Hi,
we are in the process of exploring how to create an installer for our array of apps.
We have come to the conclusion that regular .pkg installers produced by pkgbuild and productbuild are unfulfilling of our expectations. [1]
Regardless, our installer needs to place files at privileged locations (/Library/Application Support) so we are looking into how to best solve this problem, with the user having
- the largest clarity on what they are about to do (so no shady "wants to make changes" dialogs)
- the least steps to do to install these files in the right place (so no targeted
NSSavePanel-s)
Now, we have done our light reading via some nicely collected posts on the topic (https://forums.developer.apple.com/forums/thread/708765 for example) and the single missing option in the list of privilege escalation models seems to be a one-time privilege escalation from a GUI app.
Our reasons for declaring so:
AuthorizationExecuteWithPrivilegesis long deprecated and we are trying to build a futureproof solutionNSAppleScriptis just putting up a shady ("wants to make changes") dialog when trying something like this:$ osascript -e "set filePath to \"/Library/Application Support\"" -e "do shell script \"touch \" & the quoted form of filePath & \"/yyy.txt\" with administrator privileges"
Is there another way to request a one-time authorization from the admin to perform such a simple operation as copying a file to a protected location?
I know it's possible to externalize and internalize Authorization Rights, but they are just an interface to create extra rights and use them as barriers, because they don't actually pass the required right to further operations based on this documentation.
Using SMAppService to register a daemon, which has to be manually allowed by the user adds a lot to the complexity of this installation process, and is something we would like to avoid if possible. (And it's also not the right security model if we want to be honest - we don't want ongoing administrator rights and a daemon)
Is there something we haven't taken into consideration?
[1] preinstall scripts run after the choices are presented during installation and we would need advanced logic (not the limited JavaScript system/files API provided by Installer JS) - plus, the GUI is obviously very limited in a .pkg :(
Reading through your post I thought to myself “How does Sparkle do this?” So I took a look, and found a new option. I’ve just updated BSD Privilege Escalation on macOS with the details.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"