PackageKit sandbox influencing app launch on postinstall script

We have a macOS app built using a custom installer.

I’d like to clarify what you mean by “custom installer”. Is this a installer package (

.pkg

) file that’s installed using the Apple installer?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Correct. We use productbuild to generate the final .pkg out of several smaller .pkg files, a preinstall script, and a postinstall script.

OK.

How does your

postinstall

script launch the helper app?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Our

postinstall

script is pretty straightforward. It writes a trace message to the log and simply calls

open

:

#!/bin/sh function log {  read message  syslog -s -k \    Facility "com.apple.console" \    Level "Notice" \    Sender "Postinstall script" \    Message "${message}" } echo "Running postinstall script" | log open /Applications/Host.app/Contents/Resources/Helper.app exit 0

This starts the Helper app using the identity of the user who ran the installer.

However, when the Helper app asks for the

TMPDIR

env var it gets the

TMPDIR

of the installer sandbox, instead of the usual

/var/folders/b9/[random string]/T/

folder. This is a problem as the Helper app needs a valid temp path to create temp items, yet the installer sandbox

TMPDIR

value is no longer a valid file path by the time the Helper app needs to use it.

How could I run the Helper app such that it has a proper

TMPDIR

? I've considered scheduling the call to

open

but I wasn't sure if that would break out of the sandbox.

ps: how can I format multi-line code snippets without the editor trying to force it into a paragraph? I've spent several minutes trying to pretty print my code to no avail.

This starts the Helper app using the identity of the user who ran the installer.

This approach is problematic, the issue being that there’s no guarantee that there is an appropriate user running your installer. In managed environments the installer may be run by the management system when no user is logged in.

Still, lots of folks do this, so presumably there’s some standard practice for it. I don’t provide day-to-day support for installers, so I’m not up to speed on that. My recommendation is that you open a DTS tech support incident and discuss this with our installer specialist.

ps: how can I format multi-line code snippets without the editor trying to force it into a paragraph?

*sigh*

Unfortunately I don’t have any direct experience to contribute here because I don’t use the built-in editor (see this post for an explanation of my workflow).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"