Re: NSString and file system Re: AppleScript in Sandboxed App
Hello, On Wed, 16 Jan 2013 17:12:15 +, jonat...@mugginsoft.com wrote: On 16 Jan 2013, at 15:50, Fritz Anderson fri...@manoverboard.org wrote: On 16 Jan 2013, at 3:52 AM, jonat...@mugginsoft.com jonat...@mugginsoft.com wrote: Py_SetProgramName((char *)[[scriptRunner launchPath] UTF8String]); If a char* is destined for the file system, you should be using -fileSystemRepresentation, not -UTF8String. I forget that all the time. To be honest I rarely remember to call -fileSystemRepresentation. The docs seem to indicate that its only purpose is to replace abstract / and . characters with OS equivalents. On OS X this would have seem to have no net result. Is there more to this? For some codepoints (e.g. umlauts) there is more than one way to represent them in Unicode (composed/decomposed): NSString *str = @/äöü.txt; const char *utf8 = [str UTF8String]; const char *file = [str fileSystemRepresentation]; NSLog(@utf8: %zd %s, strlen(utf8), utf8); NSLog(@file: %zd %s, strlen(file), file); Results (depending on the filesystem, I guess) in: UTFFilename[6260:403] utf8: 11 /glyphs.txt UTFFilename[6260:403] file: 14 /different glyphs.txt Think of it as umlaut-a/o/u vs. a/o/u, as umlaut Both encodings work but e.g. SVN has (had) problems with files that contain umlauts: They used the composed name internally but the filesystem returns the decomposed variant on OS X. Blindly comparing the UTF-8 byte arrays failed. Bye, Daniel ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: NSString and file system Re: AppleScript in Sandboxed App
On 16 Jan 2013, at 17:40, Quincey Morris quinceymor...@rivergatesoftware.com wrote: On Jan 16, 2013, at 09:12 , jonat...@mugginsoft.com jonat...@mugginsoft.com wrote: To be honest I rarely remember to call -fileSystemRepresentation. The docs seem to indicate that its only purpose is to replace abstract / and . characters with OS equivalents. On OS X this would have seem to have no net result. Is there more to this? You absolutely have to do it. There may be other things, but the transformations in 'fileSystemRepresentation' include at least: 1. '/' characters are replaced by ':', for file systems that use '/' as a path component separator. (':' has always been illegal in file names at the UI, so the transformation is reversible.) 2. Graphemes with multiple Unicode representations are converted to a normal form, for file systems that store Unicode file names. (Can't remember which form -- Unicode normal form D, I think.) That removes indeterminacy when there are accented characters (graphemes) with equivalent 1- and 2- character Unicode forms, or characters with multiple accents where the order of the accents could vary. If you ever sample -fileSystemRepresentation, you'll see it just calls through internally to -[NSFileManager fileSystemRepresentationWithPath:], which documents the unicode handling a little better: A C-string representation of path that properly encodes Unicode strings for use by the file system. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: AppleScript in Sandboxed App
On 16 Jan 2013, at 03:44, John Nairn j...@geditcom.com wrote: Thanks. I watched the one on Seccure Automation Techniques in OS X. Near the end it said exactly what I wanted to hear which is that application-run scripts that target only themselves have no restrictions. So far it is half true in my app. I can run an AppleScript now without troubles. But many of my scripts are in python and use ScriptingBridge. I run these python scripts by launching an NSTask as follows 1. set working directory to path for the script (which is in my sandbox) 2. set PYTHONPATH to some app-specific folders (all in my sandbox) 3. Launch task with command line like /usr/bin/python (path_to_script) The task actually starts fine and python launches. The first step in every script is to connect to my app using ScriptingBridge with a python line like _gedit = SBApplication.applicationWithBundleIdentifier_(appID) but this fails with error message 2013-01-15 19:26:38.954 Python[44491:1407] warning: failed to get scripting definition from /Users/nairnj/Library/Developer/Xcode/DerivedData/GEDitCOM_Pro-bimxoxdrzkwdkqgvskiwmvgvydje/Build/Products/Develop/GEDitCOM SD.app; it may not be scriptable. Of course that is not true because the app is scriptable and works fine with AppleScript and with python when not sandboxed. I was thinking my app is just receiving AppleEvents (as generated by python and ScriptingBridge), which is supposed to be allowed. But it does not work. The video mentions a new 10.8 class called NSUserUnixTask, which sounded promising, but its documentation specificlally says The class is not intended to execute scripts built into an application; for that, use one of the NSTask... Well I want to execute built in scripts so I am using NSTask, but so far without success. Has anyone be able to use NSTask to execute a python script to interact only with your own sandboxed app using ScriptingBridge? Trying to script your sandboxed app from an NSTask instance (i.e.: a separate process) will, I think, be like trying to access it from any other app. However the NSTask will, IIRC, be launched with the same entitlements as the host app so there is some logic to thinking that it should be able to access the app. If this is not