site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com On May 5, 2006, at 2:44 PM, Stéphane Sudre wrote: On vendredi, mai 5, 2006, at 06:18 PM, Luke Bellandi wrote: Hi Flippo, I thought the recommendation was: but: you shall not rely on this only. _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... You can add an Installer Plugin to require the user to enter a valid serial number/license code before performing the Install. Apple's Final Cut Studio software does this and won't install onto the user's computer without a valid serial number. Take a look at the /System/Library/Frameworks/ InstallerPlugins.framework headers for documentation on writing such a plugin and integrating it into your installer. We're happy to answer specific questions on those API's on this list as well. You mean that if I copy the package or metapackage of FCP on my disk, then remove the plugin and the potential script, I can't install it with a serial number? Or if I use Pacifist, it's not possible? Or if I install it remotely with ARD? The first sentence in your email doesn't make sense. I think what you meant to say was "You mean that if I copy the package or metapackage of FCP onto my disk, then remove the plugin and potential script, I *can* install it *without* a serial number" The answer to that question is yes, you can. However, the Serial Number plugin is not meant to serve as the gatekeeper to these binaries. An application has to be its own gatekeeper. An Installer plugin is an appropriate _place_ to ask the user for a serial number, but it is unable to _protect_ those package bits, as you've pointed out with the examples of hacking the package, or using Pacifist. I mean, come on, if the application wasn't the gatekeeper, the fact that the install checks can be worked around is irrelevant. In that case, a user could install the app onto a machine with a valid serial number, and then just copy and distribute the installed app illegally if that app didn't perform any checks on a dropped serial number. In Final Cut Studio Pro's case, it drops a key in /Library/Application Support/ with the serial number. Apps then check for that key when launched. - you can do the serialization in an Installer Plug-in or a helper tool launch by a script This email sent to site_archiver@lists.apple.com