Re: Question about SMJobBless
If anyone is interested, this (probably) turned out to be a bug and one has been filed. rdar://10280469 The way the system currently works is that it will ask for an admin password every time regardless of whether or not the SMJobBless function needs to install the helper tool or not. The bug is (probably) that a admin password request should not be made if the helper tool does not need to be installed (for example, it is already installed and has the same version as the one in the app bundle). So, what this means is that the determination of whether or not the helper tool needs to be installed needs to be made before a call to SMJobBless and SMJobBless should only be called if it is already known the helper tool needs to be installed. In my case, I only need to check whether the tool is installed (SMJobCopyDictionary handles this) and, if the tool is installed, whether or not it's version is older then the version of the tool in my app bundle. Some (incomplete) code to check whether the tool is installed and what the versions are is below. There is another alternative to do a version check of the helper tool which is for the helper tool to receive a request for it's version and for it to send a version reply back. Personally, I like the method below, but wanted to mention this alternative as it may be the best path in some situations. -- VV -- NSDictionary* installedHelperJobData; installedHelperJobData = (NSDictionary*)SMJobCopyDictionary( kSMDomainSystemLaunchd, (CFStringRef)@com.apple.bsd.SMJobBlessHelper ); NSString* installedPath = [[installedHelperJobData objectForKey:@ProgramArguments] objectAtIndex:0]; NSURL* installedPathURL= [NSURL fileURLWithPath:installedPath]; NSDictionary* installedInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)installedPathURL ); NSString* installedBundleVersion = [installedInfoPlist objectForKey:@CFBundleVersion]; NSInteger installedVersion= [installedBundleVersion integerValue]; NSLog( @installedVersion: %ld, (long)installedVersion ); NSBundle* appBundle = [NSBundle mainBundle]; NSURL* appBundleURL= [appBundle bundleURL]; NSURL* currentHelperToolURL= [appBundleURL URLByAppendingPathComponent:@Contents/Library/LaunchServices/com.apple.bsd.SMJobBlessHelper]; NSDictionary* currentInfoPlist= (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)currentHelperToolURL ); NSString* currentBundleVersion= [currentInfoPlist objectForKey:@CFBundleVersion]; NSInteger currentVersion = [currentBundleVersion integerValue]; NSLog( @currentVersion: %ld, (long)currentVersion ); -- ^^ -- On Sep 29, 2011, at 4:45 PM, Eric Gorr wrote: I cannot seem to locate any documentation on this, so hopefully someone can confirm the behavior I am seeing with Apple's sample SMJobBless code located at: http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010071 I was under the impression that it would only ask for an admin password if it detected a that a new version of the helper tool needed to be installed. However, this impression is apparently incorrect. The behavior I am seeing under 10.6 is that if I launch the app for the first time, it will ask for the password. If I launch almost immediately, it won't. However, if I wait a long enough time, it will ask for the password again. During all of this, the helper tool does not change. Can anyone point to documentation that defines this as the correct behavior? Thank you. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
I had a couple of followup questions concerning the approach used by SMJobBless in developing a secure helper tool. In the How It Works section in the ReadMe, it states: 4. Requiring the user to authorize the privileged helper tool only once the first time it's used This is what I believe led to my confusion on why the app continues to ask for the password every time I launch it. However, this statement actually refers to the need to just ask for the password once at application launch and have the authorization remain valid while the application is running. Is this correct? I am also wondering how it might be possible to only ask for an admin password once as an absolute regardless of the number of time the application was launched. Is this possible? If so, how? Thank you. On Sep 29, 2011, at 4:45 PM, Eric Gorr wrote: I cannot seem to locate any documentation on this, so hopefully someone can confirm the behavior I am seeing with Apple's sample SMJobBless code located at: http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010071 I was under the impression that it would only ask for an admin password if it detected a that a new version of the helper tool needed to be installed. However, this impression is apparently incorrect. The behavior I am seeing under 10.6 is that if I launch the app for the first time, it will ask for the password. If I launch almost immediately, it won't. However, if I wait a long enough time, it will ask for the password again. During all of this, the helper tool does not change. Can anyone point to documentation that defines this as the correct behavior? Thank you. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
