Sparkle icon indicating copy to clipboard operation
Sparkle copied to clipboard

Published 20 hours ago verified publisher icon sparkle-project

App Translocation

Open zorgiepoo opened this issue 9 years ago • 4 comments

Let's have this be the general issue for app translocation / gatekeeper path randomization in the upcoming macOS 10.12.. Note this more has to do with the initial distribution of a developer's application. We may not end up having to actually change anything in Sparkle, but it may be worthwhile thinking about this.

This blog post was brought up recently: http://weblog.rogueamoeba.com/2016/06/29/sierra-and-gatekeeper-path-randomization/ - if as a developer you also feel that dmg's provide a subpar user experience and worry about users not moving your app, then I strongly suggest duping/filing a rdar to Apple as mentioned in the blog post.

Going through the list of apps that use Sparkle, I notice that most or around half of the apps don't use dmg's, so this could impact many developers.

Sparkle's website documentation has been updated to reflect the new changes, in the event that Apple decides to stick with forcing dmg's upon us.

[Note: before someone brings this up, the xip format does not avoid translocation like a signed dmg does, at least not in the current macOS 10.12 beta, and I think this is intentional]

zorgiepoo avatar Jul 01 '16 03:07 zorgiepoo

@zorgiepoo I've been thinking about this for principleformac.com. We distribute via a zip, so I've been wondering if there is anything we need to do to avoid trouble in Sierra, or if Sparkle will able to transparently handle this complication for us.

danielchasehooper avatar Aug 01 '16 19:08 danielchasehooper

This is documented on Sparkle's website now (see step 0). In short: ship a dmg and code sign the dmg. This is unless Apple adds some sort of other way to avoid the path randomization during the beta. If you think they should, file a rdar :-)!

If Sparkle tried to handle it transparently, that might go in direct opposition to Apple's intent (eg: detect that application is translocated, try to find if the same app is in ~/Downloads/, and clear it from being translocated).

zorgiepoo avatar Aug 01 '16 22:08 zorgiepoo

App Translocation can be avoided if the com.apple.quarantine property is removed from the app after it's uncompressed. http://lapcatsoftware.com/articles/app-translocation.html

I mean, can't Sparkle remove that property? In the terminal it can be done with a single command: xattr -r -d com.apple.quarantine <APP PATH>

As I last resource, couldn't Sparkle just run that command after extracting the app?

vitor251093 avatar Nov 03 '17 18:11 vitor251093

Sparkle removes that from updates, but can't remove it when the host app is launched from already-quarantined location (if a quarantined app could remove quarantine from itself, it wouldn't be a good quarantine mechanism…)

kornelski avatar Nov 03 '17 19:11 kornelski