This is on Mac 10.8
I have written Google Chrome Extension and a Native Messaging executable which communicates with the Chrome Extension using Native Messaging. All works fine with my Proof of Concept as part of development.
Issue is that now I want to get it deployed.
I have my in house installer which by which I need to create a com.my_company.my_product.json manifest file inside of this /Library/Google/Chrome/NativeMessagingHosts directory which cannot be accessed unless I ask for the password of the admin user.
I am doing this port as part of migration of NPPlugin to Chrome Extension Native messaging communication which will replace the NPPlugin. NPPlugin can be accessed from both /Library as well as ~/Library which does not require sudo permissions.
Why does the manifest file need to be at root /Library level ad not user ~/library level? If so how can we get this installed on a Mac without bothering the user with admin password which the user will obviously be less likely to share.
If anyone has a solution, the Native Executable is a C++ program that can use Mac API calls.
Your understanding is correct. The Chromium team is investigating user directories as an additional option. Ensuring continuing security is the primary concern. I'll update this answer when there's more to report. (Update 6/1/2014: see Rob W.'s comment to this answer)
Related
I started using Eclipse with TFS (Team Foundation Server) to control file versions, but now I need to control the build/compile access. The idea is similar to the version control system, but it is now related to the project and machines.
Is there a way to control/deny the compilation of specific files with a plugin or not inside Eclipse?
It seems what you want is to manage users to access the project. You can add the users to the Readers group or set permission for a single user.
Check this article for more details:
https://msdn.microsoft.com/en-us/library/ms252477.aspx
If you are asking about permissions to repositories, VisualSVN Server fully supports path-based authorization and you can manage it through VisualSVN Server Manager console, Windows PowerShell and Repository Configurator tool.
Read the article KB33 | Understanding VisualSVN Server authorization to learn more about the permissions.
BTW, I second #alroc's comment:
Why would one use a version control system to control what source
files are compiled in the build process?
It seems to me that you are planning to use some awkward approach to control your builds. How does built relate to your version-control system? You should tell the build machine which projects and how to build them. Version control system can only control the authorization part in this case.
I heard that Windows 10 will allow developers to submit their desktop (non-Metro) apps to the Windows Store. I'm developing using C/C++/MFC and WinAPIs.
What do I need to do to submit my desktop app to the store? And what are the requirements/charge?
You should consider watching this //build talk with John Sheehan. It covers the details of Win32 apps in the store (codename Project Centennial). The first detail is "this project is still under development" (as of May 2015).
In a nutshell, you can take an existing MSI-based installed app, run it through a tool to generate an appx, and then you're done. There are some things that won't work (eg installing services, custom licensing / DRM, or running as administrator) but most normal app code will work. The example shown is Adobe PhotoShop Elements, which worked perfectly except for the licensing check (which can now be handled by the Store anyway).
If you don't want to sit through an hour of this Build 2015 presentation linked by Peter Torr, here's a synopsis of what Project Centennial will entail. Also, as was pointed out already, this is all a preliminary stuff, that is still under development (as of May 2015.)
Applies to Win32/.NET/COM based apps listed in a Windows 10 Store:
MSIs are "evil". Use APPX packages instead.
APPX Gloal: one-click installs thru Windows Store, automatic app updates via Windows Store (using file diff'ing - no need to re-download large unchanged files in the package.)
Microsoft will have an automatic conversion tool: MSI to APPX.
MSI licensing/DRM will not work: i.e. can't look up CPU serial number, hard drive info, network card MAC addr, etc. (My take: The store app will not be able to access hardware directly.)
The app will have a live tile & anything else that can be done with the Universal App (or Metro style app.)
The app's AppxManifest.xml file will define app's file associations.
The app installs into a sandbox folder with randomized path, example: C:\Program Files\WindowsApps\<GUID>\<Package Name>. This path changes every time a new app version is released.
The app's sandbox folder will have Root\VFS subfolder that will contain the following redirected subfolders:
AppData
AppVSystem32Catroot
AppVSystem32Catroot2
Common AppData
ProgramFilesCommonX64
ProgramFilesCommonX86
System
SystemX86
Windows
For instance, if your app tries to access C:\Windows it will be redirected to C:\Program Files\WindowsApps\<GUID>\<Package Name>\Root\VFS\Windows invisibly for the app.
The app's package sandbox folder will have Registry.dat file (that is a registry hive) for that app. All requests to the system registry done by your app will be redirected to that file, including HKLM and HKCU keys. So in other words, your app won't be able to modify any of the shared system registry keys.
Apps installed via APPX packages cannot share dependencies between their files, nor inter-load other app's package contents.
Namespace merging (between shared system files and package's Root\VFS folder files):
Namespace wrire redirection (writing into shared system registry is redirected into your app's Registry.dat file. Also on the file system scale only AppData folder is redirected to your app's Root\VFS\AppData folder):
The redirected AppData folder will be placed into non-roaming location.
