Port select upstream SideStore fixes (.ipa import, icon polish, cert-mismatch refresh guard)#55
Merged
Merged
Conversation
…nch defer) Ported from upstream SideStore (f6858c10). Opening a shared .ipa (from Files, another app, AirDrop) posted the import notification with the original security-scoped URL. The OS can revoke that scoped access once the open callback returns, so signing could later fail to read the file; and on a cold launch the notification was posted before any observer was registered, so the import was silently dropped. Copy the .ipa into a temporary directory we own (readable through signing), and on cold launch stash it until the scene/app becomes active, then post. Adapted to MiniStore conventions (Logger.main instead of print; temporaryDirectory + UUID instead of the upstream uniqueTemporaryURL helper). https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
Ported from upstream SideStore (bee0a371, 50e302e4). Sideloaded app icons frequently include an alpha channel (unlike App Store icons), so transparent edges blended into the banner. AppIconImageView now gives alpha icons a subtle drop shadow and a contrasting backdrop chosen from the icon's average luminance; opaque icons render unchanged. Used by AppBannerView and Browse. https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
Ported from upstream SideStore (068d9067). When the active signing certificate (from auth, or the stored signing-cert serial) differs from the serial an app was last signed with — e.g. after the cert was revoked or rotated — a provision-only refresh re-provisions but does not re-sign, leaving the app unlaunchable. Guard _refresh: if both serials are known and differ, fail early with a clear 'reinstall to re-sign' message instead. Skipped when either serial is unknown, so older installs aren't falsely blocked. Message localized per MiniStore convention. Device-critical (refresh/sign path) — verify on device before merge. https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
Record which of the 163 upstream commits since the fork were ported, already present, or deliberately skipped, so future sessions don't re-evaluate them. https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
Contributor
|
Download the artifacts for this pull request (nightly.link): |
Contributor
|
Builds for this Pull Request are available at |
Ported from upstream SideStore (75dccdfc). Upstream's screen was already SwiftUI; rewritten for MiniStore's Swift 6.2 strict concurrency (async/await + @observable instead of GCD/ObservableObject; a Sendable CacheService does the on-disk sizing off the main actor) and conventions (MiniStore brand, NSLocalizedString, SettingsHostingController hosting, OLED-friendly list). Lists cached internal app bundles and exported resigned apps with their sizes, and lets the user export/share or delete individual entries (more granular than the existing Clear Cache, which wipes everything). Reached from Tech Things. Files auto-compile via the target's synchronized folder group. https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
…work Cache Management ported (SwiftUI); AppIDs deletion + certs-management blocked by missing AltSign/Apple APIs; error-prop refactor N/A to the diverged _refresh; Shortcuts Install-IPA still gated on the _install install-path divergence. https://claude.ai/code/session_01PT8zpkUrgTRaGeKmbvVyNe
Contributor
|
Builds for this Pull Request are available at |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reviewed all 163 upstream
The-Big-Mini/SideStore@developcommits since the 2026-03-19 fork point and ported the ones that apply cleanly to MiniStore. MiniStore shares no git ancestry with SideStore (it was seeded from the tree, not GitHub-forked), so nothing was cherry-picked — each change was ported by hand and verified against current code. Full triage recorded in.claude/sidestore-delta.md.Type of change
Changes
.ipaimport (upstreamf6858c10) — opening a shared.ipaposted the import notification with the original security-scoped URL, which the OS can revoke once the open callback returns (later signing could fail to read it); on a cold launch the notification was posted before any observer was registered and was dropped. Now the file is copied into a temp directory we own and, on cold launch, held until the scene/app is active.AppDelegate.swift+SceneDelegate.swift. Adapted toLogger.main+temporaryDirectory/UUID.bee0a371,50e302e4) —AppIconImageViewgives icons with an alpha channel a subtle drop shadow and a contrasting backdrop chosen from the icon's average luminance; opaque icons render unchanged. Used by the banner and Browse.068d9067) — when the active signing cert serial differs from the serial an app was last signed with (e.g. after revocation/rotation), a provision-only refresh leaves the app unlaunchable.AppManager._refreshnow fails fast with a clear reinstall message; skipped when either serial is unknown. Device-critical — verify on device before merge..claude/sidestore-delta.mdgains an upstream-review log (ported / already-present / skipped-with-reasons) so the sift isn't repeated.Verified already present in MiniStore and intentionally not re-applied: keychain clearing the signing cert on logout (
d90f1535), custom bundle-ID on extensions (0418ac09), widget intent files (682a7972), pairing-file error surfacing (e15ebf50). Skipped as non-portable/too risky: cert-revocation UI (56812a9d, deleted storyboard/VC + submodule), ldid bump (9eab3fca, submodule), error-prop refactor (a27e896a), Shortcuts Install-IPA (1a29d54f, headless-install plumbing in the diverged_install), AltSign/Roxas Swift ports, VPN-config commits, and UIKit feature work that MiniStore rewrote in SwiftUI (would be reimplementation, not a port).Testing
Build and upload MiniStoreis the compile check. All ports reuse existing MiniStore symbols (verified:OperationError.refreshAppFailed,InstalledApp.certificateSerialNumber,Keychain.shared.signingCertificateSerialNumber,context.certificate,AppIconImageViewusage).Checklist
develop(nevermain)CLAUDE.md🤖 Generated with Claude Code
Generated by Claude Code