[launchd-dev] SMJobBless help?

[Steve Gehrman]

I'm surprised that 10.6 is being released on Friday and there still is  
very little source code or documentation for new APIs from Apple.

Has anyone successfully used SMJobBless?

If someone can translate the docs from the header, that would help.

What is "Each string is a textual representation of a code signing  
requirement"?

A sample app would help.  Does the blessed tool get moved or copied  
somewhere?  I need my tool to be able to find frameworks in my apps  
bundle.  Is this a problem?

Do I need to call SMJobSubmit before I call SMJobBless?

-steve

/*!
  * @function		SMJobBless
  * @abstract		Submits the executable for the given label as a launchd  
job.
  * @discussion		SMJobBless submits the executable for the given
  *					label as a launchd job.  This function obviates the need for a
  *					setuid helper invoked via AuthorizationExecuteWithPrivileges()  
in order
  *					to install a launchd plist.
  *
  * If the job is already installed, success is returned.
  *
  * In order to use this function the following requirements must be  
met:
  *
  * 1.	The calling application and target executable tool must both be  
signed.
  *
  * 2.	The calling application's Info.plist must include a
  *		"SMPrivilegedExecutables" dictionary of strings. Each string is a  
textual
  *		representation of a code signing requirement used to determine  
whether
  *		the application owns the privileged tool once installed (i.e. in  
order
  *		for subsequent versions to update the installed version).
  *
  *		Each key of SMPrivilegedExecutables is a reverse-DNS label for  
the helper
  *		tool (must be globally unique).
  *
  * 3.	The helper tool must have an embedded Info.plist containing an  
"SMAuthorizedClients"
  *		array of strings. Each string is a textual representation of a  
code signing
  *		requirement describing a client which is allowed to add and  
remove the tool.
  *
  * 4.	The helper tool must have an embedded launchd plist. The only  
required key in this
  *		plist is the Label key. When the launchd plist is extracted and  
written to disk,
  *		the key for ProgramArguments will be set to an array of 1 element  
pointing to a
  *		standard location. You cannot specify your own program arguments,  
so do not rely
  *		on custom command line arguments being passed to your tool. Pass  
any parameters via IPC.
  *
  * 5.	The helper tool must reside in the Contents/Library/ 
LaunchServices directory inside the
  *		application bundle, and its name must be its launchd job label.  
So if your launchd job
  *		label is "com.apple.Mail.helper", this must be the name of the  
tool in your application
  *		bundle.
  *
  * @param			domain				The job's domain. Only kSMDomainSystemLaunchd  
is supported.
  * @param			executableLabel		The label of the privileged executable  
to install.
  *										This label must be one of the keys found in the  
SMPrivilegedExecutables
  *										dictionary in the application's Info.plist.
  * @param			auth				An authorization reference containing the  
kSMRightBlessPrivilegedHelper right.
  * @param			outError			An output reference to a CFErrorRef describing  
the specific
  *										error encountered while submitting the executable tool,  
or NULL if
  *										successful.  It is the responsibility of the application  
to release the
  *										error reference.  This argument may be NULL.
  *
  * @result			True if the job was successfully submitted, otherwise  
false.
  */
Boolean SMJobBless(CFStringRef domain, CFStringRef executableLabel,  
AuthorizationRef auth, CFErrorRef *outError);

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/launchd-dev/attachments/20090825/cf3016d9/attachment.html>