Re: Question about SMJobBless
Re: Question about SMJobBless
- Subject: Re: Question about SMJobBless
- From: Eric Gorr <email@hidden>
- Date: Fri, 30 Sep 2011 17:35:35 -0400
Ok, so the code to do the code sign check I am using is below. Furthermore, I have my version of the SMJobBless app with these checks at:
http://ericgorr.net/cocoadev/SMJobBless.zip
The only remaining question is whether or not there is a better way or whether the code-sign check is necessary?
if ( currentVersion == installedVersion )
{
SecRequirementRef requirement;
OSStatus stErr;
stErr = SecRequirementCreateWithString( CFSTR( "identifier com.apple.bsd.SMJobBlessHelper and certificate leaf[subject.CN] = \"Joe Developer\"" ), kSecCSDefaultFlags, &requirement );
if ( stErr == noErr )
{
SecStaticCodeRef staticCodeRef;
stErr = SecStaticCodeCreateWithPath( (CFURLRef)installedPathURL, kSecCSDefaultFlags, &staticCodeRef );
if ( stErr == noErr )
{
stErr = SecStaticCodeCheckValidity( staticCodeRef, kSecCSDefaultFlags, requirement );
needToInstall = NO;
}
}
}
On Sep 30, 2011, at 4:27 PM, Eric Gorr wrote:
> Well, it turned out to be not that bad to check the version numbers. The trick was to use CFBundleCopyInfoDictionaryForURL so one could get the info.plist from the helper tool. In any case, for those who might be interested, I have included the code below I used to check the installed helper tool vs. the current helper tool version for the SMJobBless sample application. If there is a better way, I would be interested.
>
> I suppose one more additional check that might need to be made is to verify that a connection to the tool can actually be made if the versions do match. It would seem possible that a different tool with the same name and version might exist. So, it would seem to be a good idea to check the signing requirement for the helper tool. In the case of the SMJobBless sample code, this is what I have so far:
> Or, is this check not necessary?
>
>
> -----
> -----
>
> NSDictionary* installedHelperJobData = (NSDictionary*)SMJobCopyDictionary( kSMDomainSystemLaunchd, (CFStringRef)@"com.apple.bsd.SMJobBlessHelper" );
> BOOL needToInstall = YES;
>
> if ( installedHelperJobData )
> {
> NSLog( @"helperJobData: %@", installedHelperJobData );
>
> NSString* installedPath = [[installedHelperJobData objectForKey:@"ProgramArguments"] objectAtIndex:0];
> NSURL* installedPathURL = [NSURL fileURLWithPath:installedPath];
>
> NSDictionary* installedInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)installedPathURL );
> NSString* installedBundleVersion = [installedInfoPlist objectForKey:@"CFBundleVersion"];
> NSInteger installedVersion = [installedBundleVersion integerValue];
>
> NSLog( @"installedVersion: %ld", (long)installedVersion );
>
> NSBundle* appBundle = [NSBundle mainBundle];
> NSURL* appBundleURL = [appBundle bundleURL];
>
> NSLog( @"appBundleURL: %@", appBundleURL );
>
> NSURL* currentHelperToolURL = [appBundleURL URLByAppendingPathComponent:@"Contents/Library/LaunchServices/com.apple.bsd.SMJobBlessHelper"];
> NSDictionary* currentInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)currentHelperToolURL );
> NSString* currentBundleVersion = [currentInfoPlist objectForKey:@"CFBundleVersion"];
> NSInteger currentVersion = [currentBundleVersion integerValue];
>
> NSLog( @"currentVersion: %ld", (long)currentVersion );
>
> if ( currentVersion == installedVersion )
> {
> needToInstall = NO;
> }
> }
>
>
> On Sep 30, 2011, at 3:09 PM, Eric Gorr wrote:
>
>> So, it looks like one can call SMJobCopyDictionary with kSMDomainSystemLaunchd and, in the case of the SMJobBless sample code, com.apple.bsd.SMJobBlessHelper to determine whether or not the helper tool has been installed.
>>
>> What I am still not sure about is how to check the version number of the tool to see if I need to call SMJobBless again to update the helper tool.
>>
>> I suppose I could encode the version in the label of the tool. So, in the case of the SMJobBless code, one might have:
>>
>> com.apple.bsd.SMJobBlessHelper.3
>>
>> or something, but I'm guessing there is a better solution then this.
>>
>>
>>
>> On Sep 30, 2011, at 1:53 PM, Eric Gorr wrote:
>>
>>> That's interesting.
>>>
>>> So, how would one go about checking to see whether or not SMJobBless needed to be called?
>>>
>>> I suppose one would need to check the version number of the installed job vs. the one in the application package.
>>>
>>> I also suppose one would also try to connect with the helper tool and, if that fails, then call SMJobBless.
>>>
>>>
>>>
>>> On Sep 30, 2011, at 1:40 PM, Kyle Sluder wrote:
>>>
>>>> On Sep 30, 2011, at 10:05 AM, Eric Gorr <email@hidden> wrote:
>>>>
>>>>> On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote:
>>>>>
>>>>>> As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time.
>>>>>
>>>>> It would be interesting if that is how it actually works, but I am quite certain it doesn't work that way.
>>>>
>>>> It does. SMJobBless submits a blessed plist to launchd. It does not do one-off jobs. You use once it to install a privileged launchd task that you can talk to in the future.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden