[Bug 89657] The lang-pack installation mechanism on OSX unacceptable

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Mon Feb 8 04:57:09 UTC 2016


--- Comment #12 from catacombae at gmail.com ---
[OS X developer and long time LibreOffice user, first time LibreOffice Bugzilla

I would prefer approach 3 as suggested by barefootguru, but if that would grow
the size of the download to the point where it's unacceptable I would like to
add one other possibility:

4. Deliver updated code signatures as part of the language pack. However if the
user installs multiple language packs this might be a complicated issue where
the langpack installer must keep track of signatures for all possible
combinations of language packs... a quick calculation gives me more than 13000
possible combinations of language packs. Every langpack installer would need to
include signatures for all of those combinations which include the installed
language. Doable, but complicated.

In my opinion there are some real problems with approach 1 and 2:

Approach 1 relies on the fact that Gatekeeper will not check an app after it
has been checked the first time, so if we add content to the app bundle after
it has been verified the first time Gatekeeper doesn't care, but this sounds
more like a bug in Gatekeeper. If Gatekeeper should provide any level of
security it should detect modifications in a bundle after it has been checked
the first time (what if some malware did the modification?).
Indeed when checking the app with codesign after adding a language pack (in
this case the Swedish language pack) reveals that it's in fact not valid
$ codesign -v -v /Applications/LibreOffice.app
/Applications/LibreOffice.app: a sealed resource is missing or invalid
file added:
file added:

Approach 2 puts data in directories that are not apparent to the user. If the
user wants to uninstall LibreOffice the most obvious thing to do is to delete
the app, but that leaves unreferenced data behind in /Library, wasting disk
space. An application should be self-contained and not rely on data outside the
app bundle.

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20160208/7a313bb0/attachment.html>

More information about the LibreOffice mailing list