adding support for running login items as root. Useful when an admin …

…wants privileged items to be processed at login instead of boot. Example: installing a pkg that requires the user to be logged in.

Makefile

@@ -1,5 +1,5 @@
 PKGTITLE="outset"
-PKGVERSION="2.0.4"
+PKGVERSION="2.0.5"
 PKGID=com.github.outset
 PROJECT="outset"
 

pkgroot/Library/LaunchDaemons/com.github.outset.login-privileged.plist

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>com.github.outset.login-privileged</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/usr/local/outset/outset</string>
+    <string>--login-privileged</string>
+  </array>
+  <key>KeepAlive</key>
+  <dict>
+     <key>PathState</key>
+     <dict>
+       <key>/private/tmp/.com.github.outset.login-privileged.launchd</key>
+       <true/>
+     </dict>
+  </dict>
+  <key>OnDemand</key>
+  <true/>
+</dict>
+</plist>

pkgroot/usr/local/outset/outset

@@ -22,7 +22,7 @@ boot, on demand, and/or login.
 ##############################################################################
 
 __author__ = 'Joseph Chilcote (chilcote@gmail.com)'
-__version__ = '2.0.4'
+__version__ = '2.0.5'
 
 import argparse
 import datetime
@@ -43,14 +43,20 @@ boot_every_dir = os.path.join(outset_dir, 'boot-every')
 boot_once_dir = os.path.join(outset_dir, 'boot-once')
 login_every_dir = os.path.join(outset_dir, 'login-every')
 login_once_dir = os.path.join(outset_dir, 'login-once')
+login_privileged_every_dir = os.path.join(outset_dir, 'login-privileged-every')
+login_privileged_once_dir = os.path.join(outset_dir, 'login-privileged-once')
 on_demand_dir = os.path.join(outset_dir, 'on-demand')
 share_dir = os.path.join(outset_dir, 'share')
 outset_preferences = os.path.join(share_dir, 'com.chilcote.outset.plist')
 on_demand_trigger = '/private/tmp/.com.github.outset.ondemand.launchd'
+login_privileged_trigger = '/private/tmp/.com.github.outset.login-privileged.launchd'
 cleanup_trigger = '/private/tmp/.com.github.outset.cleanup.launchd'
 
 if os.geteuid() == 0:
     log_file = '/var/log/outset.log'
+    console_uid = SCDynamicStoreCopyConsoleUser(None, None, None)[1]
+    run_once_plist = os.path.join('/usr/local/outset/share',
+            'com.github.outset.once.' + str(console_uid) + '.plist')
 else:
     if not os.path.exists(os.path.expanduser('~/Library/Logs')):
         os.makedirs(os.path.expanduser('~/Library/Logs'))
@@ -195,9 +201,11 @@ def install_package(pkg):
     (out, err) = proc.communicate()
     if err:
         logging.info('Failure installing %s: %s', pkg_to_install, err)
+        return False
     if dmg_mount:
         time.sleep(5)
         detach_dmg(dmg_mount)
+    return True
 
 def install_profile(pathname):
     '''Install mobileconfig located at given pathname'''
@@ -264,7 +272,12 @@ def process_items(path, delete_items=False, once=False, override={}):
             d = {}
 
     for package in packages:
-        install_package(package)
+        if once:
+            if package not in d:
+                if install_package(package):
+                    d[package] = datetime.datetime.now()
+        else:
+            task = install_pkg(package)
         if delete_items: cleanup(package)
 
     for profile in profiles:
@@ -304,6 +317,8 @@ def main():
                        help='Used by launchd for scheduled runs at boot')
     group.add_argument('--login', action='store_true',
                        help='Used by launchd for scheduled runs at login')
+    group.add_argument('--login-privileged', action='store_true',
+                       help='Used by launchd for scheduled privileged runs at login')
     group.add_argument('--on-demand', action='store_true',
                        help='Process scripts on demand')
     group.add_argument('--login-every', action='store_true',
@@ -349,6 +364,8 @@ def main():
                                boot_once_dir,
                                login_every_dir,
                                login_once_dir,
+                               login_privileged_every_dir,
+                               login_privileged_once_dir,
                                on_demand_dir,
                                share_dir]
 
@@ -388,6 +405,20 @@ def main():
                 process_items(login_once_dir, once=True, override=override_login_once)
             if os.listdir(login_every_dir):
                 process_items(login_every_dir)
+            if os.listdir(login_privileged_once_dir) or os.listdir(login_privileged_every_dir):
+                open(login_privileged_trigger, 'a').close()
+        else:
+            logging.info('Skipping login scripts for user %s', console_user)
+
+    if args.login_privileged:
+        if os.path.exists(login_privileged_trigger):
+            cleanup(login_privileged_trigger)
+
+        if console_user not in ignored_users:
+            if os.listdir(login_privileged_once_dir):
+                process_items(login_privileged_once_dir, once=True, override=override_login_once)
+            if os.listdir(login_privileged_every_dir):
+                process_items(login_privileged_every_dir)
         else:
             logging.info('Skipping login scripts for user %s', console_user)
 

scripts/postinstall

@@ -5,6 +5,7 @@
 
 /bin/launchctl load /Library/LaunchDaemons/com.github.outset.boot.plist
 /bin/launchctl load /Library/LaunchDaemons/com.github.outset.cleanup.plist
+/bin/launchctl load /Library/LaunchDaemons/com.github.outset.login-privileged.plist
 
 user=$(/usr/bin/stat -f '%u' /dev/console)
 [[ -z "$user" ]] && exit 0