www.cendio.com
Bug 3046 - No configuration is shipped with OS X client
: No configuration is shipped with OS X client
Status: REOPENED
: ThinLinc
Client platforms
: trunk
: PC Unknown
: P2 Normal
: MediumPrio
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2009-03-17 14:39 by
Modified: 2016-12-05 11:17 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2009-03-17 14:39:53
The OS X client ISO does not contain a tlclient.conf.
------- Comment #1 From cendio 2014-01-15 13:20:51 -------
It doesn't contain a ssh_known_hosts file either - there's not even a etc/
directory somewhere in the bundle.
------- Comment #2 From cendio 2015-09-18 11:02:39 -------
tlclient have __APPLE__ specific implementation that sets tlclient_prefix to
application_bundle_path/Contents which means that we just need to ship a config
file under as application_bundle/Contents/etc/tlclient.conf.
------- Comment #4 From cendio 2015-09-18 13:20:21 -------
How is signing of the bundle affecting this. If the configuration file is
signed a  administrator can't modified the config for a custom application
bundle. Can the file be excluded from signing ?
------- Comment #6 From cendio 2015-09-18 14:06:44 -------
(In reply to comment #4)
> How is signing of the bundle affecting this. If the configuration file is
> signed a  administrator can't modified the config for a custom application
> bundle. Can the file be excluded from signing ?

If I remember correctly, you cannot exclude files from signing. So if you
customize the app, the signature will be invalid. I'd say that this is
expected. Customers could potentially re-sign with their own certificate if
they want. However, in this case, it might be necessary to remove the old
signature. Here's some information about that:

http://stackoverflow.com/questions/7500381/bug-in-codesign-remove-signature-feature
------- Comment #7 From cendio 2015-09-18 15:39:26 -------
(In reply to comment #4)
> How is signing of the bundle affecting this. If the configuration file is
> signed a  administrator can't modified the config for a custom application
> bundle. Can the file be excluded from signing ?

To make the exception permanent for just the download ThinLinc bundle
application, which disables sign verification, one would right click and choose
open on context menu and select open anyways.

This way the quarantine attribute on the bundle is changed from
0002:XX:UUID to 0042:XX:UUID which means the exception lives with the bundle.
------- Comment #8 From cendio 2015-09-21 09:03:57 -------
Redo and cleanup special cases MacOSX to fix BINDIR / SYSCONFIR and PREFIX for
a cleaner consistent Makefile.
------- Comment #13 From cendio 2015-09-22 11:07:40 -------
Check if we should document this changes in TAG.
------- Comment #14 From cendio 2015-09-22 11:16:57 -------
(In reply to comment #13)
> Check if we should document this changes in TAG.

There is no information in tag about Mac OS X client configurations and we do
have bug 4852 to add this.
------- Comment #18 From cendio 2015-09-28 11:21:20 -------
 ✓ tlclient reads tlclient.conf from app bundle
 ✓ documentation is now fine
------- Comment #19 From cendio 2015-09-30 08:27:01 -------
Bug is reopened due to the whole point of doing this work is to support
preconfiguration of the ThinLinc client. As noted one can't change the bundled
config file without breaking the signature and there is no supported way of
removing a signature.

The correct way is to install configuration files in the "Application Support",
see bug 5659 for more information, folder which introduces a problem were we
don't uses a package installer which can create this file.

"If you used custom resource rules because your installation process relies on 
changing the bundle, your app will be rejected by Gatekeeper on first launch.
These modifications are not permitted. Using an installation package instead of
a drag-install will get you through Gatekeeper."

refs:
https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG401
------- Comment #20 From cendio 2015-09-30 08:27:01 -------
Bug is reopened due to the whole point of doing this work is to support
preconfiguration of the ThinLinc client. As noted one can't change the bundled
config file without breaking the signature and there is no supported way of
removing a signature.

The correct way is to install configuration files in the "Application Support",
see bug 5659 for more information, folder which introduces a problem were we
don't uses a package installer which can create this file.

"If you used custom resource rules because your installation process relies on 
changing the bundle, your app will be rejected by Gatekeeper on first launch.
These modifications are not permitted. Using an installation package instead of
a drag-install will get you through Gatekeeper."

refs:
https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG401
------- Comment #21 From cendio 2015-09-30 08:33:48 -------
(In reply to comment #20)
> Bug is reopened due to the whole point of doing this work is to support
> preconfiguration of the ThinLinc client. As noted one can't change the bundled
> config file without breaking the signature and there is no supported way of
> removing a signature.
> 

If we implements bug 5659 for supporting preconfigured thinlinc client we have
only one problem: We can't distribute the configuration file with the
application bundle. However, and administrator could:

 - Distribute ThinLinc application bundle with a configfile and instruction
   where this config file should be stored.

 - Build a package installer using pkgbuild with the ThinLinc application
bundle  
   and preconfigured file.
------- Comment #24 From cendio 2015-09-30 17:05:33 -------
Building a package file actually seems doable from the build system. pkg files
are just xar archives with a special structure. The only magical thing in them
is a binary file that store file metadata for the things that are to be
installed. But there is an open source project to generate these files:

http://hogliux.github.io/bomutils/index.html

They even have a complete tutorial on how to make a pkg file here:

http://hogliux.github.io/bomutils/tutorial.html