I'm surprised that 10.6 is being released on Friday and there still is very little source code or documentation for new APIs from Apple. Has anyone successfully used SMJobBless? If someone can translate the docs from the header, that would help. What is "Each string is a textual representation of a code signing requirement"? A sample app would help. Does the blessed tool get moved or copied somewhere? I need my tool to be able to find frameworks in my apps bundle. Is this a problem? Do I need to call SMJobSubmit before I call SMJobBless? -steve /*! * @function SMJobBless * @abstract Submits the executable for the given label as a launchd job. * @discussion SMJobBless submits the executable for the given * label as a launchd job. This function obviates the need for a * setuid helper invoked via AuthorizationExecuteWithPrivileges() in order * to install a launchd plist. * * If the job is already installed, success is returned. * * In order to use this function the following requirements must be met: * * 1. The calling application and target executable tool must both be signed. * * 2. The calling application's Info.plist must include a * "SMPrivilegedExecutables" dictionary of strings. Each string is a textual * representation of a code signing requirement used to determine whether * the application owns the privileged tool once installed (i.e. in order * for subsequent versions to update the installed version). * * Each key of SMPrivilegedExecutables is a reverse-DNS label for the helper * tool (must be globally unique). * * 3. The helper tool must have an embedded Info.plist containing an "SMAuthorizedClients" * array of strings. Each string is a textual representation of a code signing * requirement describing a client which is allowed to add and remove the tool. * * 4. The helper tool must have an embedded launchd plist. The only required key in this * plist is the Label key. When the launchd plist is extracted and written to disk, * the key for ProgramArguments will be set to an array of 1 element pointing to a * standard location. You cannot specify your own program arguments, so do not rely * on custom command line arguments being passed to your tool. Pass any parameters via IPC. * * 5. The helper tool must reside in the Contents/Library/ LaunchServices directory inside the * application bundle, and its name must be its launchd job label. So if your launchd job * label is "com.apple.Mail.helper", this must be the name of the tool in your application * bundle. * * @param domain The job's domain. Only kSMDomainSystemLaunchd is supported. * @param executableLabel The label of the privileged executable to install. * This label must be one of the keys found in the SMPrivilegedExecutables * dictionary in the application's Info.plist. * @param auth An authorization reference containing the kSMRightBlessPrivilegedHelper right. * @param outError An output reference to a CFErrorRef describing the specific * error encountered while submitting the executable tool, or NULL if * successful. It is the responsibility of the application to release the * error reference. This argument may be NULL. * * @result True if the job was successfully submitted, otherwise false. */ Boolean SMJobBless(CFStringRef domain, CFStringRef executableLabel, AuthorizationRef auth, CFErrorRef *outError);