Spectacle prompts to add to Accessibility at every launch #194

Closed
mikep345678 opened this Issue Feb 26, 2014 · 11 comments

Projects

None yet

3 participants

@mikep345678

Teachers in our schools rely on Spectacle, especially for move windows between local computer and projector screen! We've begun testing OS X 10.9 for our schools in earnest (as we won't be able to purchase 10.8-compatible machines when we need replacements!) One of the hangups we're seeing is that we see the prompt to add/allow Spectacle in the Accessibility control panel at every login, regardless of user, regardless if they have already allowed! This happens even when there is already a checkbox beside Spectacle in the Accessibility control panel. Closing the control panel then allows Spectacle to "run", but it still only sort-of works-- will make that another Issue.

In Console log, am seeing the following error:

2/26/14 4:00:21.545 PM tccd[222]: Unable to verify code signing identity of com.divisiblebyzero.Spectacle:  invalid Info.plist (plist or signature have been modified)

Wondering if this is causing the TCC system to not respect the "yes permission is granted" setting?

FWIW, it appears that using the tcc_database_manager.py script ( https://github.com/univ-of-utah-marriott-library-apple/tcc_database_manager) to add Spectacle to the tcc database using

sudo tcc_database_manager.py kTCCServiceAccessibility com.divisiblebyzero.Spectacle

might work to globally allow Spectacle for all users, thus negating the need for Spectacle to prompt on launch. If that does work, I would use that in a postflight script when we deploy Spectacle to our Mac fleet (using munki)...

Thanks,
Mike

@sruon
sruon commented Mar 6, 2014

Have the same issue, tested the python script and it appears to work alright to set Accessibility option.

@eczarny eczarny added ★★ defect ★★★ and removed ★★ labels Jun 12, 2014
@eczarny
Owner
eczarny commented Jun 17, 2014

It sounds like the app package (the Info.plist specifically) was modified. Is that the case? This would undoubtedly break verification of the app's signature.

@mikep345678

Well, I'm running the following as a post-install script via munki:

#!/bin/bash

create launchagent

cat > /Library/LaunchAgents/com.divisiblebyzero.Spectacle.plist << EOT

Label com.divisiblebyzero.Spectacle.plist OnDemand ProgramArguments /Applications/Spectacle.app/Contents/MacOS/Spectacle RunAtLoad EOT

disable Spectacle autoupdate

defaults write /Applications/Spectacle.app/Contents/Info.plist
SUEnableAutomaticChecks 0
chmod -R a+r /Applications/Spectacle.app/

Ensure Spectacle launchctl is enabled

launchctl load -w /Library/LaunchAgents/com.divisiblebyzero.Spectacle.plist
launchctl unload /Library/LaunchAgents/com.divisiblebyzero.Spectacle.plist

exit 0

So, yes, am modifying Info.plist...

Is there a way to globally disable AutomaticUpdateChecks otherwise? If so,
I'm all over it!

Thank you!
Mike

On Tue, Jun 17, 2014 at 11:42 AM, Eric Czarny notifications@github.com
wrote:

It sounds like the app package (the Info.plist specifically) was modified.
Is that the case? This would undoubtedly break verification of the app's
signature.


Reply to this email directly or view it on GitHub
#194 (comment).

@eczarny
Owner
eczarny commented Jun 17, 2014

That would explain the code signing verification error. There currently isn't another way to disable automatic update checks, but it should be possible to move that configuration out of the Info.plist and into the user defaults. Changes to the app would be required.

@eczarny
Owner
eczarny commented Jun 17, 2014

In the next version of Spectacle you should be able to use the following to disable the automatic update checks:

defaults write com.divisiblebyzero.Spectacle AutomaticUpdateCheckEnabled -bool false

Would that help?

@mikep345678

Absolutely!

We certainly prefer global prefs, set one place for all users (including
being default for new users)...

Thanks,
Mike
On Jun 17, 2014 2:52 PM, "Eric Czarny" notifications@github.com wrote:

In the next version of Spectacle you should be able to use the following
to disable the automatic update checks:

defaults write com.divisiblebyzero.Spectacle AutomaticUpdateCheckEnabled -bool false

Would that help?


Reply to this email directly or view it on GitHub
#194 (comment).

@eczarny
Owner
eczarny commented Jun 17, 2014

Would it also be helpful if Spectacle were to support managed environments? This way Spectacle can actually disable features and preferences (such as checking for updates, or disabling Spectacle's login item).

@mikep345678

We're currently "curating" our users experience with a little MCX and
defaults-setting. We absolutely prefer to be able to disable auto-updates
and manage updates through munki. I despise when apps add themselves to
users' "launch on login", absolutely preferring launchagents (as evidenced
by our deployment postflight).

I could imagine it being nice if we could globally define alternate
shortcut keys, but at this point most of our users are happy with the
defaults.

We primarily use spectacle to move windows between Macbook and projector
and back when on extended display mode, and to maximize. We're hooked and
are excited to be seeing 10.9 supported...

Mike
On Jun 17, 2014 4:52 PM, "Eric Czarny" notifications@github.com wrote:

Would it also be helpful if Spectacle were to support managed
environments? This way Spectacle can actually disable features and
preferences (such as checking for updates, or disabling Spectacle's login
item).


Reply to this email directly or view it on GitHub
#194 (comment).

@eczarny
Owner
eczarny commented Jun 18, 2014

I'll do what I can to make it easier on you! For now I think this change should help. I should hopefully have a new version of Spectacle out in the next few days (including the change to disable automatic update checks via user defaults). Mind if I close this issue out?

@mikep345678

Perfect! Thanks for your attention to this!

Mike

On Tue, Jun 17, 2014 at 8:52 PM, Eric Czarny notifications@github.com
wrote:

I'll do what I can to make it easier on you! For now I think this change
should help. I should hopefully have a new version of Spectacle out in the
next few days (including the change to disable automatic update checks via
user defaults). Mind if I close this issue out?


Reply to this email directly or view it on GitHub
#194 (comment).

@eczarny eczarny closed this Jun 19, 2014
@mikep345678

Eric, am testing 0.8.5 on our 10.9 machines. Things seem to be working great! FWIW, I'm now running the following as a "postinstall script" when pushing out with munki:

#!/bin/bash

# create launchagent
cat > /Library/LaunchAgents/com.divisiblebyzero.Spectacle.plist << EOT
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.divisiblebyzero.Spectacle.plist</string>
    <key>OnDemand</key>
    <false/>
    <key>ProgramArguments</key>
    <array>
        <string>/Applications/Spectacle.app/Contents/MacOS/Spectacle</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>
EOT

# disable Spectacle autoupdate
defaults write defaults write /Library/Preferences/com.divisiblebyzero.Spectacle AutomaticUpdateCheckEnabled -bool false

# enable Spectacle in Accessibility database
sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access values ('kTCCServiceAccessibility', 'com.divisiblebyzero.Spectacle', 0, 1, 0, NULL);"

# load and unload Spectacle LaunchAgent as root to ensure that LaunchAgent is enabled
launchctl load -w /Library/LaunchAgents/com.divisiblebyzero.Spectacle.plist
launchctl unload  /Library/LaunchAgents/com.divisiblebyzero.Spectacle.plist


exit 0

Will let you know if we run into any issues...

Thank you!
Mike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment