Can an OSX app store app install a browser extension - macos

I'm working for a client that is getting an OSX app ready for release. They have a stand-alone app that installs browser extensions for the major browsers.
Their new version will be an app store app.
Is it possible to drive the process of installing a browser extension from an OSX app store app? From what I've seen, you have to lead the user to download the extension and then open it from the finder or from the browser's list of downloaded files.
This makes for a rather disjointed, error-prone installation process. The user can fail to download the file, can fail to open the file, or can fail to return to the app to complete the installation process. All of those things are bad, especially since this app is going to be free, with optional paid upgrades. If the user doesn't complete the installation process, my client loses them as a potential upgrade (paid) client.

As of v25 Google Chrome implemented security features which would prevent any extensions installed offline by a 3rd party application from being activated without first being approved by the user via a dialog prompt in the browser.
Mozilla had implemented similar security measures over a year prior with Firefox 8
It's likely been patched by now, but it was reported that you could bypass Firefox security measures and accomplish a silent extension installation by copying the extension directly into the Firefox extension directory and add a record of it to the browsers Sqlite3 database. The database record involves adding a boolean true value to a property which specifies if the add-on has been approved or not.
Later versions of Firefox switched to using JSON rather than the Sqlite database and a similar process was still possible.
If I understand your question correctly.. This is potentially feasible regardless of vendor security but impossible for any public production level application due to such security because it will never be stable.
Vendors have a high priority in locking processes like this done to prevent potentially malicious 3rd party code. Interested in the subject I came across a few possibilities. I can't guarantee whether or not any of these will work but perhaps it will lead you in the right direction..
I would try to do this will Applescript to automate the user actions or potentially guide the user through the process.
You can open the extension with
[[NSWorkspace sharedWorkspace] openFile:#"path/to/myextension.safariextz" withApplication:#"Safari"];
but that only gets you started.
An alternative possibility was mentioned here: https://stackoverflow.com/a/4393062/1922144
And then there was a discussion here that seems worth noting.. https://discussions.apple.com/thread/3067552?tstart=0
safari.msi /i /qn BypassDefaultBrowserCheck=true

Related

How to distribute an update for an nw.js app

With the forthcoming demise of Chrome Web Store Apps, I have successfully transitioned my app to nw.js I was amazed at how easy it was and how it ran first time. About the only tricky thing I encountered was how to get my app icon showing on mac.
However I am somewhat worried about app updates. Does anyone know what happens to persistent data (indexed-DB etc) when a user updates a nw.js app with a new version that I publish to my web site for download?
Also if anyone can help me with how to achieve automatic updates. I mean the full works here. What code is needed to check for an update, what code do I need to write to deliver the update, what code is needed to install the update. Chrome did all of this for me and I know absolutely nothing about server side coding.
For mac there is a mac store support:
http://docs.nwjs.io/en/latest/For%20Users/Advanced/Support%20for%20Mac%20App%20Store/
IndexedDb, localstorage, etc. will persists until the app name will not change.
For automatic updates:
There is an ongoing pull request going on for auto updater.
https://github.com/nwjs/nw.js/pull/5722
Till then, the easiest way for auto update Your application code is to host your app code on the web and open the web page with nw.js.
If You want to autoupdate the nw.js itself then you will have to provide an installer for that and tell the user to download and run the installer if there is a new update.
The documentation (http://docs.nwjs.io/en/latest/For%20Users/Advanced/Autoupdates/#autoupdates) recommends node-webkit-updater and nwjs-autoupdater. Wherein node-webkit-updater the oldest solution, which is not maintained anymore. It's also has flaws (e.g. unpack via unsigned unzip and system specific apps)
As for the second one (nwjs-autoupdater), I personally do not like the idea to install golang just to have my NWJS app autoupdate...
As an alternative one can consider https://github.com/dsheiko/nw-autoupdater
It provides an API (like node-webkit-updater, but cleaner with use of async/await) to customize auto-update flow in one's app including download/install progress

Uninstalling items installed by an .app when user deletes it, including SMJobBless helpers

The short version: is it possible to delete helper tools which were set up by the app (SMJobBless() etc.) when the app is deleted? If so, how?
The long version:
The Mac app we are developing unfortunately requires admin privileges to perform an occasional operation, and it also requires a background task to be live for other apps' plugins to connect to even when the app itself isn't running (this one can be unprivileged). The app will be signed with a Developer ID certificate, and distributed only outside the App Store.
We'd like the app to be a "good citizen" as far as possible, also on uninstall.
For the background task, we're using a login item, created using SMLoginItemSetEnabled(). This isn't amazing, because XPC messaging doesn't seem to work (we're using CFMessagePort instead - alternative suggestions welcome), but if the user deletes the app, the login item at least doesn't get loaded anymore on next login. I suspect there's still a trace of it somewhere in the system, but the executable inside the .app bundle is used, and when that disappears, the login item no longer runs.
For the occasional operation requiring admin rights, we've got a privileged helper tool which our app installs using SMJobBless(), and which implements a named XPC service, so the task spins up on demand when it receives a message from the main app. This is what Apple recommends and describes in its Even Better Authorization Sample.
The helper executable is copied to /Library/PrivilegedHelperTools/ by SMJobBless(), and the embedded launchd.plist ends up in /Library/LaunchDaemons/. Even though the OS has the information on which app "owns" the helper, it doesn't seem to uninstall it when the user deletes the app. Apple's sample is silent on uninstalling, other than the uninstall.sh script which is apparently intended to be used during development only. We don't need this helper while the app isn't running, so installing it as a full-blown launch daemon is slightly overkill, but we'd also like to avoid repeatedly annoying the user with the password prompt too. Besides, Apple advises against other forms of running code with admin privileges than SMJobBless() these days - for example SMJobSubmit() is marked deprecated.
So how do we clean up after ourselves?
I've found SMJobRemove(), but (a) when would we call that in our case - you can't run code on .app bundle deletion, or can you? and (b) it doesn't actually seem to clean up.
The only 2 things I can think of are not terribly satisfying:
Some kind of uninstaller app or script. But that seems pretty ugly too.
Don't worry about it and just leave a mess behind when the user deletes our app.
Update:
There have been some changes in this area with macOS 13.0 Ventura; there's an introduction to the new mechanism in the WWDC22 session 'What’s new in privacy'. The new SMAppService APIs support automatic cleanup for daemons, agents and login items. Unfortunately you'll of course still have to find a workaround for any older macOS versions you support.
Original answer:
There has been a similar question on the Apple Developer Forums at https://forums.developer.apple.com/thread/66821 - the recommendation by Apple is a manual uninstall mechanism, and consuming as few resources as possible if the user does not do this.
Apple DTS staff further recommended implementing a self-uninstall mechanism in the privileged launch daemon, to be triggered from the app via XPC. This is what we're going with.
I think the only solution you have right now is to use the uninstall shell code that you mentioned in order to physically remove the privileged helper from disk or to build an uninstaller for it. Either way you will have to ask the user to enter his/her password. This what all installers / uninstallers that require privileged access to the system do, and for a very good reason. That's why I avoid like the plague to use privileged helpers, but I understand that sometimes you really have to. I don't think it is good that you leave such a helper in the user's system, because it will reload next time the user starts up the computer.
I just checked ServiceManagement.h header and they state that SMJobRemove will be replaced by an API that will be made available through libxpc in the future. (Sometimes you really need to go to the headers to get extra info that the documentation does not give you.) Hopefully this promised replacement will uninstall it for us. However, I'd file a bug report and ask for that enhancement.
One solution you could consider is to include an uninstaller script or program in your .app bundle.
You can then pass the path of this small tool to your helper tool (via IPC) and have the execute the the uninstaller, thereby deleting itself. You will have to be careful that components are removed in the right order but it can be made to work.
You're correct that Apple does not provide an API to uninstall a helper tool installed with SMJobBless nor do they do so automatically. As for why macOS doesn't automatically do an uninstall, my educated guess is because macOS fundamentally doesn't have a unified concept of "install". While it's convention for apps to be located in /Applications (and a few other locations), it's perfectly valid for apps to be located and run from anywhere on the system including external drives and network drives. For example should macOS uninstall helper tools when apps disappear because the drive they're on is disconnected?
In terms of how to uninstall, doing so requires root permission and so realistically have the helper tool itself do the uninstall is the easiest option. You can have your app via XPC tell the helper to uninstall itself. Here's an example in Swift of how to do this; it's part of SwiftAuthorizationSample. The basic idea is:
Use the launchctl command line tool to unload the helper tool
Delete the helper tool executable
Delete the helper tool launchd plist
But there's a bit of additional complexity involved because launchctl won't let you unload a running process.

