Go to content Go to navigation

ZetaWatch for Developers · 2019-05-05 17:37 by Black in

ZFS Interaction

ZetaWatch communicates with zfs using libzfs.dylib, libzfs_core.dylib ,
libzpool.dylib and libnvpair.dylib, just like the command line tools do. This gives
it all the flexibility of the command line tools, at the cost of having to reimplement
functionality that is found in the tools and not the library. And since the libraries are
explicitly not meant to provide a stable ABI, ZetaWatch is also closely coupled to the
ZFS version it is built and written for.

All the ZFS interaction is wrapped in the ZFSWrapper library. This C++ library isolates
the issues mentioned above and provides a more convenient and safe API than the original
C interface does. The library is used both by the helper tool and the frontend app. This
is the most reusable part of ZetaWatch, and might be split out as separate project later.

ZFSUtils
contains most of the advanced functionality, such as C++ Wrappers around the
library, pool, vdev or file system handles. Those classes also have functionality to query
state and iterate over members.
ZFSNVList
provides a wrapper around the nvpair_t / nvlist_t data structure that
is used in ZFS for a lot of userland / kernel communication. It manages resources in both
owning and non-owning fashion, and allows for easier iteration over sequences.
ZFSStrings
translate ZFS status enums into the user facing emoji or string
description, optionally with localization. (Localization is not well tested or supported
at the moment.)

Helper Tool

The implementation of the helper tool follows apple’s EvenBetterAuthorizationSample

The helper tool communicates with the user application via AuthorizationService and
NSXPCConnection. The application side of code for this is in ZetaAuthorization.m. The
RPC protocol can be found in ZetaAuthorizationHelperProtocol.h, and is implemented in
ZetaAuthorizationHelper.mm. The CommonAuthorization.m file contains the supported
commands and associated default permissions.

The helper tool can be uninstalled with the `uninstall-helper.sh` script. This is useful
for debugging the installation of the helper, or updating the helper without increasing
the bundle version.

Security & Code Signing

Official release builds are signed and notarized, and should run without issues even on
newer Mac OS X. But there are still issues with authentication reported with the program
not being recognized as signed. To verify security manually, the following commands can
be used:

codesign -v -v -d ZetaWatch.app
xcrun stapler validate -v ZetaWatch.app

Building ZetaWatch requires an apple developer account with DeveloperID signing
capabilities, since it uses SMJobBless to run a helper service as root. This service
executes actions on behalf of the user, such as mounting, unmounting or loading a key.
Notarization is required to create binaries that can be run without without warning on
the newest Mac OS X.

  Textile help