If you want answer, you should try the darwin-dev list. SMJobBless is not cocoa specific, and so is off-topic on this list, and IIRC, the engineer in charge of the ServiceManagement framework is a darwin-dev subscriber. Le 30 sept. 2011 à 16:01, Eric Gorr a écrit : I had a couple of followup questions concerning the approach used by SMJobBless in developing a secure helper tool. In the How It Works section in the ReadMe, it states: 4. Requiring the user to authorize the privileged helper tool only once the first time it's used This is what I believe led to my confusion on why the app continues to ask for the password every time I launch it. However, this statement actually refers to the need to just ask for the password once at application launch and have the authorization remain valid while the application is running. Is this correct? I am also wondering how it might be possible to only ask for an admin password once as an absolute regardless of the number of time the application was launched. Is this possible? If so, how? Thank you. On Sep 29, 2011, at 4:45 PM, Eric Gorr wrote: I cannot seem to locate any documentation on this, so hopefully someone can confirm the behavior I am seeing with Apple's sample SMJobBless code located at: http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010071 I was under the impression that it would only ask for an admin password if it detected a that a new version of the helper tool needed to be installed. However, this impression is apparently incorrect. The behavior I am seeing under 10.6 is that if I launch the app for the first time, it will ask for the password. If I launch almost immediately, it won't. However, if I wait a long enough time, it will ask for the password again. During all of this, the helper tool does not change. Can anyone point to documentation that defines this as the correct behavior? Thank you. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/devlists%40shadowlab.org This email sent to devli...@shadowlab.org -- Jean-Daniel ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
Le 30 sept. 2011 à 16:01, Eric Gorr a écrit : I had a couple of followup questions concerning the approach used by SMJobBless in developing a secure helper tool. In the How It Works section in the ReadMe, it states: 4. Requiring the user to authorize the privileged helper tool only once the first time it's used This is what I believe led to my confusion on why the app continues to ask for the password every time I launch it. However, this statement actually refers to the need to just ask for the password once at application launch and have the authorization remain valid while the application is running. Is this correct? I am also wondering how it might be possible to only ask for an admin password once as an absolute regardless of the number of time the application was launched. Is this possible? If so, how? According the the SMJobBless (the function not the sample code) reference, it installs a launchd plist . So you need to auth only once to install the plist, not one time per application launch. Thank you. On Sep 29, 2011, at 4:45 PM, Eric Gorr wrote: I cannot seem to locate any documentation on this, so hopefully someone can confirm the behavior I am seeing with Apple's sample SMJobBless code located at: http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010071 I was under the impression that it would only ask for an admin password if it detected a that a new version of the helper tool needed to be installed. However, this impression is apparently incorrect. The behavior I am seeing under 10.6 is that if I launch the app for the first time, it will ask for the password. If I launch almost immediately, it won't. However, if I wait a long enough time, it will ask for the password again. During all of this, the helper tool does not change. Can anyone point to documentation that defines this as the correct behavior? Thank you. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/devlists%40shadowlab.org This email sent to devli...@shadowlab.org -- Jean-Daniel ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
On Sep 30, 2011, at 10:34 AM, Jean-Daniel Dupas wrote: Le 30 sept. 2011 à 16:01, Eric Gorr a écrit : I had a couple of followup questions concerning the approach used by SMJobBless in developing a secure helper tool. In the How It Works section in the ReadMe, it states: 4. Requiring the user to authorize the privileged helper tool only once the first time it's used This is what I believe led to my confusion on why the app continues to ask for the password every time I launch it. However, this statement actually refers to the need to just ask for the password once at application launch and have the authorization remain valid while the application is running. Is this correct? I am also wondering how it might be possible to only ask for an admin password once as an absolute regardless of the number of time the application was launched. Is this possible? If so, how? According the the SMJobBless (the function not the sample code) reference, it installs a launchd plist . So you need to auth only once to install the plist, not one time per application launch. I'm sorry, I don't see that in the documentation. An AuthorizationRef needs to be passed to SMJobBless with the kSMRightBlessPrivilegedHelper right. To get this right, one calls AuthorizationCreate and it is AuthorizationCreate that requests the password with each launch of the application.___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
