This guide shows how to integrate Sparkle into a sandboxed app using the App Sandbox (com.apple.security.app-sandbox) entitlement.
If this guide does not meet your requirements, you can learn more in Sparkle's sandboxing guide.
XPC Services
Sparkle uses 2 XPC services inside the framework to update your application:
- Installer.xpc
- Downloader.xpc
Installer
The installer service is required to update your application when sandboxed. You enable this service by setting the SUEnableInstallerLauncherService to YES in your Info.plist file.
<key>SUEnableInstallerLauncherService</key>
<true/>To allow your app to communicate with Sparkle's installer services, you need to add the following temporary exceptions to your .entitlements file:
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spks</string>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)-spki</string>
</array>Downloader
For Sparkle to be able to fetch and download new updates, your application needs the Outgoing Client Connections (com.apple.security.network.client) entitlement. You can either enable the checkmark in Xcodes under Signing & Capabilities or add the following to your entitlements file:
<key>com.apple.security.network.client</key>
<true/>