk6I/m2mSNL7mA3wBQ=="/>
         </item>
         <item>
             <title>26.0.15</title>
@@ -16,15 +24,7 @@
             <sparkle:version>35</sparkle:version>
             <sparkle:shortVersionString>26.0.15</sparkle:shortVersionString>
             <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
-            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/iKeyMon-26.0.15.zip" length="4801128" type="application/octet-stream" sparkle:edSignature="T16+tX44yN2UqIUsMJeZAxydOuLC6lcQQrlRElTkJlSWPheWLy9xPjP4T45mNSOcWTax0gRCnI50ab3geL9XAA=="/>
+            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/v26.0.15/iKeyMon-26.0.15.zip" length="4801128" type="application/octet-stream" sparkle:edSignature="T16+tX44yN2UqIUsMJeZAxydOuLC6lcQQrlRElTkJlSWPheWLy9xPjP4T45mNSOcWTax0gRCnI50ab3geL9XAA=="/>
-        </item>
-        <item>
-            <title>26.0.15</title>
-            <pubDate>Tue, 25 Nov 2025 17:42:56 +0100</pubDate>
-            <sparkle:version>34</sparkle:version>
-            <sparkle:shortVersionString>26.0.15</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.2</sparkle:minimumSystemVersion>
-            <enclosure url="https://git.24unix.net/tracer/iKeyMon/releases/download/iKeyMon-26.0.15.zip" length="4800821" type="application/octet-stream" sparkle:edSignature="bojJ638CY0n+34POoJX3OBrXRAiPOYPiDTfgJOS9fCslw8YGKZLviJvcExC2PKh1HDt0Raabo0FJUJrAFUMmBQ=="/>
         </item>
     </channel>
 </rss>

iKeyMon.xcodeproj/project.pbxproj

@@ -310,7 +310,7 @@
 				CODE_SIGN_ENTITLEMENTS = iKeyMon.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 39;
+				CURRENT_PROJECT_VERSION = 47;
 				DEVELOPMENT_ASSET_PATHS = "\"Preview Content\"";
 				DEVELOPMENT_TEAM = Q5486ZVAFT;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -325,7 +325,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 26.0.16;
+				MARKETING_VERSION = 26.0.20;
 				PRODUCT_BUNDLE_IDENTIFIER = net.24unix.iKeyMon;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_EMIT_LOC_STRINGS = YES;
@@ -341,7 +341,7 @@
 				CODE_SIGN_ENTITLEMENTS = iKeyMon.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 39;
+				CURRENT_PROJECT_VERSION = 47;
 				DEVELOPMENT_ASSET_PATHS = "\"Preview Content\"";
 				DEVELOPMENT_TEAM = Q5486ZVAFT;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -356,7 +356,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 26.0.16;
+				MARKETING_VERSION = 26.0.20;
 				PRODUCT_BUNDLE_IDENTIFIER = net.24unix.iKeyMon;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_EMIT_LOC_STRINGS = YES;

scripts/build_release.sh

@@ -46,6 +46,13 @@ generate_appcast() {
   local staging_dir
   staging_dir="$(mktemp -d)"
   cp "$ARTIFACTS_DIR"/*.zip "$staging_dir"/ 2>/dev/null || true
+
+  if ! ls "$staging_dir"/*.zip >/dev/null 2>&1; then
+    echo "ℹ️ Skipping Sparkle appcast generation (no ZIP archives found)."
+    rm -rf "$staging_dir"
+    return
+  fi
+
   echo "🧾 Generating Sparkle appcast at $output"
   if ! "$generator" \
     --download-url-prefix "$download_prefix" \
@@ -70,6 +77,46 @@ sign_update_artifacts() {
   fi
 }
 
+submit_for_notarization() {
+  local target="$1"
+  local label="$2"
+  echo "📝 Submitting ${label} for notarization..."
+  xcrun notarytool submit "$target" \
+    --apple-id "$NOTARY_APPLE_ID" \
+    --team-id "$NOTARY_TEAM_ID" \
+    --password "$NOTARY_PASSWORD" \
+    --wait
+}
+
+notarize_app_bundle() {
+  local bundle="$1"
+  local label="$2"
+  if [[ -z "${NOTARY_APPLE_ID:-}" || -z "${NOTARY_TEAM_ID:-}" || -z "${NOTARY_PASSWORD:-}" ]]; then
+    echo "ℹ️ Skipping notarization for ${label} (NOTARY_* variables not set)."
+    return 1
+  fi
+
+  local tmp_dir
+  tmp_dir="$(mktemp -d)"
+  local archive="$tmp_dir/$(basename "$bundle").zip"
+  ditto -c -k --keepParent "$bundle" "$archive"
+
+  submit_for_notarization "$archive" "$label"
+  xcrun stapler staple "$bundle"
+  rm -rf "$tmp_dir"
+}
+
+notarize_artifact() {
+  local artifact="$1"
+  local label="$2"
+  if [[ -z "${NOTARY_APPLE_ID:-}" || -z "${NOTARY_TEAM_ID:-}" || -z "${NOTARY_PASSWORD:-}" ]]; then
+    echo "ℹ️ Skipping notarization for ${label} (NOTARY_* variables not set)."
+    return 1
+  fi
+  submit_for_notarization "$artifact" "$label"
+  xcrun stapler staple "$artifact"
+}
+
 if [[ -f "$CREDENTIALS_FILE" ]]; then
   set -a
   # shellcheck disable=SC1090
@@ -113,6 +160,8 @@ else
   echo "⚠️ Skipping codesign (CODESIGN_IDENTITY not set)."
 fi
 
+notarize_app_bundle "$APP_PATH" "iKeyMon.app"
+
 STAGING_DIR=$(mktemp -d)
 mkdir -p "$STAGING_DIR"
 cp -R "$APP_PATH" "$STAGING_DIR/"
@@ -138,15 +187,9 @@ hdiutil create -volname "iKeyMon" -srcfolder "$STAGING_DIR" -ov -format UDZO "$A
 sign_update_artifacts
 
 if [[ -n "${NOTARY_APPLE_ID:-}" && -n "${NOTARY_TEAM_ID:-}" && -n "${NOTARY_PASSWORD:-}" ]]; then
-  echo "📝 Submitting DMG for notarization..."
+  notarize_artifact "$ARTIFACTS_DIR/$DMG_NAME" "$DMG_NAME"
-  xcrun notarytool submit "$ARTIFACTS_DIR/$DMG_NAME" \
-    --apple-id "$NOTARY_APPLE_ID" \
-    --team-id "$NOTARY_TEAM_ID" \
-    --password "$NOTARY_PASSWORD" \
-    --wait
-  xcrun stapler staple "$ARTIFACTS_DIR/$DMG_NAME"
 else
-  echo "⚠️ Skipping notarization (NOTARY_* variables not set)."
+  echo "⚠️ Skipping DMG notarization (NOTARY_* variables not set)."
 fi
 rm -rf "$STAGING_DIR"
 

version.json

@@ -1,3 +1,3 @@
 {
-  "marketing_version": "26.0.16"
+  "marketing_version": "26.0.20"
 }