Le 30 sept. 2011 à 18:14, Eric Gorr a écrit : On Sep 30, 2011, at 10:34 AM, Jean-Daniel Dupas wrote: Le 30 sept. 2011 à 16:01, Eric Gorr a écrit : I had a couple of followup questions concerning the approach used by SMJobBless in developing a secure helper tool. In the How It Works section in the ReadMe, it states: 4. Requiring the user to authorize the privileged helper tool only once the first time it's used This is what I believe led to my confusion on why the app continues to ask for the password every time I launch it. However, this statement actually refers to the need to just ask for the password once at application launch and have the authorization remain valid while the application is running. Is this correct? I am also wondering how it might be possible to only ask for an admin password once as an absolute regardless of the number of time the application was launched. Is this possible? If so, how? According the the SMJobBless (the function not the sample code) reference, it installs a launchd plist . So you need to auth only once to install the plist, not one time per application launch. I'm sorry, I don't see that in the documentation. An AuthorizationRef needs to be passed to SMJobBless with the kSMRightBlessPrivilegedHelper right. To get this right, one calls AuthorizationCreate and it is AuthorizationCreate that requests the password with each launch of the application. As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time. -- Jean-Daniel ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote: Le 30 sept. 2011 à 18:14, Eric Gorr a écrit : On Sep 30, 2011, at 10:34 AM, Jean-Daniel Dupas wrote: Le 30 sept. 2011 à 16:01, Eric Gorr a écrit : I had a couple of followup questions concerning the approach used by SMJobBless in developing a secure helper tool. In the How It Works section in the ReadMe, it states: 4. Requiring the user to authorize the privileged helper tool only once the first time it's used This is what I believe led to my confusion on why the app continues to ask for the password every time I launch it. However, this statement actually refers to the need to just ask for the password once at application launch and have the authorization remain valid while the application is running. Is this correct? I am also wondering how it might be possible to only ask for an admin password once as an absolute regardless of the number of time the application was launched. Is this possible? If so, how? According the the SMJobBless (the function not the sample code) reference, it installs a launchd plist . So you need to auth only once to install the plist, not one time per application launch. I'm sorry, I don't see that in the documentation. An AuthorizationRef needs to be passed to SMJobBless with the kSMRightBlessPrivilegedHelper right. To get this right, one calls AuthorizationCreate and it is AuthorizationCreate that requests the password with each launch of the application. As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time. It would be interesting if that is how it actually works, but I am quite certain it doesn't work that way. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
On Sep 30, 2011, at 10:05 AM, Eric Gorr mail...@ericgorr.net wrote: On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote: As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time. It would be interesting if that is how it actually works, but I am quite certain it doesn't work that way. It does. SMJobBless submits a blessed plist to launchd. It does not do one-off jobs. You use once it to install a privileged launchd task that you can talk to in the future. --Kyle Sluder___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
That's interesting. So, how would one go about checking to see whether or not SMJobBless needed to be called? I suppose one would need to check the version number of the installed job vs. the one in the application package. I also suppose one would also try to connect with the helper tool and, if that fails, then call SMJobBless. On Sep 30, 2011, at 1:40 PM, Kyle Sluder wrote: On Sep 30, 2011, at 10:05 AM, Eric Gorr mail...@ericgorr.net wrote: On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote: As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time. It would be interesting if that is how it actually works, but I am quite certain it doesn't work that way. It does. SMJobBless submits a blessed plist to launchd. It does not do one-off jobs. You use once it to install a privileged launchd task that you can talk to in the future. --Kyle Sluder ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
