Hi Xochitl,
Just to clarify, we are using Iceberg to create bundle install packages for Installer.app. The code I am writing is indeed in the preflight script.
We have been able to fail the install just fine from the preflight script by executing "exit 1". But as you said, we have no way of putting up a message to the user, though we emit useful messages to the log.
Thanks for the pointer to the UNIX domain sockets check code. We actually use that code in our daemon to set up the socket files. But during install, we are trying to follow the recommendations in TN 2083 for the daemon itself. The questions I am bringing up reflect problems our beta testers have encountered.
Thanks, Monte
On Aug 19, 2010, at 2:39 PM, Xochitl Lunde wrote:
>
> Hi All,
>
> I don't mean to beat a dead horse, but we are close to deciding what
> to do when our preflight script finds wrong permissions or owner
> when checking /Library/PrivilegedHelperTools/ and it's parents.
> Here are the remaining questions we have boiled down to:
>
> 1. Should we just aspire to the same degree of permissions/owner
> repair that Disk Utility does, i.e., not care about the owner on
> "/"? BTW, DU does not fix a bad owner or permissions
of
> /Library/PrivilegedHelperTools/. I know some of you have said
that
> DU should fix the owner of "/".
>
> 2. If the user's system already has permissions/owner settings
that
> are insecure, are we creating any additional insecurity by
> installing a daemon into a structure that is already compromised?
> Do we have a responsibility, as a third-party software installer,
to
> fix this situation?
>
> Thanks for your input. We will make our decision this evening,
Pacific time.
>
> Regards,
>
> Monte Benaresh
> PACE Anti-Piracy
>
Another thing I just noticed. Failure during
pre-flight script is not supported by Installer. You need a Volume
Check or Installation Check if you want to support installation failures
based on scripting. Can't find the thread with that in it yet, but
it was an old post of mine where I was told it's not supported.
http://osdir.com/ml/installer-dev/2010-03/msg00064.html
<- only link i could find to the old post,
given your decision deadline.
|