If your app already has an older version of Sparkle, see upgrading from previous versions.
Note that Sparkle does not yet support sandboxed applications.
If you use CocoaPods:
pod 'Sparkle'to your Podfile.
use_frameworks!in your Podfile.
If you don’t have CocoaPods, then add Sparkle manually:
Sparkle.frameworkinto the Frameworks folder of your Xcode project.
@loader_path/../Frameworks(for non-Xcode projects add the flags
These instructions are for regular .app bundles. If you want to update a non-app bundle, such as a Preference Pane or a plug-in, follow step 2 for non-app bundles.
SUUpdaterin the Class box of the Custom Class section in the inspector.
SUUpdaterinstance and its action to
Since Sparkle is downloading executable code to your users’ systems, you must be very careful about security. To let Sparkle know that a downloaded update is not corrupted and came from you (instead of a malicious attacker), we recommend:
.pkg) must be signed with DSA.
To prepare signing with DSA signatures:
SUPublicDSAKeyFilekey to your
Info.plist; set its value to your public key’s filename—unless you renamed it, this will be
If you are code-signing your application via Apple’s Developer ID program, Sparkle will ensure the new version’s author matches the old version’s. Sparkle also performs basic (but not deep) validation for testing if the new application is archived/distributed correctly as you intended.
If you both code-sign your application and include a public DSA key for signing your update archive, Sparkle allows issuing a new update that changes either your code signing certificate or your DSA keys. Note however this is a last resort and should only be done if you lose access to one of them.
For best compatibility with macOS Sierra and later you should use signed disk image (DMG) for distribution of apps from your product’s website. The system will quarantine (translocate) apps downloaded from the Internet, unless they’re from a signed DMG, installer package, or are moved using Finder.
If you distribute your app as a disk image (DMG):
/Applicationssymlink in your DMG, or otherwise encourage the user to copy the app out of it (the app can’t be updated when it’s launched straight from the disk).
If you distribute your app as a ZIP or a tar archive:
/Applications(e.g. use LetsMove). The system will not allow the app to update itself until it’s moved.
Sparkle supports updating from DMG, ZIP archives, tarballs, and installer packages, so you can generally reuse the same archive for distribution of your app on your website as well as Sparkle updates.
Sparkle uses appcasts to get information about software updates. An appcast is an RSS feed with some extra information for Sparkle’s purposes.
SUFeedURLkey to your
Info.plist; set its value to a URL where your appcast will be hosted, e.g.
https://yourcompany.example.com/appcast.xml. We strongly encourage you to use HTTPS URLs for the appcast.
CFBundleVersionkey in your
If you update regular app bundles and you have set up DSA signatures, you can use a tool to generate appcasts automatically:
generate_appcast tool from Sparkle’s distribution archive specifying the path to your DSA private key, and the folder with update archives:
./bin/generate_appcast /path/to/your/dsa_priv.pem /path/to/your/updates_folder/
SUFeedURL) and also
*.deltaupdate files. Upload your archives, the delta updates and the appcast to your server.
You can also create the appcast file manually:
CFBundleVersionto a lower version.
CFBundleVersionof the latest version of the app is useful for testing the latest version of Sparkle framework.
Update process will be logged to
Console.app. If anything goes wrong, you should find detailed explanation in the log.
That’s it! You’re done! You don’t have to do any more. But you might want to: