I have a shell script which does this:
#!/bin/bash
ls -la "$HOME/Pictures/Photos Library.photoslibrary"
When I run this script in the shell it works fine. If I define a LaunchAgent (under $HOME/Library/LaunchAgents) which executes this script, I get the following error message:
ls: Photos Library.photoslibrary: Operation not permitted
My real script is invoking HashBackup (hb) which results in the same kind of error on all those "protected" folders (pictures, address book, etc...). But I was able to reproduce with a simple ls.
What am I supposed to do to fix this?
This is on macOS 10.14.6.
Thanks
Thanks to Gordon comment, I was able to follow the steps and fix my issue. The steps that actually worked for me are these ones.
For the sake of a more complete solution, here is a small CMake based solution:
main.cpp
#include <iostream>
int main()
{
std::cout << "Wrapper app which is authorized for full disk access so that the shell script can run with the same permission" << std::endl;
return 0;
}
backup_argon.sh
#!/bin/bash
# this is just a test... it should invoke hb instead
ls -la "$HOME/Pictures/Photos Library.photoslibrary"
Info.plist.in
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>${MACOSX_BUNDLE_EXECUTABLE_NAME}</string>
<key>CFBundleIconFile</key>
<string>${MACOSX_BUNDLE_ICON_FILE}</string>
<key>CFBundleIdentifier</key>
<string>${MACOSX_BUNDLE_GUI_IDENTIFIER}</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${MACOSX_BUNDLE_BUNDLE_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>${MACOSX_BUNDLE_SHORT_VERSION_STRING}</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>${MACOSX_BUNDLE_BUNDLE_VERSION}</string>
<key>CSResourcesFileMapped</key>
<true/>
<key>NSHumanReadableCopyright</key>
<string>${MACOSX_BUNDLE_COPYRIGHT}</string>
<key>LSUIElement</key>
<true/>
</dict>
</plist>
CMakeLists.txt
cmake_minimum_required(VERSION 3.19)
set(VERSION 1.0.0)
project(HashBackupLaunchAgent VERSION "${VERSION}")
set(CMAKE_CXX_STANDARD 17)
set(MACOSX_BUNDLE_BUNDLE_NAME "HashBackupLaunchAgent")
set(MACOSX_BUNDLE_GUI_IDENTIFIER "com.pongasoft.HashBackupLaunchAgent")
set(MACOSX_BUNDLE_SHORT_VERSION_STRING "${VERSION}")
set(MACOSX_BUNDLE_BUNDLE_VERSION "${VERSION}")
set(MACOSX_BUNDLE_COPYRIGHT "2021 pongasoft")
add_executable(HashBackupLaunchAgent MACOSX_BUNDLE main.cpp backup_argon.sh)
set_target_properties(HashBackupLaunchAgent PROPERTIES MACOSX_BUNDLE_INFO_PLIST "${CMAKE_CURRENT_LIST_DIR}/Info.plist.in")
set_source_files_properties(backup_argon.sh PROPERTIES MACOSX_PACKAGE_LOCATION MacOS)
Compiling this project will result in an application (HashBackupLaunchAgent.app) which I copied under /Applications.
I then gave Full Disk Access privilege to this app under System Preferences/Security & Privacy/ Privacy
I then have a LaunchAgent with the following definition:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ypujante.hashbackup.argon.plist</string>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/bin:/usr/bin:/usr/local/bin</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Applications/HashBackupLaunchAgent.app/Contents/MacOS/backup_argon.sh</string>
</array>
<key>StandardOutPath</key>
<string>/Users/ypujante/Library/Logs/HashBackup/argon.log</string>
<key>StandardErrorPath</key>
<string>/Users/ypujante/Library/Logs/HashBackup/argon.log</string>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>7</integer>
<key>Minute</key>
<integer>30</integer>
</dict>
</array>
</dict>
</plist>
Note how the launch agent definition invokes the script inside the app not the app itself. And it works: the script inherits the full disk access privilege given to the app.
Related
I've used a script in Xcode 8 / iOS 10 to generate an acknowledge section in the settings bundle.
The script producing an Acknowledgements.plist file that gives the error message
The data couldn’t be read because it isn’t in the correct format.
when I try to open it in Xcode. When I open Acknowledgements.plist file with textEdit it looks OK on first sight ...
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PreferenceSpecifiers</key>
<array>
<key>Type</key>
<string>PSGroupSpecifier</string>
<key>FooterText</key>
<string>knobcontrol</string>
<key>Type</key>
<string>PSGroupSpecifier</string>
<key>FooterText</key>
<string>knobcontrol2</string>
</array>
<key>StringsTable</key>
<string>Acknowledgements</string>
</dict>
</plist>
I've tried some of the comments according to the script but could not find what is wrong with the plist - can anybody have a look at the file? I don't have enough reputation to post comments to the script posting.
You are using <key>...</key> value pairs within an <array>.
Make it a <dict> instead:
...
<plist version="1.0">
<dict>
<key>PreferenceSpecifiers</key>
<dict> <- dict, not array
...
</dict> <- dict, not array
<key>StringsTable</key>
<string>Acknowledgements</string>
</dict>
</plist>
This question already has answers here:
How to read plist information (bundle id) from a shell script
(5 answers)
Closed 6 years ago.
I'm trying to find on a Mac computer if the current user has iCloud Documents enabled. I found the plist where this is located (MobileMeAccounts.plist), but I could use some help with creating a script that can identify if it is enabled or not.
I am specifically looking for the following code to be true:
<key>Enabled</key>
<true/>
Here is the plist. If you scroll down you'll see the "MOBILE_DOCUMENTS" with it being enabled:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Accounts</key>
<array>
<dict>
<key>AccountAlternateDSID</key>
<string>99999999</string>
<key>AccountDSID</key>
<string>999999</string>
<key>AccountDescription</key>
<string>iCloud</string>
<key>AccountID</key>
<string>*****#gmail.com</string>
<key>AccountUUID</key>
<string>9999999</string>
<key>DisplayName</key>
<string>User Name</string>
<key>LoggedIn</key>
<true/>
<key>Services</key>
<array>
<dict>
<key>Name</key>
<string>CLOUDDESKTOP</string>
<key>ServiceID</key>
<string>com.apple.Dataclass.CloudDesktop</string>
<key>status</key>
<string>active</string>
</dict>
<dict>
<key>Name</key>
<string>FAMILY</string>
<key>ServiceID</key>
<string>com.apple.Dataclass.Family</string>
<key>showManageFamily</key>
<true/>
</dict>
<dict>
<key>Enabled</key>
<true/>
<key>Name</key>
<string>MOBILE_DOCUMENTS</string>
<key>ServiceID</key>
<string>com.apple.Dataclass.Ubiquity</string>
<key>apsEnv</key>
<string>production</string>
<key>authMechanism</key>
<string>token</string>
<key>url</key>
<string>https://p48-ubiquity.icloud.com:443</string>
<key>wsUrl</key>
<string>https://p48-ubiquityws.icloud.com:443</string>
</dict>
Python includes a module for parsing plists. Probably you'll want some better error checking, but to demonstrate:
$ cat parseplist.py
import plistlib
pl = plistlib.readPlist("the_plist.xml")
print pl['Accounts'][0]['Services'][2]['Enabled']
$ python parseplist.py
True
My goal is to extend the text.html syntax with a text.html.django syntax, so (for example) Django-only autocompletes don't show up when I'm working on a non-Django html file. Same thing with source.python and source.python.django.
The Djaniero package does just this, and using PackageResourceViewer, I've copied both syntax files and saved them into my User directory (both are below).
It's not working, and I'm wondering if it's because, when Djaniero in installed, these syntaxes are listed in a category:
But when I uninstall Djaniero, my syntaxes are not showing up in that same list. I am not finding anything obvious in the Djaniero resource files on how to make this category.
How do I create this syntax category? Or if that's not the issue, what am I missing?
Thanks.
C:\Users\jeffy\AppData\Roaming\Sublime Text 3\Packages\User\syntax_definitions\Python Django.tmLanguage
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>fileTypes</key>
<array>
<string>py</string>
</array>
<key>foldingStartMarker</key>
<string>^\s*(def|class)\s+([.a-zA-Z0-9_ b]+)\s*(\((.*)\))?\s*:|\{\s*$|\(\s*$|\[\s*$</string>
<key>foldingStopMarker</key>
<string>^\s*$|^\s*\}|^\s*\]|^\s*\)</string>
<key>keyEquivalent</key>
<string>^~P</string>
<key>name</key>
<string>Python Django</string>
<key>patterns</key>
<array>
<dict>
<key>match</key>
<string>(meta|models)\.(Admin|AutoField|BigIntegerField|BooleanField|CharField|CommaSeparatedIntegerField|DateField|DateTimeField|DecimalField|EmailField|FileField|FilePathField|FloatField|ForeignKey|ImageField|IntegerField|IPAddressField|ManyToManyField|NullBooleanField|OneToOneField|PhoneNumberField|PositiveIntegerField|PositiveSmallIntegerField|SlugField|SmallIntegerField|TextField|TimeField|URLField|USStateField|XMLField)\b</string>
<key>name</key>
<string>support.type.django.model</string>
</dict>
<dict>
<key>match</key>
<string>django(\.[a-z]+){1,} </string>
<key>name</key>
<string>support.other.django.module</string>
</dict>
<dict>
<key>match</key>
<string>(ABSOLUTE_URL_OVERRIDES|ADMIN_FOR|ADMIN_MEDIA_PREFIX|ADMINS|ALLOWED_HOSTS|ALLOWED_INCLUDE_ROOTS|APPEND_SLASH|AUTHENTICATION_BACKENDS|AUTH_USER_MODEL|AUTH_PROFILE_MODULE|CACHE_BACKEND|CACHE_MIDDLEWARE_ALIAS|CACHE_MIDDLEWARE_ANONYMOUS_ONLY|CACHE_MIDDLEWARE_KEY_PREFIX|CACHE_MIDDLEWARE_SECONDS|CSRF_COOKIE_DOMAIN|CSRF_COOKIE_NAME|CSRF_COOKIE_PATH|CSRF_COOKIE_SECURE|CSRF_FAILURE_VIEW|DATABASES|DATABASE_ENGINE|DATABASE_HOST|DATABASE_NAME|DATABASE_OPTIONS|DATABASE_PASSWORD|DATABASE_PORT|DATABASE_USER|DATABASE_ROUTERS|DATE_FORMAT|DATE_INPUT_FORMATS|DATETIME_FORMAT|DATETIME_INPUT_FORMATS|DEBUG|DEBUG_PROPAGATE_EXCEPTIONS|DECIMAL_SEPARATOR|DEFAULT_CHARSET|DEFAULT_CONTENT_TYPE|DEFAULT_EXCEPTION_REPORTER_FILTER|DEFAULT_FILE_STORAGE|DEFAULT_FROM_EMAIL|DEFAULT_TABLESPACE|DEFAULT_INDEX_TABLESPACE|DISALLOWED_USER_AGENTS|EMAIL_BACKEND|EMAIL_FILE_PATH|EMAIL_HOST_PASSWORD|EMAIL_HOST_USER|EMAIL_HOST|EMAIL_PORT|EMAIL_SUBJECT_PREFIX|EMAIL_USE_TLS|FILE_CHARSET|FILE_UPLOAD_HANDLERS|FILE_UPLOAD_MAX_MEMORY_SIZE|FILE_UPLOAD_PERMISSIONS|FILE_UPLOAD_TEMP_DIR|FIRST_DAY_OF_WEEK|FIXTURE_DIRS|FORCE_SCRIPT_NAME|FORMAT_MODULE_PATH|IGNORABLE_404_ENDS|IGNORABLE_404_STARTS|IGNORABLE_404_URLS|INSTALLED_APPS|INTERNAL_IPS|JING_PATH|LANGUAGE_CODE|LANGUAGE_COOKIE_NAME|LANGUAGES|LOCALE_PATHS|LOGGING|LOGGING_CONFIG|LOGIN_REDIRECT_URL|LOGIN_URL|LOGOUT_URL|MANAGERS|MEDIA_ROOT|MEDIA_URL|MESSAGE_LEVEL|MESSAGE_STORAGE|MESSAGE_TAGS|MIDDLEWARE_CLASSES|MONTH_DAY_FORMAT|NUMBER_GROUPING|PASSWORD_HASHERS|PASSWORD_RESET_TIMEOUT_DAYS|PREPEND_WWW|PROFANITIES_LIST|RESTRUCTUREDTEXT_FILTER_SETTINGS|ROOT_URLCONF|SECRET_KEY|SECURE_PROXY_SSL_HEADER|SEND_BROKEN_LINK_EMAILS|SERIALIZATION_MODULES|SERVER_EMAIL|SESSION_ENGINE|SESSION_CACHE_ALIAS|SESSION_COOKIE_AGE|SESSION_COOKIE_DOMAIN|SESSION_COOKIE_HTTPONLY|SESSION_COOKIE_NAME|SESSION_COOKIE_PATH|SESSION_COOKIE_SECURE|SESSION_ENGINE|SESSION_EXPIRE_AT_BROWSER_CLOSE|SESSION_FILE_PATH|SESSION_SAVE_EVERY_REQUEST|SHORT_DATE_FORMAT|SHORT_DATETIME_FORMAT|SIGNING_BACKEND|SITE_ID|STATIC_ROOT|STATIC_URL|STATICFILES_DIRS|STATICFILES_FINDERS|STATICFILES_STORAGE|TEMPLATE_CONTEXT_PROCESSORS|TEMPLATE_DEBUG|TEMPLATE_DIRS|TEMPLATE_LOADERS|TEMPLATE_STRING_IF_INVALID|TEST_DATABASE_CHARSET|TEST_DATABASE_COLLATION|TEST_DATABASE_NAME|TEST_RUNNER|THOUSAND_SEPARATOR|TIME_FORMAT|TIME_INPUT_FORMATS|TIME_ZONE|TRANSACTIONS_MANAGED|URL_VALIDATOR_USER_AGENT|USE_ETAGS|USE_I18N|USE_L10N|USE_THOUSAND_SEPARATOR|USE_TZ|USE_X_FORWARDED_HOST|WSGI_APPLICATION|YEAR_MONTH_FORMAT|X_FRAME_OPTIONS)\b</string>
<key>name</key>
<string>variable.other.django.settings</string>
</dict>
<dict>
<key>match</key>
<string>(get_list_or_404|get_object_or_404|load_and_render|loader|render_to_response|render)\b</string>
<key>name</key>
<string>support.function.django.view</string>
</dict>
<dict>
<key>match</key>
<string>[a-z_]+\.get_(object|list|iterator|count|values|values_iterator|in_bulk)\b</string>
<key>name</key>
<string>support.function.django.model</string>
</dict>
<dict>
<key>include</key>
<string>source.python</string>
</dict>
</array>
<key>scopeName</key>
<string>source.python.django</string>
<key>uuid</key>
<string>5326D56C-6F76-4758-8DB7-D818527919AC</string>
</dict>
</plist>
C:\Users\jeffy\AppData\Roaming\Sublime Text 3\Packages\User\syntax_definitions\HTML (Django).tmLanguage
This file is enormous. Here it is as a dpaste.
