InstallerJS

RSS for tag

Manage and customize the installation and distribution experience using InstallerJS.

InstallerJS Documentation

Posts under InstallerJS tag

4 Posts

Post

Replies

Boosts

Views

Activity

Installer JS warning when try to read the version from /var/db/receipts folder
Hi, I am using Installer JS in Distrtibution file which is created using productbuild command. I am trying to read the installed version of app from the plist file present in the /var/db/receipts folder. It gives the following warning. If I enable the flag , notarization will fail. FJS: Package Authoring Error: access to path "/var/db/receipts/com.xxx.xxx.plist" requires Following is the function I have used to read the installed version. system.files.plistAtPath() I have also tried the following function to read the version from .app file. system.files.bundleAtPath Both the functions give the warning. Is there are a way to avoid this warning or a better way to read the installed version? Regards Prema Kumar
Topic: Developer Tools & Services SubTopic: General Tags:
1
0
159
Dec ’25
Securely passing credentials from Installer plug-in to newly installed agent — how to authenticate the caller?
I’m using a custom Installer plug-in (InstallerPane) to collect sensitive user input (username/password) during install. After the payload is laid down, I need to send those values to a newly installed agent (LaunchAgent) to persist them. What I tried I expose an XPC Mach service from the agent and have the plug-in call it. On the agent side I validate the XPC client using the audit token → SecCodeCopyGuestWithAttributes → SecCodeCheckValidity. However, the client process is InstallerRemotePluginService-* (Apple’s view service that hosts all plug-ins), so the signature I see is Apple’s, not mine. I can’t distinguish which plug-in made the call. Any suggestion on better approach ?
Topic: Privacy & Security SubTopic: General Tags:
5
0
1.7k
Oct ’25
What is the unit used for the availableKilobytes property of the target object?
In the online documentation for InstallerJS, it is stated that the unit for the availableKilobytes property of the target field is kilobytes. Isn't it actually bytes because of a bug in the very first release of macOS that supported InstallerJS? [Q] Has there been a fix in the recent years regarding this property that would explain why the documentation says it's kilobytes? Even though at the time of this writing, the unit is still bytes when you call my.target.availableKilobytes I'm using this call to dump the value of this property in install.log: system.log(my.target.availableKilobytes + ''); Ref. https://developer.apple.com/documentation/installer_js/target/1811975-availablekilobytes (FB20448952)
Topic: Developer Tools & Services SubTopic: General Tags:
0
0
135
Sep ’25
Installer JS warning when try to read the version from /var/db/receipts folder
Hi, I am using Installer JS in Distrtibution file which is created using productbuild command. I am trying to read the installed version of app from the plist file present in the /var/db/receipts folder. It gives the following warning. If I enable the flag , notarization will fail. FJS: Package Authoring Error: access to path "/var/db/receipts/com.xxx.xxx.plist" requires Following is the function I have used to read the installed version. system.files.plistAtPath() I have also tried the following function to read the version from .app file. system.files.bundleAtPath Both the functions give the warning. Is there are a way to avoid this warning or a better way to read the installed version? Regards Prema Kumar
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
1
Boosts
0
Views
159
Activity
Dec ’25
Securely passing credentials from Installer plug-in to newly installed agent — how to authenticate the caller?
I’m using a custom Installer plug-in (InstallerPane) to collect sensitive user input (username/password) during install. After the payload is laid down, I need to send those values to a newly installed agent (LaunchAgent) to persist them. What I tried I expose an XPC Mach service from the agent and have the plug-in call it. On the agent side I validate the XPC client using the audit token → SecCodeCopyGuestWithAttributes → SecCodeCheckValidity. However, the client process is InstallerRemotePluginService-* (Apple’s view service that hosts all plug-ins), so the signature I see is Apple’s, not mine. I can’t distinguish which plug-in made the call. Any suggestion on better approach ?
Topic: Privacy & Security SubTopic: General Tags:
Replies
5
Boosts
0
Views
1.7k
Activity
Oct ’25
What is the unit used for the availableKilobytes property of the target object?
In the online documentation for InstallerJS, it is stated that the unit for the availableKilobytes property of the target field is kilobytes. Isn't it actually bytes because of a bug in the very first release of macOS that supported InstallerJS? [Q] Has there been a fix in the recent years regarding this property that would explain why the documentation says it's kilobytes? Even though at the time of this writing, the unit is still bytes when you call my.target.availableKilobytes I'm using this call to dump the value of this property in install.log: system.log(my.target.availableKilobytes + ''); Ref. https://developer.apple.com/documentation/installer_js/target/1811975-availablekilobytes (FB20448952)
Topic: Developer Tools & Services SubTopic: General Tags:
Replies
0
Boosts
0
Views
135
Activity
Sep ’25
SandBox popup validation
I want to use SandBox but I need to get rid of that popup menu : ""I can not load a .png"" so I do not know how to show the PopUp. Desktop/PopUpScreenShot.png
Topic: UI Frameworks SubTopic: General Tags:
Replies
3
Boosts
0
Views
136
Activity
Jul ’25