New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow non-admin accounts to update QS in protected directories. Fixes #521 #1159
Conversation
Modifications include: * Remove unrequired #imports * Replace SULog() with NSLog()
* Tidy up and remove unused methods in NSApplication_BLTRExtensions * Use the Sparkle method for copying with authentication as defined n SUPlainInstallerInternals * Tidy up and remove unused methods from QSUpdateController * Add extra checks to ensure the update is successful (no more silently dying) * Add an extra step in the install/update process: copy the update to a writable location (App Support folder) * Required so that the permissions can correctly be set on the new update and 'moved' to the right location
…n NSDictionary is just too difficult to remember)
P.S. you may need to |
Just trying it under my normal account to start and I get "It was not possible to decompress downloaded file." It appears to download something, but I'm not sure where it's dumping the file, so I can't verify. Also, probably outside the scope of this pull request, but nothing in |
I've only touched the |
OK, updating from my admin account works. Trying with a non-admin user will have to wait until later. |
I got a chance to test this and it seems to work as advertised. I am concerned about these two lines:
Both of those paths are created using Also, I see that All in all nice, though. :-) |
Good points, I've made the changes as you suggest.
I assume you meant -(NSString *)installAppFromDiskImage:(NSString *)path; Returning anything signals to the calling method that it went OK. Probably having a BOOL is as simpler option, so I've done this |
Yeah, sorry. Xcode doesn't parse that file correctly for some reason, so it was showing the wrong method up top. Code looks good, but enough has changed that I feel like I need to actually test the process again, so I'll try to do that later. |
I was going to, but my head started hurting so I went back to bed. I hoped Thanks On 25 October 2012 13:21, Rob McBroom notifications@github.com wrote:
|
Anything to keep me away from these plug-ins. I hate dealing with compilers and headers and crap. :-) |
Allow non-admin accounts to update QS in protected directories. Fixes #521
Finally :)
Only took me all weekend…!
Background info on Auth:
Apple is deprecating everything under the sun that allows apps to run in a 'privileged' environment. The currently recommended way is to use a helper app and communicate with this app using XPC or similar (NSMachPorts). See the SMJobBless example project for a little more info.
I chose to use Sparkle to deal with our authentication problems as I thought I'd be an easy solution, unfortunately, they are also using the deprecated methods (as of 10.7) for authentication. Looks like they haven't gone down the route of privileged helper apps (which require independent code signing… ugh!) yet.
I've decided to stick with it. The methods are deprecated, but hopefully if we still close to Sparkle this method won't die too soon
Background on Sparkle:
Since Sparkle is such a large framework, and we only really need one method, I have removed the submodule and added only the required (and butchered) files.
The files have been modified as little as possible, just enough so we don't have to #import the whole project. Hopefully they're still mostly intact that we can easily alter them as Sparkle alter their files.
So background aside, this pull means non admin users can download an update of QS to a protected directory, and be prompted with a dialogue asking for an admin password.
You may notice that in QSUpdateController the following steps are taken
Application support/Quicksilver
The reason for step 2 is that the .dmg temp folder is read-only, so chown and move methods don't work on it (What Sparkle uses)
To test this:
Sorry for the epic pull message, just… there's a lot to say, and a lot of reasoning behind the few changes!