Creating a privileged helper to support automatic updates

I have an application that is being deployed outside of the AppStore using a PKG installer. Since our application has to be deployed outside the AppStore (for enterprise configuration requirements) we also need to handle updates outside the AppStore. I understand that SMJobBless function is now deprecated which seems to be how much open source software is implementing their privileged helpers namely Firefox.

However, since I am already deploying my software using a PKG installer why should I use SMJobBless or the new version SMAppService rather than adding additional functionality to my postinstall script that will set up a LaunchDaemon to handle my automatic updates?

The main issues that come to mind for me is that if a user were to delete our application rather than running the uninstall script the LaunchDaemon would still persist. Therefore we will likely need to handle that scenario and either have the LaunchDaemon recognize that and remove itself, or exit and do nothing. Additionally, I would be missing out on the security benefits that a service like SMJobBless provides by only allowing my AuthorizedClient to execute the privileged helper.

On the other hand at least my LaunchDaemon would consistently work with older versions of macOS and I wouldn't be locked in to either supporting both SMJobBless and SMAppService or supporting only systems running macOS 13+.

What have other people done to handle automatic updates when they can't deploy through the AppStore? Is just creating a LaunchDaemon a common path? How do people typically handle removing the LaunchDaemon if their application is uninstalled?

Answered by DTS Engineer in 786542022

There’s two parts to this:

  • Distributing outside of the App Store

  • Distributing to managed organisations

These are related, but they’re not the same thing. For example, managed organisation really like installer packages because they work well with various management tools. OTOH, normal users often value the ability to drag install things, which is why we have SMAppService (and the older SMJobBless).

I think you need to decide which of these audiences you favour, or whether you want to support both. Because that choice has knock-on effects. For example, managed organisations typically don’t need or want an automatic software update mechanism, because they want to be in control of the version of the software installed on their devices. If they want their devices to run a new version, they’ll push that via their management tools.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

There’s two parts to this:

  • Distributing outside of the App Store

  • Distributing to managed organisations

These are related, but they’re not the same thing. For example, managed organisation really like installer packages because they work well with various management tools. OTOH, normal users often value the ability to drag install things, which is why we have SMAppService (and the older SMJobBless).

I think you need to decide which of these audiences you favour, or whether you want to support both. Because that choice has knock-on effects. For example, managed organisations typically don’t need or want an automatic software update mechanism, because they want to be in control of the version of the software installed on their devices. If they want their devices to run a new version, they’ll push that via their management tools.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Creating a privileged helper to support automatic updates
 
 
Q