.There seems to be a fork of Sparkle which supports Sandboxing. It’s current in beta. The install instructions are slightly confusing.

Download the latest build from https://github.com/sparkle-project/Sparkle/tree/ui-separation-and-xpc 

Open Terminal and cd into the directory

run ‘make release’

That will open up a directory with all the needed files.

The update signing is more important now in your appcast.

So, use /bin/generate_keys to generate dsa_pub.pem and dsa_priv.pem

The official repo should help you do that. 

 

Include 3 files into your project.

org.sparkle-project.InstallerConnection.xpc

org.sparkle-project.InstallerStatus.xpc

org.sparkle-project.InstallerLauncher.xpc

 

Now sign them with your Developer ID keys. You just need to do this once. So, I’m not putting them in the build phase.

 

./bin/codesign_xpc “Developer ID Application” org.sparkle-project.InstallerConnection.xpc

./bin/codesign_xpc “Developer ID Application” org.sparkle-project.InstallerStatus.xpc

./bin/codesign_xpc “Developer ID Application” org.sparkle-project.InstallerLauncher.xpc

 

 If your sandboxes app doesn’t have access to the internet from sandboxing, also include org.sparkle-project.Downloader.xpc

./bin/codesign_xpc “Developer ID Application” org.sparkle-project.Downloader.xpc –entitlements com.apple.security.network.client

 

After including these files in your project. Add a build phase that will copy the above files to the XPC Services folder.

 

 

To debug, open the Console.app and search for your app. The debug logs are quite helpful. I got stuck with not having the dsa_pub in the update I was trying to make.