Changed installer to address #281

[pbendersky]

Installer script will now remove blacklisted plugins, so the user is prompted to load them upon restarting Xcode. (see #281)

[jurre]

Awesome, is the preferred way to delete it or should we look into fixing the preference?

[pbendersky]

I'd just delete it. Each user will have a different setting based on the plugins they have installed.

[supermarin]

Hm,. doesn't this unblock all the plugins not just Alcatraz?

[pbendersky]

@supermarin it does. Too extreme?

[Ashton-W]

Simply deleting the whole plugins entry resets all previously allowed and denied plugin loading prompts.
I agree that this should be more sophisticated and remove the Alcatraz entry from skipped only.

It should also derive or guess the key since it has includes the Xcode version number and does change between releases and betas.

[iamcam]

I tried your plugin install script, but Xcode doesn't prompt - not sure this actually fixes anything, as all the plugins magically reappear in the same allowed/skip list. (No idea why, as I can verify that plist entry is in fact deleted)

[pbendersky]

Did you have Xcode open when you run it?

[pbendersky]

@iamcam my mistake, I included .plist at the end of the defaults domain. Should be fixed now (works here).

[iamcam]

@pbendersky Yes, that appears to fix it. Thanks!

[guillaumealgis]

I'm in favor of just removing Alcatraz from the skipped list instead of all plugins, and maybe add a message during install warning the user of his mistake.

Alcatraz is in Xcode's skipped plugins list. By re-installing Alcatraz, it will be removed from that list. Are you sure?

Or something along those lines.

[pbendersky]

I think the installer should re-enable all plugins.

Picture this case:

1. A user installs Alcatraz
2. That user uses Alcatraz to install 3 plugins.
3. He updates Xcode, and it disables the 4 bundles.
4. He reinstalls Alcatraz.

Here we have two options:
A. We enable only Alcatraz, leaving him with an installation that doesn't work (Alcatraz works but the plugins he installed with it don't)
B. We reenable all bundles, leaving him as he was in step 2, with Alcatraz and the plugins working.

From these two, I pick option A.

Ideally, the installer should reenable bundles for Alcatraz and the plugins its managing, big I think we can assume all of them were installed through Alcatraz if the user has it installed.

[guillaumealgis]

Don't you mean "I pick option B" ? ;)

I mostly agree with your example, but re-enabling all plugins completely defeat the purpose of the new Xcode prompt. This could:

• Be a security problem, if we re-enable a malicious plugin which was disabled by Xcode;
• Piss off Apple, which could be less tolerant with the plugin community.

I don't think Apple implemented this blacklist prompt/mechanism just for fun, and there's probably a real issue being addressed here.
IMO the "right way" is to re-enable Alcatraz only (because that's what the user explicitly asked for when running the install script), and display some kind of UI in Alcatraz to signal blacklisted plugins (see my reply on #283 (comment)).

[pbendersky]

Sorry, yes, meant to pick option B.

I agree that having the UI to flag blocked plugins is the ideal solution. In the meantime, though, I would remove everything from the blacklist.

[iamcam]

Can we not keep track of which plugins Alcatraz has installed? That seems the most straightforward way to manage user expectations and not skirt Apple's intended security.

[guillaumealgis]

#315 took care of this issue.