It turns out a "User" category was automatically created. I just didn't notice it.
I am sandboxing an osx app that uses scripting bridge to access iTunes.
for(iTunesFileTrack* track in fileTracks)
{
//url is nill in sandbox mode but good value in non sandbox mode
NSURL* url = [track location];
NSString* sourceFile = [[track location] path];
if(sourceFile == nil)
{
NSLog(#"Sourcefile for the track %# was nil", track);
continue;
}
}
nil is returned, I am using following entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.assets.movies.read-write</key>
<true/>
<key>com.apple.security.assets.music.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.scripting-targets</key>
<dict>
<key>com.apple.iTunes</key>
<array>
<string>com.apple.iTunes.device</string>
<string>com.apple.iTunes.library.read</string>
<string>com.apple.iTunes.library.read-write</string>
<string>com.apple.iTunes.playback</string>
<string>com.apple.iTunes.podcast</string>
<string>com.apple.iTunes.user-interface</string>
</array>
</dict>
<key>com.apple.security.temporary-exception.apple-events:before:10.8</key>
<array>
<string>com.apple.itunes</string>
</array>
</dict>
</plist>
The console shows following violation
iTunes[1592]: AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event core/getd from process 'TestiTunesAccess'/0x0-0x4d04d, pid=1789, because it is not entitled to send an AppleEvent to this process.
it works fine in 10.7 and location is returned OK, but in 10.8 and 10.9 because the scripting-target entitlement is active, I can iterate the library but location of track is nil, why is that so ? if I just use temporary exception and remove the part:before10.8 then it works.
But since apple recommends we use scripting target in 10.8+ and not temporary exception entitlements, I am using the recommended ones. any help would be highly appreciated.
I fixed this by adding a temporary exception for iTunes, as shown in this answer.
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.iTunes</string>
</array>
I'm working on my first PopClip extension using AppleScript. I'm getting the following error when trying to install the Extension:
**
Cannot Install Extension
The path /Users/myuserdirectoryname/Desktop/ReminderNote.popclipext does no contain a valid PopClip extension.
Reason: No such file: (null)
**
I have narrowed down the problem to my AppleScript info in the Config.plist. Or so I think. When I remove the following from the Config.plist file, the extension loads fine. When I add these two lines, the error returns.
<key>AppleScript File</key>
<string>ReminderNote.applescript</string>
My ReminderNote.popclipext package includes 3 files:
Config.plist,
ReminderNote.applescript,
ReminderNote.png
Here is the full Config.plist, in case that will help.
thanks for any tips or guidance -- jay
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Version</key>
<integer>1</integer>
<key>Extension Name</key>
<string>ReminderNote</string>
<key>Extension Identifier</key>
<string>com.jel.ReminderNote</string>
<key>Extension Description</key>
<string>Create linked Reminder to Evernote using the selected text.</string>
<key>Extension Image File</key>
<string>ReminderNote.png</string>
<key>Actions</key>
<array>
<dict>
<key>Title</key>
<string>Reminder Note</string>
<key>AppleScript File</key>
<string>ReminderNote.applescript</string>
<key>Image File</key>
<string>ReminderNote.png</string>
<key>Long Running</key>
<true/>
</dict>
</array>
</dict>
</plist>
I think this could be some kind of filesystem caching bug within PopClip. Try quitting PopClip and restarting it