Redmine on Windows 8

Trying to install Redmine on Windows 8 on this tutorial. Getting this errors:
Tried Bitnami's installer too, but I already have IIS Web Server and don't need the bundled Apache webserver. The installer doesn't give me to choose it's components. It installs Apache by default. So, Bitnami's Redmine is not for me.
What am I missing?
Is there any other good bug & request tracking software? Please don't Google and advise me to some random results. Advise something that you used and really good as Redmine
Once you get the error above, make sure that new WebSite's AppPool has write access to site's folder on the harddrive to complete the install process.
Then open the website in a browser and the installation will complete.
Set security accordingly after the install completes.
Use WebIssues multi-platform bug & request tracking software that fits all your needs instead of Redmine.
WebIssues is an open source, multi-platform system for issue tracking and team collaboration. It can be used to store, share and track issues with various attributes, comments and file attachments. It is easy to install and use but has many capabilities and is highly customizable.
Main features:
The Desktop Client application can run natively on Windows, Linux
and OS X
The Web Client can be used to access the system using a web browser
The server can be installed on any host with PHP 5.2 or newer and
MySQL, PostgreSQL or SQL Server
Issues can be filtered using public and personal views with
configurable filtering criteria
Email notifications can be sent and the Desktop CLient can
periodically check for new and modified issues meeting various
criteria
Various reports can be printed directly from the Desktop Client or
exported as HTML and PDF documents

How do I deploy my xcode webplugin for safari?

I have a c project built into a .webplugin that works when I install it manually (i.e. copy it to the Library/Internet Plug-Ins folder) but how do I get this to users who visit the web site most expediently? From my investigation it sounds like one must build an installer that a user must download (as with flash, quicktime).
-Is there any way for it to install via the browser (Safari) as Activex controls do in IE?
-If I must build an installer, how would I begin?
-If I must use an installer, is there any way to detect if the plugin is already installed so that I can prompt the user accordingly?
Thanks very, very much for your time. This has been such a thorn in my side!
Is there any way for it to install via the browser (Safari) as Activex controls do in IE?
No. IE no longer supports this behavior for ActiveX anyway, as allowing any web site to install software on a user's computer is a massive security vulnerability.
Note in general that requiring an Internet Plugin to view your site will end up turning away a lot of viewers. Unless your web application has some really unusual needs, I'd question whether this is necessary -- JavaScript is capable of some really impressive things nowadays.
If I must build an installer, how would I begin?
Start here: PackageMaker User Guide (Mac OS X Developer Library)
If I must use an installer, is there any way to detect if the plugin is already installed so that I can prompt the user accordingly?
If you build an installer using PackageMaker, I believe the installer will detect this situation automatically.

How to Suppress the keychain prompt when the app modified?

Hi Im using Mac 10.5.8 . In my app im using my own keychain(created by me), but my actual question is when I modify my code in the app every time a prompt is appearing, saying that the present app is modified do you want to allow or not.Can any one tell how to supress this prompt(allow by default when ever I change the app).I couldn't find the solution in the documentation.
The Keychain has a list of trusted applications, and this list includes a hash digest for the application. When the application changes, it becomes untrusted again. This also happens with "big" applications like Camino.
There are two special measures to reduce this: When a shared library gets updated, the system will keep track of this and accept the application even after the update. Also, when Software Update updates an app, it will fix the digests as well (which is why Apple's own apps can get away without re-confirmation).
Update: If you sign your code, Keychain will also accept updated applications (signed with the same certificate).

Resources