So, it looks like one can call SMJobCopyDictionary with kSMDomainSystemLaunchd and, in the case of the SMJobBless sample code, com.apple.bsd.SMJobBlessHelper to determine whether or not the helper tool has been installed. What I am still not sure about is how to check the version number of the tool to see if I need to call SMJobBless again to update the helper tool. I suppose I could encode the version in the label of the tool. So, in the case of the SMJobBless code, one might have: com.apple.bsd.SMJobBlessHelper.3 or something, but I'm guessing there is a better solution then this. On Sep 30, 2011, at 1:53 PM, Eric Gorr wrote: That's interesting. So, how would one go about checking to see whether or not SMJobBless needed to be called? I suppose one would need to check the version number of the installed job vs. the one in the application package. I also suppose one would also try to connect with the helper tool and, if that fails, then call SMJobBless. On Sep 30, 2011, at 1:40 PM, Kyle Sluder wrote: On Sep 30, 2011, at 10:05 AM, Eric Gorr mail...@ericgorr.net wrote: On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote: As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time. It would be interesting if that is how it actually works, but I am quite certain it doesn't work that way. It does. SMJobBless submits a blessed plist to launchd. It does not do one-off jobs. You use once it to install a privileged launchd task that you can talk to in the future. --Kyle Sluder ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/mailist%40ericgorr.net This email sent to mail...@ericgorr.net ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Question about SMJobBless
Well, it turned out to be not that bad to check the version numbers. The trick was to use CFBundleCopyInfoDictionaryForURL so one could get the info.plist from the helper tool. In any case, for those who might be interested, I have included the code below I used to check the installed helper tool vs. the current helper tool version for the SMJobBless sample application. If there is a better way, I would be interested. I suppose one more additional check that might need to be made is to verify that a connection to the tool can actually be made if the versions do match. It would seem possible that a different tool with the same name and version might exist. So, it would seem to be a good idea to check the signing requirement for the helper tool. In the case of the SMJobBless sample code, this is what I have so far: - - SecRequirementRef requirement; OSStatusstErr; stErr = SecRequirementCreateWithString( CFSTR( identifier com.apple.bsd.SMJobBlessHelper and certificate leaf[subject.CN] = \Joe Developer\ ), kSecCSDefaultFlags, requirement ); SecCodeRef theCode; stErr = SecCodeCheckValidity( theCode, kSecCSDefaultFlags, requirement ); - - However, I am not sure how to get the SecCodeRef for the installed helper tool. Any suggestions on how I can do that? Or, is this check not necessary? - - NSDictionary* installedHelperJobData = (NSDictionary*)SMJobCopyDictionary( kSMDomainSystemLaunchd, (CFStringRef)@com.apple.bsd.SMJobBlessHelper ); BOOLneedToInstall = YES; if ( installedHelperJobData ) { NSLog( @helperJobData: %@, installedHelperJobData ); NSString* installedPath = [[installedHelperJobData objectForKey:@ProgramArguments] objectAtIndex:0]; NSURL* installedPathURL= [NSURL fileURLWithPath:installedPath]; NSDictionary* installedInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)installedPathURL ); NSString* installedBundleVersion = [installedInfoPlist objectForKey:@CFBundleVersion]; NSInteger installedVersion= [installedBundleVersion integerValue]; NSLog( @installedVersion: %ld, (long)installedVersion ); NSBundle* appBundle = [NSBundle mainBundle]; NSURL* appBundleURL= [appBundle bundleURL]; NSLog( @appBundleURL: %@, appBundleURL ); NSURL* currentHelperToolURL= [appBundleURL URLByAppendingPathComponent:@Contents/Library/LaunchServices/com.apple.bsd.SMJobBlessHelper]; NSDictionary* currentInfoPlist= (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)currentHelperToolURL ); NSString* currentBundleVersion= [currentInfoPlist objectForKey:@CFBundleVersion]; NSInteger currentVersion = [currentBundleVersion integerValue]; NSLog( @currentVersion: %ld, (long)currentVersion ); if ( currentVersion == installedVersion ) { needToInstall = NO; } } On Sep 30, 2011, at 3:09 PM, Eric Gorr wrote: So, it looks like one can call SMJobCopyDictionary with kSMDomainSystemLaunchd and, in the case of the SMJobBless sample code, com.apple.bsd.SMJobBlessHelper to determine whether or not the helper tool has been installed. What I am still not sure about is how to check the version number of the tool to see if I need to call SMJobBless again to update the helper tool. I suppose I could encode the version in the label of the tool. So, in the case of the SMJobBless code, one might have: com.apple.bsd.SMJobBlessHelper.3 or something, but I'm guessing there is a better solution then this. On Sep 30, 2011, at 1:53 PM, Eric Gorr wrote: That's interesting. So, how would one go about checking to see whether or not SMJobBless needed to be called? I suppose one would need to check the version number of the installed job vs. the one in the application package. I also suppose one would also try to connect with the helper tool and, if that fails, then call SMJobBless. On Sep 30, 2011, at 1:40 PM, Kyle Sluder wrote: On Sep 30, 2011, at 10:05 AM, Eric Gorr mail...@ericgorr.net wrote: On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote: As I understand it, you have to bless the job only once, not at each launch, so you shouldn't have to request the authorization each time. It would be interesting if that is how it actually works, but I am quite certain it doesn't work that way. It does. SMJobBless submits a blessed plist to launchd. It does not do one-off jobs. You use once it to install a privileged launchd task that you can talk to in the future. --Kyle Sluder ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at
