Re: Accessing PackageKit programmatically
Re: Accessing PackageKit programmatically
- Subject: Re: Accessing PackageKit programmatically
- From: Erik Berglund <email@hidden>
- Date: Mon, 13 Jun 2016 20:53:24 +0200
Yes, SMJobBless is the way to do it, it's used to install the helper tool and set it up for launchd. The example project I linked uses that.
And, yes, If you're developing for the Apple platform you should use a developer certificate, which is just $99 a year.
The installer tool will exit with a non-zero status, you can also use flags (-verboseR) to get the verbose installer output (logs) where (if any) the error information is printed. I agree it's not pretty as one would hope as it's a standalone binary, but if it fails it behaves as expected and exits with an exit code that might be helpful. I completely agree that it would be much more helpful to use a framework directly for this, but unfortunately that's not available and probably won't ever be available as they just point at the AppStore.
So, just checking the exit status of the NSTask should be enough to know if it was successful or not, and to get error details you probably have to parse the output. This is done by many applications so there should be examples on GitHub on how others solved this.
Sorry if you got some hard responses, but as you can guess, the Adobe way is not appreciated, and by that I mean to use for example a custom installer.app to move files into place instead of using the standard pkg format.
But, as you've stated many times, if your just using pkgs, then the angry responses can be ignored.
I use the privileged helper (SMJobBless) in some application and it's working great, some of them even calls /usr/sbin/installer.
So, to my knowledge this is the appropriate way to do silent installations. But, if anyone else has input, feel free to add.
> On 13 juni 2016, at 20:40, John Paul Adrian Glaubitz <email@hidden> wrote:
>
> On 06/13/2016 08:33 PM, Erik Berglund wrote:
>> Using NSTask is the way to do this
>
> How do I verify the installation worked as expected? How do I read out the error message in case it fails?
>
>> but using AppleScript to elevate privileges is deprecated, you need to create a helper application that you call which
>> handles the privilege escalation.
>>
> Which is incredibly convoluted when using SMJobBless. In fact, it requires the application to be signed with an Apple
> Developer account. You can't even build Apple's sample app to test the mechanism.
>
>> If you just use standard pkgs, then all you need is the /usr/sbin/installer binary, that is silent and supported.
>
> Again, the problem is that there is no reliable way to query the installer.
>
>> As for elevating privileges, then you create a privileged helper tool that you use to run the installation task.
>>
>> https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html
>> https://developer.apple.com/library/mac/samplecode/EvenBetterAuthorizationSample/Introduction/Intro.html#//apple_ref/doc/uid/DTS40013768-Intro-DontLinkElementID_2
>
> As far as I know, Apple wants you to use this mechanism nowadays:
>
>> https://developer.apple.com/library/mac/samplecode/SMJobBless/Introduction/Intro.html
>
> Adrian
>
> --
> .''`. John Paul Adrian Glaubitz
> : :' : Debian Developer - email@hidden
> `. `' Freie Universitaet Berlin - email@hidden
> `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden