Remove ed25519 git submodule

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "Vendor/ed25519"]
-	path = Vendor/ed25519
-	url = https://github.com/orlp/ed25519

Autoupdate/SUSignatureVerifier.m

@@ -17,7 +17,7 @@
 #import "SUSignatures.h"
 #import "SUErrors.h"
 #include <CommonCrypto/CommonDigest.h>
-#import "ed25519.h" // Run `git submodule update --init` if you get an error here
+#import "ed25519.h"
 
 
 #include "AppKitPrevention.h"

Configurations/ConfigCommon.xcconfig

@@ -42,13 +42,13 @@ SPARKLE_ICON_NAME = AppIcon
 // If you change any of these version details, you must increase CURRENT_PROJECT_VERSION
 // These variables must have a space after the '=' too
 SPARKLE_VERSION_MAJOR = 2
-SPARKLE_VERSION_MINOR = 2
-SPARKLE_VERSION_PATCH = 1
+SPARKLE_VERSION_MINOR = 3
+SPARKLE_VERSION_PATCH = 0
 
 // This should be in SemVer format or empty, ie. "-beta.1"
 // These variables must have a space after the '=' too
 SPARKLE_VERSION_SUFFIX =
-CURRENT_PROJECT_VERSION = 2017
+CURRENT_PROJECT_VERSION = 2018
 
 MARKETING_VERSION = $(SPARKLE_VERSION_MAJOR).$(SPARKLE_VERSION_MINOR).$(SPARKLE_VERSION_PATCH)$(SPARKLE_VERSION_SUFFIX)
 ALWAYS_SEARCH_USER_PATHS = NO

Configurations/make-release-package.sh

@@ -107,40 +107,46 @@ if [ "$ACTION" = "" ] ; then
     rm -rf "/tmp/sparkle-extract"
     rm -rf "$CONFIGURATION_BUILD_DIR/staging"
 
-    # Generate zip containing the xcframework for SPM
-    rm -rf "/tmp/sparkle-spm-extract"
-    mkdir -p "/tmp/sparkle-spm-extract"
-    cd "$CONFIGURATION_BUILD_DIR/staging-spm"
-    # rm -rf "$CONFIGURATION_BUILD_DIR/Sparkle.xcarchive"
-    ditto -c -k --zlibCompressionLevel 9 --rsrc . "../Sparkle-for-Swift-Package-Manager.zip"
-
-    # Test code signing validity of the extracted Swift package
-    # This guards against our archives being corrupt / created incorrectly
-    ditto -x -k "../Sparkle-for-Swift-Package-Manager.zip" "/tmp/sparkle-spm-extract"
-    verify_code_signatures "/tmp/sparkle-spm-extract"
-
-    rm -rf "/tmp/sparkle-spm-extract"
-    rm -rf "$CONFIGURATION_BUILD_DIR/staging-spm"
-
     # Get latest git tag
     cd "$SRCROOT"
-    latest_git_tag=$(git describe --tags --abbrev=0)
-
-    # Check semantic versioning
-    if [[ $latest_git_tag =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$ ]]; then
-        echo "Tag $latest_git_tag follows semantic versioning"
-    else
-        echo "ERROR: Tag $latest_git_tag does not follow semantic versioning! SPM will not be able to resolve the repository" >&2
-        exit 1
+    latest_git_tag=$( git describe --tags --abbrev=0 || true )
+
+    if [ -n "$latest_git_tag" ] ; then
+        # Generate zip containing the xcframework for SPM
+        rm -rf "/tmp/sparkle-spm-extract"
+        mkdir -p "/tmp/sparkle-spm-extract"
+        cd "$CONFIGURATION_BUILD_DIR/staging-spm"
+        # rm -rf "$CONFIGURATION_BUILD_DIR/Sparkle.xcarchive"
+        ditto -c -k --zlibCompressionLevel 9 --rsrc . "../Sparkle-for-Swift-Package-Manager.zip"
+
+        # Test code signing validity of the extracted Swift package
+        # This guards against our archives being corrupt / created incorrectly
+        ditto -x -k "../Sparkle-for-Swift-Package-Manager.zip" "/tmp/sparkle-spm-extract"
+        verify_code_signatures "/tmp/sparkle-spm-extract"
+
+        rm -rf "/tmp/sparkle-spm-extract"
+        rm -rf "$CONFIGURATION_BUILD_DIR/staging-spm"
+
+        cd "$SRCROOT"
+
+        # Check semantic versioning
+        if [[ $latest_git_tag =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$ ]]; then
+            echo "Tag $latest_git_tag follows semantic versioning"
+        else
+            echo "ERROR: Tag $latest_git_tag does not follow semantic versioning! SPM will not be able to resolve the repository" >&2
+            exit 1
+        fi
+
+            # Generate new Package manifest, podspec, and carthage files
+        cd "$CONFIGURATION_BUILD_DIR"
+        cp "$SRCROOT/Package.swift" "$CONFIGURATION_BUILD_DIR"
+        cp "$SRCROOT/Sparkle.podspec" "$CONFIGURATION_BUILD_DIR"
+        cp "$SRCROOT/Carthage-dev.json" "$CONFIGURATION_BUILD_DIR"
     fi
-
-    # Generate new Package manifest, podspec, and carthage files
-    cd "$CONFIGURATION_BUILD_DIR"
-    cp "$SRCROOT/Package.swift" "$CONFIGURATION_BUILD_DIR"
-    cp "$SRCROOT/Sparkle.podspec" "$CONFIGURATION_BUILD_DIR"
-    cp "$SRCROOT/Carthage-dev.json" "$CONFIGURATION_BUILD_DIR"
 
-    if [ "$XCODE_VERSION_MAJOR" -ge "1200" ]; then
+    if [ -z "$latest_git_tag" ] ; then
+        echo "warning: No git repository found so skipping updating package management files"
+    elif [ "$XCODE_VERSION_MAJOR" -ge "1200" ]; then
         # is equivalent to shasum -a 256 FILE
         spm_checksum=$(swift package compute-checksum "Sparkle-for-Swift-Package-Manager.zip")
         rm -rf ".build"

Configurations/release-move-tag.sh

@@ -2,7 +2,11 @@
 set -e
 
 # Convenience script to automatically commit Package.swift after updating the checksum and move the latest tag
-latest_git_tag=$(git describe --tags --abbrev=0) # gets the latest tag name
+latest_git_tag=$( git describe --tags --abbrev=0 || true ) # gets the latest tag name
+if [ -z "$latest_git_tag" ] ; then
+    exit 0
+fi
+
 commits_since_tag=$(git rev-list ${latest_git_tag}.. --count)
 
 function move_tag() {

README.markdown

@@ -37,13 +37,6 @@ Please visit [Sparkle's website](http://sparkle-project.org) for up to date docu
 
 See [getting started guide](https://sparkle-project.org/documentation/). No code is necessary, but a bit of Xcode configuration is required.
 
-## Development
-
-This repository uses git submodules, and will not build unless you clone recursively. Also, GitHub-provided ZIP/tar archives are broken due to GitHub not supporting git submodules properly.
-
-    git clone https://github.com/sparkle-project/Sparkle
-    git submodule update --init --recursive
-
 ### Troubleshooting
 
   * Please check **Console.app** for logs under your application. Sparkle prints detailed information there about all problems it encounters. It often also suggests solutions to the problems, so please read Sparkle's log messages carefully.

Sparkle.xcodeproj/project.pbxproj

@@ -2357,7 +2357,7 @@
 				EA1E284422B660ED004AA304 /* ge.h */,
 			);
 			name = ed25519;
-			path = ed25519/src;
+			path = "ed25519-sparkle/src";
 			sourceTree = "<group>";
 		};
 		EA1E285F22B66487004AA304 /* generate_keys */ = {

TestApplication/SUTestApplicationDelegate.m

@@ -11,7 +11,7 @@
 #import "SUFileManager.h"
 #import "SUTestWebServer.h"
 #import "TestAppHelperProtocol.h"
-#import "ed25519.h" // Run `git submodule update --init` if you get an error here
+#import "ed25519.h"
 #import <Sparkle/Sparkle.h>
 #import "SUPopUpTitlebarUserDriver.h"
 #import "SUBinaryDeltaCreate.h"

Vendor/ed25519-sparkle/alterations.txt

@@ -0,0 +1,8 @@
+Files removed:
+ed25519_32.dll
+ed25519_64.dll
+test.c
+
+Retrieved source: git@github.com:sparkle-project/ed25519.git
+Branch: master
+Commit: 7fa6712ef5d581a6981ec2b08ee623314cd1d1c4

Vendor/ed25519-sparkle/license.txt

@@ -0,0 +1,16 @@
+Copyright (c) 2015 Orson Peters <orsonpeters@gmail.com>
+
+This software is provided 'as-is', without any express or implied warranty. In no event will the
+authors be held liable for any damages arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose, including commercial
+applications, and to alter it and redistribute it freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; you must not claim that you wrote the
+   original software. If you use this software in a product, an acknowledgment in the product
+   documentation would be appreciated but is not required.
+
+2. Altered source versions must be plainly marked as such, and must not be misrepresented as
+   being the original software.
+
+3. This notice may not be removed or altered from any source distribution.

Vendor/ed25519-sparkle/readme.md

@@ -0,0 +1,166 @@
+Ed25519
+=======
+
+This is a portable implementation of [Ed25519](http://ed25519.cr.yp.to/) based
+on the SUPERCOP "ref10" implementation. Additionally there is key exchanging
+and scalar addition included to further aid building a PKI using Ed25519. All
+code is licensed under the permissive zlib license.
+
+All code is pure ANSI C without any dependencies, except for the random seed
+generation which uses standard OS cryptography APIs (`CryptGenRandom` on
+Windows, `/dev/urandom` on nix). If you wish to be entirely portable define
+`ED25519_NO_SEED`. This disables the `ed25519_create_seed` function, so if your
+application requires key generation you must supply your own seeding function
+(which is simply a 256 bit (32 byte) cryptographic random number generator).
+
+
+Performance
+-----------
+
+On a Windows machine with an Intel Pentium B970 @ 2.3GHz I got the following
+speeds (running on only one a single core):
+
+    Seed generation: 64us (15625 per second)
+    Key generation: 88us (11364 per second)
+    Message signing (short message): 87us (11494 per second)
+    Message verifying (short message): 228us (4386 per second)
+    Scalar addition: 100us (10000 per second)
+    Key exchange: 220us (4545 per second)
+
+The speeds on other machines may vary. Sign/verify times will be higher with
+longer messages. The implementation significantly benefits from 64 bit
+architectures, if possible compile as 64 bit.
+
+
+Usage
+-----
+
+Simply add all .c and .h files in the `src/` folder to your project and include
+`ed25519.h` in any file you want to use the API. If you prefer to use a shared
+library, only copy `ed25519.h` and define `ED25519_DLL` before importing. A
+windows DLL is pre-built.
+
+There are no defined types for seeds, private keys, public keys, shared secrets
+or signatures. Instead simple `unsigned char` buffers are used with the
+following sizes:
+
+```c
+unsigned char seed[32];
+unsigned char signature[64];
+unsigned char public_key[32];
+unsigned char private_key[64];
+unsigned char scalar[32];
+unsigned char shared_secret[32];
+```
+
+API
+---
+
+```c
+int ed25519_create_seed(unsigned char *seed);
+```
+
+Creates a 32 byte random seed in `seed` for key generation. `seed` must be a
+writable 32 byte buffer. Returns 0 on success, and nonzero on failure.
+
+```c
+void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key,
+                            const unsigned char *seed);
+```
+
+Creates a new key pair from the given seed. `public_key` must be a writable 32
+byte buffer, `private_key` must be a writable 64 byte buffer and `seed` must be
+a 32 byte buffer.
+
+```c
+void ed25519_sign(unsigned char *signature,
+                  const unsigned char *message, size_t message_len,
+                  const unsigned char *public_key, const unsigned char *private_key);
+```
+
+Creates a signature of the given message with the given key pair. `signature`
+must be a writable 64 byte buffer. `message` must have at least `message_len`
+bytes to be read. 
+
+```c
+int ed25519_verify(const unsigned char *signature,
+                   const unsigned char *message, size_t message_len,
+                   const unsigned char *public_key);
+```
+
+Verifies the signature on the given message using `public_key`. `signature`
+must be a readable 64 byte buffer. `message` must have at least `message_len`
+bytes to be read. Returns 1 if the signature matches, 0 otherwise.
+
+```c
+void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key,
+                        const unsigned char *scalar);
+```
+
+Adds `scalar` to the given key pair where scalar is a 32 byte buffer (possibly
+generated with `ed25519_create_seed`), generating a new key pair. You can
+calculate the public key sum without knowing the private key and vice versa by
+passing in `NULL` for the key you don't know. This is useful for enforcing
+randomness on a key pair by a third party while only knowing the public key,
+among other things.  Warning: the last bit of the scalar is ignored - if
+comparing scalars make sure to clear it with `scalar[31] &= 127`.
+
+
+```c
+void ed25519_key_exchange(unsigned char *shared_secret,
+                          const unsigned char *public_key, const unsigned char *private_key);
+```
+
+Performs a key exchange on the given public key and private key, producing a
+shared secret. It is recommended to hash the shared secret before using it.
+`shared_secret` must be a 32 byte writable buffer where the shared secret will
+be stored.
+
+Example
+-------
+
+```c
+unsigned char seed[32], public_key[32], private_key[64], signature[64];
+unsigned char other_public_key[32], other_private_key[64], shared_secret[32];
+const unsigned char message[] = "TEST MESSAGE";
+
+/* create a random seed, and a key pair out of that seed */
+if (ed25519_create_seed(seed)) {
+    printf("error while generating seed\n");
+    exit(1);
+}
+
+ed25519_create_keypair(public_key, private_key, seed);
+
+/* create signature on the message with the key pair */
+ed25519_sign(signature, message, strlen(message), public_key, private_key);
+
+/* verify the signature */
+if (ed25519_verify(signature, message, strlen(message), public_key)) {
+    printf("valid signature\n");
+} else {
+    printf("invalid signature\n");
+}
+
+/* create a dummy keypair to use for a key exchange, normally you'd only have
+the public key and receive it through some communication channel */
+if (ed25519_create_seed(seed)) {
+    printf("error while generating seed\n");
+    exit(1);
+}
+
+ed25519_create_keypair(other_public_key, other_private_key, seed);
+
+/* do a key exchange with other_public_key */
+ed25519_key_exchange(shared_secret, other_public_key, private_key);
+
+/* 
+    the magic here is that ed25519_key_exchange(shared_secret, public_key,
+    other_private_key); would result in the same shared_secret
+*/
+
+```
+
+License
+-------
+All code is released under the zlib license. See license.txt for details.