我有一个执行此操作的 shell 脚本:
#!/bin/bash
ls -la "$HOME/Pictures/Photos Library.photoslibrary"
当我在 shell 中运行这个脚本时,它工作正常。如果我定义了一个执行此脚本的 LaunchAgent(在 下$HOME/Library/LaunchAgents),我会收到以下错误消息:
ls: Photos Library.photoslibrary: Operation not permitted
我真正的脚本是调用 HashBackup ( hb),这会在所有“受保护”文件夹(图片、地址簿等)上导致相同类型的错误。但我能够用一个简单的ls.
我该怎么做才能解决这个问题?
这是在 macOS 10.14.6 上。
谢谢
感谢 Gordon 的评论,我能够按照这些步骤解决我的问题。实际上对我有用的步骤是这些。
为了获得更完整的解决方案,这里有一个基于 CMake 的小型解决方案:
main.cpp#include <iostream>
int main()
{
std::cout << "Wrapper app which is authorized for full disk access so that the shell script can run with the same permission" << std::endl;
return 0;
}
backup_argon.sh#!/bin/bash
# this is just a test... it should invoke hb instead
ls -la "$HOME/Pictures/Photos Library.photoslibrary"
Info.plist.in<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>${MACOSX_BUNDLE_EXECUTABLE_NAME}</string>
<key>CFBundleIconFile</key>
<string>${MACOSX_BUNDLE_ICON_FILE}</string>
<key>CFBundleIdentifier</key>
<string>${MACOSX_BUNDLE_GUI_IDENTIFIER}</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${MACOSX_BUNDLE_BUNDLE_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>${MACOSX_BUNDLE_SHORT_VERSION_STRING}</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>${MACOSX_BUNDLE_BUNDLE_VERSION}</string>
<key>CSResourcesFileMapped</key>
<true/>
<key>NSHumanReadableCopyright</key>
<string>${MACOSX_BUNDLE_COPYRIGHT}</string>
<key>LSUIElement</key>
<true/>
</dict>
</plist>
CMakeLists.txtcmake_minimum_required(VERSION 3.19)
set(VERSION 1.0.0)
project(HashBackupLaunchAgent VERSION "${VERSION}")
set(CMAKE_CXX_STANDARD 17)
set(MACOSX_BUNDLE_BUNDLE_NAME "HashBackupLaunchAgent")
set(MACOSX_BUNDLE_GUI_IDENTIFIER "com.pongasoft.HashBackupLaunchAgent")
set(MACOSX_BUNDLE_SHORT_VERSION_STRING "${VERSION}")
set(MACOSX_BUNDLE_BUNDLE_VERSION "${VERSION}")
set(MACOSX_BUNDLE_COPYRIGHT "2021 pongasoft")
add_executable(HashBackupLaunchAgent MACOSX_BUNDLE main.cpp backup_argon.sh)
set_target_properties(HashBackupLaunchAgent PROPERTIES MACOSX_BUNDLE_INFO_PLIST "${CMAKE_CURRENT_LIST_DIR}/Info.plist.in")
set_source_files_properties(backup_argon.sh PROPERTIES MACOSX_PACKAGE_LOCATION MacOS)
编译这个项目将产生一个应用程序(HashBackupLaunchAgent.app),我在下面复制了它/Applications。
然后我Full Disk Access授予了这个应用程序的权限System Preferences/Security & Privacy/ Privacy
然后我有一个具有以下定义的 LaunchAgent:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ypujante.hashbackup.argon.plist</string>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/bin:/usr/bin:/usr/local/bin</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Applications/HashBackupLaunchAgent.app/Contents/MacOS/backup_argon.sh</string>
</array>
<key>StandardOutPath</key>
<string>/Users/ypujante/Library/Logs/HashBackup/argon.log</string>
<key>StandardErrorPath</key>
<string>/Users/ypujante/Library/Logs/HashBackup/argon.log</string>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>7</integer>
<key>Minute</key>
<integer>30</integer>
</dict>
</array>
</dict>
</plist>
请注意启动代理定义如何调用应用程序内部的脚本,而不是应用程序本身。它有效:脚本继承了应用程序的完整磁盘访问权限。