tags:

views:

62

answers:

2
Q: 

creating a Mac OSX installer so the installed app won't set off the firewall

Right now I'm distributing a .app file to people in my organization. I drag it to /Applications by authenticating as root, but every time the users launch the program they get a firewall warning. (The app checks for updates on launch--very important for us). Since the users aren't admins they can't authenticate to make the messages go away. Will a mpkg-installed application also provoke the firewall in such a way that end-users will need an admin to allow the update check? Is there a post-install script I can include to configure the the firewall for my app? The ultimate goal for me is that an admin authenticate to run the installer. After installation, the admin would log out, the normal users would log in and run the application without any firewall warnings at all.

EDIT: I should mention the minimum version in the org is 10.5, but it would be nice if the solution worked on Tiger as well.

+2  A: 

I'm not sure, but if your Mac clients have been configured to use Application-level firewall settings, users will need to authenticate to allow the application permission. Otherwise, any application could work around the firewall in the same way.

Also, if your application modifies itself when updates are detected, the new version will also have to be authenticated before it will be able to make an outbound connection.

One solution is to change your policies so OS X machines aren't set to block outbound connections on a per-application basis.

richardtallent  2010-02-02 06:47:51
Thanks for the feedback. the update check does not modify the program, it only informs the user. I understand that authentication is necessary to change the permissions, but the installer itself is already authenticated. If there was some way I could change app-level firewall settings from a script, the elevated script could do the job at install time.
Yuvi Masory  2010-02-02 06:53:09
+1  A: 

If you code sign the app, even if it's just using a self-signed certificate, then the user will only be asked once to approve the launch of the app. Subsequent updates, providing the signing certificate is the same, won't trigger the dialog.

More info is in the code signing docs and in this tech note.

Rob Keniger  2010-02-02 12:45:59

related questions

Any pitfalls developing C#/.NET code in a Virtual Machine running on a MAC?
Height of NSTextView with one line?
What could prevent OpenGL glDrawPixels from working on some video cards?
What's a good machine for iPhone development?
MacPorts or Fink?
How to Stop NTFS volume auto-mounting on OS X
Any ReSharper equivalent for Xcode?
Rich GUI OS X Frameworks?
How do I open the default mail program with a Subject and Body in a cross-platform way?
Developer Setup for Starting Out with Cocoa/Mac Programming
Drawing a view hierachy into a specific context in Cocoa
Why is the PyObjC documentation so bad?
_wfopen equivalent under Mac OS X
Reading Other Process' Memory in Mac OS / BSD
better command for Windows?
Keep Remote Directory Up-to-date
How do I configure a Vista Ultimate (64bit) account so it can access a SMB share on OSX?
Programmatically talking to a Serial Port in OS X or Linux
I have some RAM to burn - any suggestions?
SQL Client for Mac OS X that works with MS SQL Server
How to tab between buttons on an Mac OS X dialog box
How to tab focus onto a dropdown field in Mac OSX
How-to articles for iPhone development, Objective-C
What are the preferred versions of Vim and Emacs on Mac OS X?
Best subversion client for Mac OS