我正在寫一些需要經常以root權限運行命令的軟件。用Mac應用程序獲得swift的管理權限
現在,我通過詢問用戶密碼一次,保存密碼,然後提供密碼NSAppleScript
作爲參數以及with administrator privileges
。
這對用戶來說顯然是不安全的,因爲有人可以訪問他們的密碼。
我一直在尋找更好的一週的一部分,並找不到解決方案。
SMJobBless似乎允許您安裝具有更高權限的應用程序。
我跟着應用程序的例子,我從他們的SMJobBlessUtil腳本得到一個錯誤。
以下是錯誤:
SMJobBlessUtil.py: tool designated requirement (identifier "com.domain.AppName.SampleService" and anchor apple generic and certificate leaf[subject.CN] = "Mac Developer: firstName lastName (XXXXXXXXXX)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */) doesn't match entry in 'SMPrivilegedExecutables' (anchor apple generic and identifier "com.domain.AppName.SampleService" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.CN] = "Mac Developer: firstName lastName (XXXXXXXXXX)")
顯然,什麼是錯的。這裏是各自的Plist
服務信息的plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleIdentifier</key>
<string>com.domain.AppName.SampleService</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>SampleService</string>
<key>CFBundleVersion</key>
<string>6</string>
<key>SMAuthorizedClients</key>
<array>
<string>anchor apple generic and identifier "com.domain.AppName" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = xxxxxxxxxx)</string>
</array>
</dict>
</plist>
應用信息的plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<dict/>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleGetInfoString</key>
<dict/>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>Away</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0.99</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>9</string>
<key>LSApplicationCategoryType</key>
<string>public.app-category.utilities</string>
<key>LSMinimumSystemVersion</key>
<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
<key>LSUIElement</key>
<true/>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2016 firstName lastName. All rights reserved.</string>
<key>NSMainStoryboardFile</key>
<string>Main</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>SMPrivilegedExecutables</key>
<dict>
<key>com.domain.AppName.SampleService</key>
<string>anchor apple generic and identifier "com.domain.AppName.SampleService" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.CN] = "Mac Developer: firstName lastName (XXXXXXXXXX)"</string>
</dict>
</dict>
</plist>
我看着at this stackoverflow post和其他許多人喜歡它。據我瞭解,我的plists設置正確。我究竟做錯了什麼?
我不打算保持賞金。在Reddit上發佈的問題是它說的是字符串。我確實是隨機遇到了這個排列。但你的回答是夠好的。我建議您編輯您的問題,以合併來自原始問題的逐步更改。我被困在這個好幾天了,我仍然不明白這個不完整的身份線是如何的,而蘋果有一個更長的字符串 – Cripto
好吧,現在我不覺得這個傻瓜。再一次,獎勵是沒有必要的,但非常感謝......我已經更新了我的答案,試圖解釋你所問的關於整體的基本原理和具體情況;不要猶豫,如果沒有涵蓋它。 –