site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=7RzRWK9t1oFvvNUZSeK41YNHjxeUtNZOxHh/d7nvBVM=; b=dBmIXfXsPhxgBGA36xHN8NpZoexCyBVVHIQTG4f51Hc2XR1ktwbh5QXq2L/W2w/kSG l5eZrRUHp+UpL3wnJ8wzivAaufv0+uydq7jrqxQsrO086x17+wS30DYPGfVXtXOnfx5z kxaM7ZJlYbmpgRswvg8fxpb6XW5pgh7oysqdM= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=ZIl5ZBMnevsVJAVfbDOsjy5kNNZADbOLGoj0GUQPUeRDMfUuvo+H/TXTS5BO+L9VBW urQHuijZruIwjBaUXVW+n5atBf+Dpyu9SDYujPo7FSnlCRXmmqwhfb0uFzj8LH0OPWmg Mmcf+/TxYVzU3p7VthHIXoBsPMHyvj97M5+Kw= On Feb 18, 2009, at 3:01 PM, Dodger wrote: If you mean disallow any external scripts, well, there's a reason they're allowed: to allow for things they haven't foreseen. I know my problem would be very unlikely to be handled in the packagemaker app, for instance (i.e. applying a morph target to an Alias Wavefront Maya object file and saving out the results). If Apple foresaw that need, they probably *still* wouldn't include the possibility because it would be so rare. - The same as above, but for the javascript sections of the installer And on the really-out-there field: -- Karl Kuehn larkost@softhome.net _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... I've been thinking about this. Is there a way Apple could disallow these arbitrary installer scripts and still support the scenarios that seem to require them? Perhaps this warrants a separate thread. I agree completely that there is no way that Apple could get rid scripts from installers. I think that the better way of making both the installer-writers and the system-admins happy would be to have a way for installer script to tell the installer program that they had touched specific files so that the installer could then communicate that appropriately (through .bom's, etc). And vitally important: document that as an important thing. What I would want in the perfect installer program has been in my mind much recently, and since nobody asked here are a few things that I would want: - Ability to sandbox/chroot the installer scripts so that it only used and wrote to the target volume - An explicit mechanism for licensing/registration systems. I am thinking about something like a plugin system, but with the ability to pass the licensing/registration information from the command line for command-line installs. It would also allow for a GUI that would provide the information to the Plugin the same way. I don't want Apple to mess around with trying to do this themselves, but rather to provide a consistent interface for package-developers to do so. - Better documentation and examples of how to write all of the javascript components now allowed (documentation on this is really hard to find) - Apple emphasizing to installer writers (both internal and external) that their installers will not always be used by consumers on a single machine that they are logged into. (InstaDMG has become the lens I view this thorough) - Redo the conversion to XAR and this time don't just wrap a CPIO inside a XAR but rather extend XAR to handle all of the cases the CPIO handles. With some careful work this would allow for tools like Radmind to work directly with .pkg's rather than replace them. This email sent to site_archiver@lists.apple.com