The store app can run only as a user (which they refer to as a "Full Trust", which in my book is a misnomer) It cannot run elevated, and if it tries to call an API that shows UAC prompt, such API will silently fail.
The store app cannot install or run NT services.
I believe that there's a way to sign up for any updates on this project.
I am writing an application on OSX by using Qt C++ that needs root privilege.
I believe I can get these needed privilege by displaying a dialog box prompting user name and password, something like this in XAMPP:
How this can be done? Am I have to build the form manually then use setuid, or is there already built in function on the SDK?
Originally, Apple provided a function 'AuthorizationExecuteWithPrivileges' that allowed an application to launch another with root privileges. This has since been deprecated for security reasons.
The dialog here is a bit misleading. Apple provides authorization services that launches the dialog under various different situations, but usually from an application having called the function AuthorizationCopyRights, after having setup rules in an authorization database (the file at /etc/authorization) and having created the Authorization reference with AuthorizationCreate.
Security on OSX is split between a security daemon, a security agent and applications. An application can restrict features using this system, or request authorisation for the user to enter credentials so it can launch a privileged application, which is what you need to do.
It's important to note that the dialog has not been presented by the application, but by the Security Agent, which is solely responsible for the security GUI. The daemon actually processes the authorization.
Apple's method for elevation is to have all applications run with Standard User rights and should a privileged task be required, then this must be factored out into a separate application which is registered to run with launchd and given the elevated privileges. The example Apple provides is SMJobBless.
While the calling code of the example is written in Objective-C, the important functions are just C functions in the SMJobBlessAppController.m file, most notably AuthorizationCreate to create an authorisation reference and the code in the Objective-C function blessHelperWithLabel:error: at the bottom of the file.
Begin with this help document on SMJobBless, which details the process.
Finally, if you're using Qt, you'll need to include Apple's Security framework for the required function calls. To do that, just add the following to your .pro file: -
QMAKE_LFLAGS += -F /System/Library/Frameworks/Security.framework/
LIBS += -framework Security
Sorry if my question is silly, but I have no experience at all with terminal server and am having a problem on how to store user preferences for an app.
The application was originally designed to run in individual, independent, computers. The installer has the option to install for all users or the current user but it always stores some xml in a subdirectory of the commonapp folder of the computer. It does store it here to be able to write to it later on under Windows vista upward.
Now, the company is running terminal server and the users don't have an independent computer anymore. They log into a session of terminal server and the administrator decides what software they can use. As the app is now, it installs in the server and offers all the users the same preferences from the commonapp. If the preferences are changed for an user, they all will have the change...
Please, could someone illustrate me on this? Initially, I though that by choosing 'to all users' when installing, the terminal server system would use the roaming folder of the user to store the preferences but I was wrong...
I don't know what users are going to use the app and cannot install directly to their folder either.
Is this a terminal server settings thing or do I have to write some code in the app that checks if the user has the xml in its folder and copy it and use it if it doesn’t?
Do not store application preferences in its directory. Instead, store it in user's roaming directory - use Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) (since you tagged the post as managed). Then it can be installed once, but run multiple times by multiple users and each of them will get his set of settings.
Recently I have been experimenting with Firebreath and developed a plugin in order to showcase my c++ projects on my portfolio website. I would like to make it easy for users to look at the projects without downloading files if they are new on my website.
The only issue I have at this point is that when users visit my page, they will receive a message indicating the plugin is missing. I would like to have an option for the users to automatically install my plugin without having to manually download and run it.
The plugin is mainly targetted at Windows users, since the applications are as well. I intend to support Google Chrome, Firefox, Internet Explorer. Currently I am using a MSI installer to install the plugin.
I have found a question similar to this, but I still needed to save the MSI installer and run it.
My question is: What would be the best way to implement this?
There isn't any way to "automatically" do what you want to do. The closest that I have heard of would be to use a java applet that would download and install the plugin for them. This can be pretty reliable on Mac but far less reliable on windows (for a number of reasons, among which the fact that many windows users don't have java installed and that Chrome blocks java applets by default without intervention by the user).
Other options include:
Creating a CAB file installer (only works on IE)
Creating a XPI firefox extension that packages the plugin (requires restarting the browser, only works on firefox)
Creating a CRX chrome extension that packages the plugin (only works on Chrome)
Microsoft ClickOnce used to work pretty well for one click installs of MSI files from a web page, but recently I think it doesn't work on many (if any) browsers; haven't seen it used in awhile, anyway.
There is no "automatic" way to install plugins; that would be considered a severe security issue. This is probably the #1 reason that plugins are as uncommon as they are.
do what adobe does,
create a tiny activeX application downloader, sign the activeX from with cheap SSL
when a user, enters your site, he will automatically be downloading this tiny ActiveX, after installation complete, inside the tiny ActiveX, have some type of batch script to download the EXE from remote server and silently install it.
adobe does this, on every reboot in boot.ini or startups
very easy