Which provisioning profile should be used for Sparkle tools

[tbaranes]

Hello!

After integrating Sparkle using Swift Package Manager I ran into an issue while exporting the app. Apparently I need to choose a profile for Sparkle tools (Updater.app, Downloader.xpc and Installer.xpc):

From the documentation:

We recommend distributing your app in Xcode by creating a Product › Archive and Distribute App choosing Developer ID method of distribution. Using Xcode’s Archive Organizer will ensure Sparkle’s helper tools are code signed properly for distribution. In automated environments, this can instead be done using xcodebuild archive and xcodebuild -exportArchive.

The code sign seems to be handled correctly by Xcode when generating the archive but is it normal that Xcode is asking these profiles? If yes, how are we supposed to handle it? Should we generate a provisioning profile for these tools or is there something included in Sparkle to resolve this?

Additional information:

• Sparkle is added using Swift Package Manager
• The app is sandboxed
• Using Xcode 14.1
• App is signed using a Developer ID
• There's no pre/post scripts run (so nothing should influence the default setup)
• Using command line-tools I can bypass the profiles steps but I'm running in the same notarising issues as this post
• codesign --deep -vvv --verify indicates everything is signed as expected but running spctl -a -t exec -vv is rejected

I read most of the issues/discussions related to these issues but didn't find a clear answer of what's expected here. So I suppose I'm doing something wrong but can't see what.

Any help is appreciated, thanks 🙏

[tbaranes]

In the end I've been able to pass the notarisation after the dmg after signing it using sign_update. I'm still unable to export it through Xcode but it works in command line tools so... Anyway, I can move on since it's working this way but I'm curious if that was expected or if I had to do something differently.

[zorgiepoo]

I believe I don't change anything. I just leave it as "Select Profile" for those bundles and continue to export/notarize it in Xcode.

I don't recommend much of what is discussed in #1550. If you want to use the command line, you can use xcodebuild archive and xcodebuild -exportArchive and then notarize, but this is similar to the Xcode UI.

[tbaranes]

Good to know for #1550!

I believe I don't change anything. I just leave it as "Select Profile" for those bundles and continue to export/notarize it in Xcode.

I don't know if it has changes with the latest version of Xcode but the "next" button is disabled when no profiles are selected.

Anyway since it seems to be ok using the command line I'm gonna mark this discussion as resolved. Thanks for the answer :)

[zorgiepoo]

I don't have to select any special profiles to notarize a sandboxed Developer ID signed app with Sparkle (with SPM) using Xcode 14.1. If the workflow isn't working properly for you or is otherwise buggy I'd file a bug/feedback report to Apple.