Installing a command line tool from my sandboxed Mac app

Hi there,


I'd like to ship an optional command line tool along with my sandboxed Mac app which I distribute through the Mac App Store and on my Website.


The user can chose to install the command line tool from within the host app to

/usr/local/bin/CommandLineTool


I do this by creating a symlink at that location that links to the command line tool in my app's bundle:

FileManager.default.createSymbolicLink(at: self.commandLineToolInstallationURL,
withDestinationURL:self.commandLineToolURL)


For this to work in a sandboxed app I have to use NSWorkspaceAuthorization and request an authorization of the type NSWorkspaceAuthorizationTypeCreateSymbolicLink.


Here is my final code:


NSWorkspace.shared.requestAuthorization(to: .createSymbolicLink) { authorization, authorizationError in
               
    if let error = authorizationError {
        DispatchQueue.main.async {
            self.presentError(error)
        }
    }
    else {
        guard authorization != nil else {
            NSLog("WARNING: #4ibfzwD8Ds")
            return
        }
        do {
            try FileManager(authorization: authorization!).createSymbolicLink(at: self.commandLineToolInstallationURL,     
                    withDestinationURL: self.commandLineToolURL)
        }
        catch {
            NSLog("WARNING: #argfgg - \(error)")
            DispatchQueue.main.async {
                self.presentError(error)
            }
        }
    }
}


I also had to request a Privileged File Operations entitlement here, which I did. I was then able to generate new Provisioning Profiles using that entitlement with my Developer certificate and the Distribution Certificate for the Mac App Store. But when I try to generate a new Provisioning Profile for my developer ID signed version of the app, the Additional Entitlements section, which lets you add the Privileged File Operations entitlemen, does not show up. Thus I cannot create a profile that works and the app I a distributing outside of the Mac App Store will crash upon launch.


Looking at the NSWorkspace.Authorization documentation, it seems that the Privileged File Operations entitlement is only available for apps on the Mac App Store and would therefore not be available for Developer ID signed apps distributed outside the Mac App Store.



What is the right way to install my command line tool (or a symbolic link) to /usr/local/bin from my sandboxed app that is signed with my Developer ID certificate?


It has to be possible since apps like BBEdit do it as well. Looking at BBEdit it seems they use FileManager.default.createSymbolicLink but how if NSWorkspace.Authorization does not work outside of the Mac App Store... ?


Thanks for your help!!

Up vote post of Iomegano Down vote post of Iomegano
867 views
Posted by
Iomegano
Reply
Add a Comment

Replies

Anyone? eskimo? 🙂

Posted by
Iomegano
Up vote reply of Iomegano Down vote reply of Iomegano
Add a Comment

The short answer here is that I don’t know for sure. You should open a TSI and I (or probably one of my colleagues) can fine you a definitive answer.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks. I will open a TSI and update this thread as soon as I know more.

Posted by
Iomegano
Up vote reply of Iomegano Down vote reply of Iomegano
Add a Comment

Update: Developer ID signed apps can be activated by manually by the Developer Technical Support.


"Generally speaking, the Privileged File Operation entitlement is for apps destined for the Mac App Store, as there’s no other way to accomplish the tasks it enables there (unlike non-Mac App Store apps, which don’t have some of those restrictions).

That said, we can enable it for this app to ensure a consistency in your codebase."

Posted by
Iomegano
Up vote reply of Iomegano Down vote reply of Iomegano
Add a Comment