Re: Question about SMJobBless
Ok, so the code to do the code sign check I am using is below. Furthermore, I have my version of the SMJobBless app with these checks at: http://ericgorr.net/cocoadev/SMJobBless.zip The only remaining question is whether or not there is a better way or whether the code-sign check is necessary? if ( currentVersion == installedVersion ) { SecRequirementRef requirement; OSStatusstErr; stErr = SecRequirementCreateWithString( CFSTR( identifier com.apple.bsd.SMJobBlessHelper and certificate leaf[subject.CN] = \Joe Developer\ ), kSecCSDefaultFlags, requirement ); if ( stErr == noErr ) { SecStaticCodeRef staticCodeRef; stErr = SecStaticCodeCreateWithPath( (CFURLRef)installedPathURL, kSecCSDefaultFlags, staticCodeRef ); if ( stErr == noErr ) { stErr = SecStaticCodeCheckValidity( staticCodeRef, kSecCSDefaultFlags, requirement ); needToInstall = NO; } } } On Sep 30, 2011, at 4:27 PM, Eric Gorr wrote: Well, it turned out to be not that bad to check the version numbers. The trick was to use CFBundleCopyInfoDictionaryForURL so one could get the info.plist from the helper tool. In any case, for those who might be interested, I have included the code below I used to check the installed helper tool vs. the current helper tool version for the SMJobBless sample application. If there is a better way, I would be interested. I suppose one more additional check that might need to be made is to verify that a connection to the tool can actually be made if the versions do match. It would seem possible that a different tool with the same name and version might exist. So, it would seem to be a good idea to check the signing requirement for the helper tool. In the case of the SMJobBless sample code, this is what I have so far: Or, is this check not necessary? - - NSDictionary* installedHelperJobData = (NSDictionary*)SMJobCopyDictionary( kSMDomainSystemLaunchd, (CFStringRef)@com.apple.bsd.SMJobBlessHelper ); BOOLneedToInstall = YES; if ( installedHelperJobData ) { NSLog( @helperJobData: %@, installedHelperJobData ); NSString* installedPath = [[installedHelperJobData objectForKey:@ProgramArguments] objectAtIndex:0]; NSURL* installedPathURL= [NSURL fileURLWithPath:installedPath]; NSDictionary* installedInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)installedPathURL ); NSString* installedBundleVersion = [installedInfoPlist objectForKey:@CFBundleVersion]; NSInteger installedVersion= [installedBundleVersion integerValue]; NSLog( @installedVersion: %ld, (long)installedVersion ); NSBundle* appBundle = [NSBundle mainBundle]; NSURL* appBundleURL= [appBundle bundleURL]; NSLog( @appBundleURL: %@, appBundleURL ); NSURL* currentHelperToolURL= [appBundleURL URLByAppendingPathComponent:@Contents/Library/LaunchServices/com.apple.bsd.SMJobBlessHelper]; NSDictionary* currentInfoPlist= (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)currentHelperToolURL ); NSString* currentBundleVersion= [currentInfoPlist objectForKey:@CFBundleVersion]; NSInteger currentVersion = [currentBundleVersion integerValue]; NSLog( @currentVersion: %ld, (long)currentVersion ); if ( currentVersion == installedVersion ) { needToInstall = NO; } } On Sep 30, 2011, at 3:09 PM, Eric Gorr wrote: So, it looks like one can call SMJobCopyDictionary with kSMDomainSystemLaunchd and, in the case of the SMJobBless sample code, com.apple.bsd.SMJobBlessHelper to determine whether or not the helper tool has been installed. What I am still not sure about is how to check the version number of the tool to see if I need to call SMJobBless again to update the helper tool. I suppose I could encode the version in the label of the tool. So, in the case of the SMJobBless code, one might have: com.apple.bsd.SMJobBlessHelper.3 or something, but I'm guessing there is a better solution then this. On Sep 30, 2011, at 1:53 PM, Eric Gorr wrote: That's interesting. So, how would one go about checking to see whether or not SMJobBless needed to be called? I suppose one would need to check the version number of the installed job vs. the one in the application package. I also suppose one would also try to connect with the helper tool and, if that fails, then call SMJobBless. On Sep 30, 2011, at 1:40 PM, Kyle Sluder wrote: On Sep 30, 2011, at 10:05 AM, Eric Gorr mail...@ericgorr.net wrote: On Sep 30, 2011, at 1:00 PM, Jean-Daniel Dupas wrote: As I understand it, you have to bless the
Question about SMJobBless
I cannot seem to locate any documentation on this, so hopefully someone can confirm the behavior I am seeing with Apple's sample SMJobBless code located at: http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010071 I was under the impression that it would only ask for an admin password if it detected a that a new version of the helper tool needed to be installed. However, this impression is apparently incorrect. The behavior I am seeing under 10.6 is that if I launch the app for the first time, it will ask for the password. If I launch almost immediately, it won't. However, if I wait a long enough time, it will ask for the password again. During all of this, the helper tool does not change. Can anyone point to documentation that defines this as the correct behavior? Thank you. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com