Kaju: is there a way to authenticate ?

Hi folks (and Kem !)
I have taken a long dive into Kaju, and added to my home-made updater the scripts inside kaju that let the update take place automagically with only the user clicking “download and install”. really a nice feature from Kaju. and it works inside my updater !

But it seems that the user must have admin rights for the app to update itself.
at least on a mac it would be very nice if I could ask for admin password, and then update the app with admins rights.

is it possible with Kaju or completely impossible seeing how kaju is written, and apple blocking everything ?
I have some basic users that runs their macs with standard user rights, and only go to admin to update things.

thanks for taking some time to enlighten me on this subject.

another associated question is : how can I know in Xojo that the current user has the rights to replace the current App ?

Kaju checks the write permissions to the app and it’s directories. Right now, there is no way to elevate permissions.

I think the way to handle this is to allow the download and running of an installer instead of expecting the zipped update, but that’s just in the “thinking about it” stage.

what if I execute the kaju update script, encapsulated in an applescript “do shell script with admin privileges” ?
(kindly asking for an admin password before of course)

I don’t know, try it. :slight_smile:

will certainly have some problems in Mojave with applescript but will try it anyway.

You won‘t have issues with AppleScript. do shell script with admin privileges works just fine (for now at least).
You only need that plist/permission thing with Automation/AppleEvents, such as tell application Finder to do ...

well, today I tried the kaju updater script with macoslib authorizationShell.
it kindly asked me for the admin password, but it failed at renaming the old app
it’s working if the app is in a writable folder (eg desktop) but not for example in the utilities.
can anybody explain why ?

error 1 when the script tries to rename the old application (mv "$APP_PATH" "$RENAMED_APP_PATH")

found: I had to change all “mv” in the script to “sudo mv”
with this little trick, I can update even with admin level.

caveat: seems the authorizationKit has been deprecated a long time ago by apple …

was too fast … it worked one time to rename the old app (with sudo before the mv), and then it doesnt work anymore …
I get error 1
typing in the terminal the same command works.

whaou. finally found the culprit.
I had to change the first line of the mac kaju script to sh instead of bash
otherwise this is the current user that executes the script, and not root, and replaces inside locked folders fail.

Just a warning, the functions that AuthorizationShell is built on are deprecated. There are replacements, but they’re much more complicated.

do you have any hint about these replacements ?

I believe you’re supposed to use XPC processes.