Right now I'm distributing a .app file to people in my organization. I drag it to /Applications by authenticating as root, but every time the users launch the program they get a firewall warning. (The app checks for updates on launch--very important for us). Since the users aren't admins they can't authenticate to make the messages go away. Will a mpkg-installed application also provoke the firewall in such a way that end-users will need an admin to allow the update check? Is there a post-install script I can include to configure the the firewal开发者_JAVA百科l for my app? The ultimate goal for me is that an admin authenticate to run the installer. After installation, the admin would log out, the normal users would log in and run the application without any firewall warnings at all.
EDIT: I should mention the minimum version in the org is 10.5, but it would be nice if the solution worked on Tiger as well.
I'm not sure, but if your Mac clients have been configured to use Application-level firewall settings, users will need to authenticate to allow the application permission. Otherwise, any application could work around the firewall in the same way.
Also, if your application modifies itself when updates are detected, the new version will also have to be authenticated before it will be able to make an outbound connection.
One solution is to change your policies so OS X machines aren't set to block outbound connections on a per-application basis.
If you code sign the app, even if it's just using a self-signed certificate, then the user will only be asked once to approve the launch of the app. Subsequent updates, providing the signing certificate is the same, won't trigger the dialog.
More info is in the code signing docs and in this tech note.
精彩评论