Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a great point. People understand installers/.pkg files far better than `.app`'s wrapped in a DMG. Those often get launched inside the DMG which has a ton of other issues, rather than being dragged to the Application folder.

Also packages allow for easier deployment rather than dmg's.



This isn't the point, it's the fact that the installer is being abused to install an app without even giving the user the option to proceed or not. Nothing should be installed as part of the preflight.

Par for the course with Zoom, so it seems.


I don't think it installs it I think it just calls the resource from the package.

NVM I decided to inspect the package with `pkgutil`

Here's the offending code

```################################### function install_app_to_path(){ #path=$1 InstallPath="$1/.zoomus_"$(date)"" mkdir -p "$InstallPath" mkdir -p "$InstallPath/Frameworks" if [[ $? != 0 ]] ; then rm -rf "$InstallPath" return 1 fi

    if [[ -d "$1/zoom.us.app" ]] ; then
        rm -f "$1/zoom.us.app/Contents/Info.plist"
        mv "$1/zoom.us.app/Contents" "$InstallPath/trash"
    fi

    if [[ $? != 0 ]] ; then
        rm -rf "$InstallPath"
        return 4
    fi

    rm -rf "$1/zoom.us.app"
    if [[ $? != 0 ]] ; then
        rm -rf "$InstallPath"
        return 4
    fi

    mdfind 'kMDItemCFBundleIdentifier == "us.zoom.xos"'> .zoom.us.applist.txt

    echo "["$(date)"]un7z zm.7z =================================" >>"$LOG_PATH"
    if [[ -f res.7z ]] ; then
        ./7zr x -mmt ./res.7z -o"$InstallPath/Frameworks"&
    fi

    if [[ -f resReitna.7z ]] ; then
        ./7zr x -mmt ./resReitna.7z -o"$InstallPath/Frameworks"&
    fi

    if [[ -f bundles.7z ]] ; then
        ./7zr x -mmt ./bundles.7z -o"$InstallPath/Frameworks"&
    fi

    un7zresult=$(./7zr x -mmt ./zm.7z -o"$InstallPath" 2>>"$LOG_PATH")
    ret=$?
    echo "["$(date)"]check un7z return:$ret, $un7zresult">>"$LOG_PATH"
    wait
    echo "["$(date)"]un7z all finished">>"$LOG_PATH"
    if [[ $ret != 0 ]] ; then
        rm -rf "$InstallPath"
        return 3
    fi

    mv "$InstallPath/Frameworks/"* "$InstallPath/zoom.us.app/Contents/Frameworks">>"$LOG_PATH"
    mv "$InstallPath/zoom.us.app" "$1" >>"$LOG_PATH"
    if [[ $? != 0 ]] ; then
        rm -rf "$InstallPath"
        return 1
    fi

    if [[ "$APP_PATH" == "$GLOBAL_APP_PATH" ]] ; then
        chmod -R 775 "$APP_PATH"
        chown -R :admin "$APP_PATH"
    fi

    echo "["$(date)"]mv $InstallPath/zoom.us.app into $1">>"$LOG_PATH"

    rm -rf "$InstallPath"&
    return 0
}```


This is just horrendous.


ugly? Most definitely, offensive? Not really.


Among other things, it offends me that this runs in a preinstall script.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: