[Interest] Qt 5 and Mac App Store

Fri Oct 19 15:33:19 CEST 2012

I looked into Security Scoped URLs when I was trying to a Qt app in the MAS a few months back (which is why I brought it up).

These APIs (or rather the ones relevant to sandboxing - file URLs have been around on OSX for years) were only added in the very last version of OSX Lion (10.7.3 if I remember correctly) which was no good to us as we needed Snow Leopard support. It was a showstopper and the project was scrapped. It's also the reason why apps like SourceTree were pulled from the store.

But if there are APIs to work around the sandbox, what's to stop any malicious app from just using them instead? I don't get it.

We don't need a QRecentFile class. It's not just recent files, that's just an example. What we need is for QFile and handle this automatically; if a user selects a file path through powerbox, it needs to managed a scoped URL for it so that the operation is transparent. Yes you can include .m files in your project's mac port and do it all yourself but it's stupid amount to work just to get the same stuff working again.

-----Original Message-----
From: interest-bounces+daniel.price=fxhome.com at qt-project.org [mailto:interest-bounces+daniel.price=fxhome.com at qt-project.org] On Behalf Of Till Oliver Knoll
Sent: 19 October 2012 10:55
To: Qt Interest
Subject: Re: [Interest] Qt 5 and Mac App Store

2012/10/19 Daniel Price <daniel.price at fxhome.com>:
> What's the solution to the file-link issue in Qt? Sandboxing prevents an app from reading or writing to any file other than those chosen specifically by a user via powerbox (the native dialogs). So if you app has a 'recent file' list or some other way to access files programmatically, it won't work.

The magic keyword here is: Security Scoped URLs

https://developer.apple.com/library/mac/#documentation/Cocoa/Reference/Foundation/Classes/NSURL_Class/Reference/Reference.html

"In an OS X app that adopts App Sandbox, to gain persistent access to a file-system resource you must use a security-scoped bookmark. Such a bookmark preserves, across app launches, a user's intent to give your app access to a resource. For details on how this works, including information on the entitlements you need in your Xcode project, read "Security-Scoped Bookmarks and Persistent Resource Access" in App Sandbox Design Guide."

So each time the user opens a file via file dialog and you want to add it to the "Recent Files" menu, you also request that the given (file) URL be "security scoped", with the corresponding native Apple APIs. I am not familiar with that API yet, but shouldn't be a big deal.

As of Qt 4.8.x Qt itself doesn't provide a QRecentFile (or similar) class/functionality, so if you want to implement such a functionality yourself (which is easy) you should also make calls to the underlying "native" API (linking Objective-C++ *.mm files with your existing
C++/Qt files works like a charm - qmake provides the necessary
infrastructure, too!).

So does Qt 5 provide a "Recent Files" class? If so, it would off course be nice if "security scoped URLs" were part of that game. If not, then it's a "non-Qt issue".

Thanks for wrapping up the "Qt App Store state" - and off course making it possible bringing Qt applications into the App Store :)

Cheers, Oliver
_______________________________________________
Interest mailing list
Interest at qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

This email is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. Errors and Omissions Excluded. If you are not the intended recipient please notify the sender. Please delete the message from all places in your computer where it is stored. You should not copy the email or use it for any purpose or disclose its contents to any other person. To do so may be unlawful. Email is an informal means of communicating and may be subject to data corruption accidentally or deliberately. For this reason it is inappropriate to rely on advice contained in an email without obtaining written confirmation of it first.

FXhome Limited is a limited company registered in England and Wales. Registered number: 04172812. Registered office: Suite 4 St Giles House, 27 St Giles Street, Norwich, Norfolk, NR2 1JN, U.K.