Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XPC Service Integration Changes #1814

Closed
zorgiepoo opened this issue Apr 4, 2021 · 0 comments
Closed

XPC Service Integration Changes #1814

zorgiepoo opened this issue Apr 4, 2021 · 0 comments

Comments

@zorgiepoo
Copy link
Member

zorgiepoo commented Apr 4, 2021
edited
Loading

After #1812 (a necessary bit) and #1813 lands, I want to change guidance on our sandboxing docs to make the org.sparkle-project.InstallerStatus.xpc and org.sparkle-project.InstallerConnection.xpc services optional, and instead encourage developers to adopt these entitlements to their application:

<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
    <string>$(PRODUCT_BUNDLE_IDENTIFIER)-spks</string>
    <string>$(PRODUCT_BUNDLE_IDENTIFIER)-spki</string>
</array>

The temporary bit in the entitlement is in context to being approved in the App Store but that's not a problem for Sparkle applications.

I think this is a better default approach than having these services spawn to communicate to the installer or progress agent tool.

In an unusual constrained environment where sandbox entitlements cannot be changed (eg due a plug-in inheriting a sandbox), the services may still be useful to provide as an option however. Also they might be useful to keep for developers that won't read updated instructions and accidentally break their app.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zorgiepoo