Code Monkey home page Code Monkey logo

blog's People

Watchers

avatar avatar

blog's Issues

苹果Gatekeeper以及Path Randomization机制

目前获取的信息

mac os 中的gatekeeper 在初次打开 XXX.app 的应用时会去验证app的来源, 包括但不限于浏览器下载, 邮件, 等. 如果是则触发 gatekeeper 的安装来源验证,如果失败则不能运行, 这一点mac os 一直是这样的,没有变

mac-sierra-or-later 下苹果引入一种新的机制叫做Gatekeeper Path Randomization(或者app translocation)。当用户下载并且运行一个app并且触发了gatekeeper时, 系统会将它(你点击的 XXX.app 包括下面所有内容) 临时copy到一个随机且只读的目录. eg. (/private/var/folds/mv/rq2pm20s123asdasdasdasdsdfsd/T/AppTranstion/12312312-asdasd-asdasd-as-das-das-d/d/xxxx.app)。直到用户移动应用到其他路径此机制不再执行,这里有几点需要注意,

  • 如果cli下运行执行 XXXX.app/Content/MacOS/XXXX 时目前看到的是,没有随机化和只读化app的路径
  • 移动的目标路径可以不是/Applications
  • 移动的行为只能通过Finder,cli下通过mv命令甚至同构apple script都不行
  • 移动xxx.app的父目录也不行,移动后translocation仍会触发

对实际项目的影响和思考

  • 发布产品时不要在xxx.app外部的相对目录放内容, 也不要有任何逻辑是依赖相对目录的,因为目录随机化以后根据相对位置获取内容都会失败
  • 不要在xxx.app内部存放应用使用中产生的用户数据, 因为随机目录是只读的。苹果的推荐做法 App Data~/Library/Application Support/com.company.xxx
  • 如果用户系统在Sierra之前已经下载xxx.app, 之后升级到 mac-sierra-or-later, 则还是按照以前的方式运行

参考资料

https://weblog.rogueamoeba.com/2016/06/29/sierra-and-gatekeeper-path-randomization/
https://news.ycombinator.com/item?id=12002500
http://www.macworld.com/article/3083346/os-x/macos-sierra-faq-what-you-need-to-know-about-the-new-mac-operating-system.html
https://hipsterpixel.co/2016/06/29/macos-sierra-s-gatekeeper-update-could-be-problematic/
https://developer.apple.com/videos/play/wwdc2016/706/
http://apple.stackexchange.com/questions/254684/macos-sierra-missing-app-icon-in-dock-and-check-for-updates-fails-for-certa/254689
potionfactory/LetsMove#56

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.