Thoughts after migrating

[jeff-h]

I've just spent the day migrating from my bespoke privileged helper solution to leverage the trilemma-dev trinity of awesomeness (Blessed, SecureXPC andEmbeddedPropertyList) lol. It went so much smoother than my previous work in this arena, and the result is already feeling far more solid (and doubtless far more secure).

It's clear an enormous amount of time, thought & skill went into creating this, so overall I just wanted to say thanks heaps for sharing this. The fantastic documentation in particular was of real help as I worked my way through it all.

A few comments on specifics:

1. the plist handling worked really impressively — getting the SMAuthorizedClients signature correct was a real pain for me previously. And I really love the auto-version-incrementing system based on the code hash. Again, it's working perfectly out-of-the-box for me. It's a huge DX & productivity improvement.

2. I'm a little confused by the need for APP_VERSION instead of using CURRENT_PROJECT_VERSION. Is the latter not available as an environment variable perhaps? (I've always found the availability of such variables to build scripts to be quite incomprehensible.) In some respects it's not ideal eg setting the app's Info.plist CFBundleVersion to $(APP_VERSION) gets overwritten if you ever forget and change the version in Xcode's Target "Identity" config GUI.

Also, the docs state regarding CURRENT_PROJECT_VERSION: "This setting defines the current version of the project. The value must be a integer or floating point number, such as 57 or 365.8." whereas your code appears to expect (or at least prefer as a best-practice) something like 1.0.0.

3. re: the HelperToolMonitor — querying /bin/launchctl directly is a stroke of genius :) However I noticed that this is sometimes called from the main thread. Is it always quick enough to be a non-issue? (it was in my testing)

Secondly, it feels a bit overkill for a normal app (as opposed to this demo) to monitor the helper installation directories. Am I missing a bigger reason for this monitoring? Since you've already implemented it, it's tempting to use it, but I'm just not sure if it's really needed outside the demo.

4. my next step is to dig into how errors need to be passed from the helper. If there is any improvement to be made to the otherwise-excellent documentation, it could be to explain a little how errors are passed. Of course it's all there in the demo code so perhaps it's fine without. I just need to dig into it.

[jakaplan]

It's clear an enormous amount of time, thought & skill went into creating this, so overall I just wanted to say thanks heaps for sharing this.

Thanks so much for this detailed feedback, it's much appreciated! With your usage of "heaps" I've got to ask - Aussie or Kiwi? Greetings from Auckland!

2. I'm a little confused by the need for APP_VERSION instead of using CURRENT_PROJECT_VERSION.

My understanding is CURRENT_PROJECT_VERSION represents the version of the Xcode project itself and not any specific targets within it. Due to the mutual code signing requirements, I need to represent the version of the app at the project level (so the helper tool can known about it). This results in somewhat broken encapsulation of this information which normally only the app target would need to know about.

Also, the docs state regarding CURRENT_PROJECT_VERSION: "This setting defines the current version of the project. The value must be a integer or floating point number, such as 57 or 365.8." whereas your code appears to expect (or at least prefer as a best-practice) something like 1.0.0.

These are two unrelated concepts. APP_VERSION values are intended to conform to the CFBundleVersion format.

re: the HelperToolMonitor — querying /bin/launchctl directly is a stroke of genius :) However I noticed that this is sometimes called from the main thread. Is it always quick enough to be a non-issue? (it was in my testing)

It ought to be called from the main thread when the app first loads, but otherwise should be running on the "directory monitor" DispatchQueue. Are you observing something different?

In terms of performance, in my own experience it's extremely fast, but it does involve spinning up a new process so it's far more overhead than a normal function call would involve.

Secondly, it feels a bit overkill for a normal app (as opposed to this demo) to monitor the helper installation directories. Am I missing a bigger reason for this monitoring? Since you've already implemented it, it's tempting to use it, but I'm just not sure if it's really needed outside the demo.

I can't think of a reason why an app would need the file system monitoring, but it's useful for the demo. I think you'd just want the determineStatus() function.

my next step is to dig into how errors need to be passed from the helper. If there is any improvement to be made to the otherwise-excellent documentation, it could be to explain a little how errors are passed. Of course it's all there in the demo code so perhaps it's fine without. I just need to dig into it.

This isn't in the sample yet. Support for custom error types was added in SecureXPC 0.4.0 which I just released. However, the sample doesn't yet make use of this functionality. The sample uses the closure-based version of XPCClient's send functions because they're more compatible. However, the custom error type support is much more developer friendly to use with the async variants. So I need to decide how I want to update the sample. Once I do that, it'll probably be a month or so until I find the time to go and do this.

[jeff-h]

It's clear an enormous amount of time, thought & skill went into creating this, so overall I just wanted to say thanks heaps for sharing this.

Thanks so much for this detailed feedback, it's much appreciated! With your usage of "heaps" I've got to ask - Aussie or Kiwi? Greetings from Auckland!

Haha! I gave myself away hey? I'm actually both — an Aussie currently living in NZ. So if you're ever making a trip down to the South Island let me know :)

[jakaplan]

Oh! While I live in Auckland, at this exact moment I'm actually on holiday on the South Island. Right now we're in Twizel. Auckland is hardly ugly, but it's so beautiful down here.

[jeff-h]

Ha, that's crazy 🤪 Firstly that you would go to Twizel in March lol and secondly that you're almost literally right around the corner! The world is smaller than it seems...