the case then it may be necessary to construct a helper tool to execute your script with an explicit entitlement. Executing user supplied scripts is troublesome because you don't know in advance which apps they will target and which entitlements they will require. In your case you do know what entitlement would be required. Another approach would be to try and run your scripts within the app rather than in a separate process (may or may not be possible or advisable depending on your situation). Link against the Python framework rather than calling the shell - /system/library/frameworks/python.framework/versions/2.6/Extras/lib/python/PyObjC (or similar). This approach may or may not solve the sandbox issue! You would likely have to run the script in another thread and that might be a source of problems. However: I do something similar with KosmicTask. I load PyObj-C scripts that target the ScriptingBridge into a small Cocoa task runner. The task runner establishes a run loop and executes the Python script using PyRun_SimpleFile. The following gives an idea of how I go about it. In my case I actually load a py objc helper class that loads the target py script - but that is only because I need to execute user supplied scripts and so need a very generic solution. Py_SetProgramName((char *)[[scriptRunner launchPath] UTF8String]); // set up the basic python environment. Py_Initialize(); // get path to our python entrypoint NSString *scriptPath = [[scriptRunner resourcesPath] stringByAppendingPathComponent:@MGSPythonScriptExecutor.py]; // load the main script into the python runtime FILE *mainFile = fopen([scriptPath UTF8String], r); return (PyRun_SimpleFile(mainFile, (char *)[[scriptPath lastPathComponent] UTF8String]) == 0); HTH Jonathan Mitchell Mugginsoft LLP KosmicTask - the Integrated Scripting Environment for OS X. http://www.mugginsoft.com/KosmicTask ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
NSString and file system Re: AppleScript in Sandboxed App
On 16 Jan 2013, at 3:52 AM, jonat...@mugginsoft.com jonat...@mugginsoft.com wrote: Py_SetProgramName((char *)[[scriptRunner launchPath] UTF8String]); If a char* is destined for the file system, you should be using -fileSystemRepresentation, not -UTF8String. I forget that all the time. — F -- Fritz Anderson Xcode 4 Unleashed: 4.5 supplement for free! http://www.informit.com/store/xcode-4-unleashed-9780672333279 ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: NSString and file system Re: AppleScript in Sandboxed App
On 16 Jan 2013, at 15:50, Fritz Anderson fri...@manoverboard.org wrote: On 16 Jan 2013, at 3:52 AM, jonat...@mugginsoft.com jonat...@mugginsoft.com wrote: Py_SetProgramName((char *)[[scriptRunner launchPath] UTF8String]); If a char* is destined for the file system, you should be using -fileSystemRepresentation, not -UTF8String. I forget that all the time. To be honest I rarely remember to call -fileSystemRepresentation. The docs seem to indicate that its only purpose is to replace abstract / and . characters with OS equivalents. On OS X this would have seem to have no net result. Is there more to this? Jonathan ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: NSString and file system Re: AppleScript in Sandboxed App
On Jan 16, 2013, at 09:12 , jonat...@mugginsoft.com jonat...@mugginsoft.com wrote: To be honest I rarely remember to call -fileSystemRepresentation. The docs seem to indicate that its only purpose is to replace abstract / and . characters with OS equivalents. On OS X this would have seem to have no net result. Is there more to this? You absolutely have to do it. There may be other things, but the transformations in 'fileSystemRepresentation' include at least: 1. '/' characters are replaced by ':', for file systems that use '/' as a path component separator. (':' has always been illegal in file names at the UI, so the transformation is reversible.) 2. Graphemes with multiple Unicode representations are converted to a normal form, for file systems that store Unicode file names. (Can't remember which form -- Unicode normal form D, I think.) That removes indeterminacy when there are accented characters (graphemes) with equivalent 1- and 2- character Unicode forms, or characters with multiple accents where the order of the accents could vary. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: AppleScript in Sandboxed App
Thanks. I watched the one on Seccure Automation Techniques in OS X. Near the end it said exactly what I wanted to hear which is that application-run scripts that target only themselves have no restrictions. So far it is half true in my app. I can run an AppleScript now without troubles. But many of my scripts are in python and use ScriptingBridge. I run these python scripts by launching an NSTask as follows 1. set working directory to path for the script (which is in my sandbox) 2. set PYTHONPATH to some app-specific folders (all in my sandbox) 3. Launch task with command line like /usr/bin/python (path_to_script) The task actually starts fine and python launches. The first step in every script is to connect to my app using ScriptingBridge with a python line like _gedit = SBApplication.applicationWithBundleIdentifier_(appID) but this fails with error message 2013-01-15 19:26:38.954 Python[44491:1407] warning: failed to get scripting definition from /Users/nairnj/Library/Developer/Xcode/DerivedData/GEDitCOM_Pro-bimxoxdrzkwdkqgvskiwmvgvydje/Build/Products/Develop/GEDitCOM SD.app; it may not be scriptable. Of course that is not true because the app is scriptable and works fine with AppleScript and with python when not sandboxed. I was thinking my app is just receiving AppleEvents (as generated by python and ScriptingBridge), which is supposed to be allowed. But it does not work. The video mentions a new 10.8 class called NSUserUnixTask, which sounded promising, but its documentation specificlally says The class is not intended to execute scripts built into an application; for that, use one of the NSTask... Well I want to execute built in scripts so I am using NSTask, but so far without success. Has anyone be able to use NSTask to execute a python script to interact only with your own sandboxed app using ScriptingBridge? John Nairn On Jan 14, 2013, at 9:59 AM, Mike Abdullah wrote: On 14 Jan 2013, at 17:50, John Nairn j...@geditcom.com wrote: I have sandboxed an app that allows users to run scripts as a major feeature (i.e., dealbreaker on sandboxing only answer is to delete this feature). I was pleased that I can run AppleScripts fine through the sandboxed app from Apple's Script Editor, but the user experience is much (much, much) better if they can select a script from a menu in my app and run it, but that method fails. Here is more info: 1. Script running code is sound and works fine if app is not sandboxed. 2. Script is compiled, error free, and does not try to send events to any app except my own 3. Script is stored in application support of my container and therefore I should have read and write permission on that file 4. The first step in running the script (which is when is fails) is simply: script = [[NSAppleScript alloc] initWithContentsOfURL:[NSURL fileURLWithPath:scriptPath] error:errorInfo]; The errorInfo dictionary has only NSAppleScriptErrorNumber = -43 and no other details. I could not find this error number in a google search. 5. I have more problems running python scripts using Scripting bridge when sandboxed, but I am working on one problem for now Go watch the sandboxing videos from WWDC this year. They cover automation quite a bit, and all will be made much clearer. John Nairn http://www.geditcom.com Genealogy Software for the Mac ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: AppleScript in Sandboxed App
On 14 Jan 2013, at 17:50, John Nairn j...@geditcom.com wrote: I have sandboxed an app that allows users to run scripts as a major feeature (i.e., dealbreaker on sandboxing only answer is to delete this feature). I was pleased that I can run AppleScripts fine through the sandboxed app from Apple's Script Editor, but the user experience is much (much, much) better if they can select a script from a menu in my app and run it, but that method fails. Here is more info: 1. Script running code is sound and works fine if app is not sandboxed. 2. Script is compiled, error free, and does not try to send events to any app except my own 3. Script is stored in application support of my container and therefore I should have read and write permission on that file 4. The first step in running the script (which is when is fails) is simply: script = [[NSAppleScript alloc] initWithContentsOfURL:[NSURL fileURLWithPath:scriptPath] error:errorInfo]; The errorInfo dictionary has only NSAppleScriptErrorNumber = -43 and no other details. I could not find this error number in a google search. 5. I have more problems running python scripts using Scripting bridge when sandboxed, but I am working on one problem for now Go watch the sandboxing videos from WWDC this year. They cover automation quite a bit, and all will be made much clearer. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: AppleScript in Sandboxed App
On 14 Jan 2013, at 17:59, Mike Abdullah cocoa...@mikeabdullah.net wrote: Go watch the sandboxing videos from WWDC this year. They cover automation quite a bit, and all will be made much clearer. You want session 206 - Secure automation techniques in OS X. If you don't have access we can probably paraphrase the main points. To run User supplied scripts will entail the use of NSUserAppleScriptTask et al. The sandbox will allow your app to read user scripts from ~/Library/Application Scripts/code-signing-identifier aka NSApplicationScriptsDirectory. The crucial point is that your app has no write access to NSApplicationScriptsDirectory. The user has to manually move scripts into that folder. This move signals user interaction, in the same way that running a script from the command line does, and the script is permitted to escape the sandbox. The sandbox places no restriction on receiving AppleEvents. The restriction is on sending them. Regards Jonathan Mitchell Mugginsoft LLP ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: AppleScript in Sandboxed App
On 14 Jan 2013, at 11:50 AM, John Nairn j...@geditcom.com wrote: The errorInfo dictionary has only NSAppleScriptErrorNumber = -43 and no other details. I could not find this error number in a google search. For what it's worth: $ macerror -43 Mac OS error -43 (fnfErr): File not found -- Fritz Anderson Xcode 4 Unleashed: 4.5 supplement for free! http://www.informit.com/store/xcode-4-unleashed-9780672333279 ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com