WinSparkle is a plug-and-forget software update library for Windows applications. It is heavily inspired by the Sparkle framework for OS X written by Andy Matuschak and others, to the point of sharing the same updates format (appcasts) and having very similar user interface.
See https://winsparkle.org for more information about WinSparkle.
Documentation: wiki and the winsparkle.h header.
The easiest way to use WinSparkle is to either download the prebuilt WinSparkle.dll
binary from releases or use the WinSparkle
NuGet package.
Prebuilt binaries are available for x86, x64 and arm64 platforms.
WinSparkle has a C API that makes it easy to use from many modern languages in addition to C/C++. In addition to that, several bindings for popular languages exist:
- How to use with C#/.NET
- Python
- Go
- Pascal binding bundled with WinSparkle
If you prefer to build WinSparkle yourself, you can do so. You'll have to compile from a git checkout; some of the dependencies are included as git submodules.
Check the sources out and initialize the submodules:
$ git clone https://github.com/vslavik/winsparkle.git
$ cd winsparkle
$ git submodule init
$ git submodule update
To compile the library, just open WinSparkle.sln
(or the one corresponding to
your compiler version) solution and build it.
At the moment, projects for Visual C++ (2010 and up) are provided, so you'll need that (Express/Community edition suffices). In principle, there's nothing in the code preventing it from being compiled by other compilers.
There are also unsupported CMake build files in the cmake directory.
WinSparkle uses exactly same mechanism for signing and signature verification as Sparkle Project does. Its tools and verification methods are fully compatible.
You may use any compatible way to sign your update. To achieve this, you need to sign SHA1 (in binary form) of your update file with DSA private key, using SHA1 digest.
WinSparkle provides tools to generate keys and sign the update using OpenSSL.
You need openssl.exe
available on Windows to use those tools (available as
precompiled binary).
Alternatively, you can generate keys and sign your updates even on macOS or Linux, using tools provided by Sparkle project.
- First, make yourself a pair of DSA keys. This needs to be done only once.
WinSparkle includes a tool to help:
bin\generate_keys.bat
- Back up your private key (dsa_priv.pem) and keep it safe. You don’t want anyone else getting it, and if you lose it, you may not be able to issue any new updates.
- Add your public key (dsa_pub.pem) to your project either as Windows resource, or any other suitable way and provide it using WinSparkle API.
When your update is ready (e.g. Updater.exe
), sign it and include signature
to your appcast file:
- Sign:
bin\sign_update.bat Updater.exe dsa_priv.pem
- Add standard output of previous command as
sparkle:dsaSignature
attribute ofenclosure
node of your appcast file. Alternativelysparkle:dsaSignature
can be a child node ofenclosure
.
Download the sources archive and have a look at the examples/ folder.
If you want to stay at the bleeding edge and use the latest, not yet released, version of WinSparkle, you can get its sources from public repository. WinSparkle uses git and and the sources are hosted on GitHub at https://github.com/vslavik/winsparkle
WinSparkle uses submodules for some dependencies, so you have to initialize them after checking the tree out:
$ git clone https://github.com/vslavik/winsparkle.git
$ cd winsparkle
$ git submodule init
$ git submodule update
Then compile WinSparkle as described above; no extra steps are required.