AnsweredAssumed Answered

Popup & OS X 10.11 El Capitan

Question asked by VDE Reg Georgia State University on Oct 7, 2015
Latest reply on Oct 15, 2015 by Damon Lynch

Hello everyone,


By now several of you have probably noticed that the current version of the Popup (which is 9.0.5 at least as of this writing) does not successfully install on OS X 10.11 El Capitan.  Looking around a bit, I saw this article on Clemson University's web site:  ERROR: Paw Prints Fails to Install on Mac OS X 10.11 (El Capitan)


As Clemson notes, the problem is with the installation of the Popup on OS X 10.11.  It appears that the software otherwise works if it is installed before upgrading to OS X 10.11.  This prompted me to do a little looking around:


The Pharos Popup is distributed in an Apple package, and you can extract its contents to an artificial root directory to see exactly what it installs.  For example:


# Create a package root into which we'll expand the package's payload:

mkdir /tmp/pkg-root

# Expand the Popup package:

pkgutil --expand Popup.pkg /tmp/popup-expanded

# Move the package's payload into the package root:

mv /tmp/popup-expanded/popupclient.pkg/Payload /tmp/pkg-root/payload.pax.gz

# Expand the payload:

cd /tmp/pkg-root

gunzip payload.pax.gz

sudo pax -r -p e -f payload.pax

sudo rm payload.pax


Now you have the expanded contents of the package for your inspection.  Right away, it's obvious why the installation fails on OS X 10.11:  Among other things, a file called pharos.convs is written to /usr/share/cups/mime.  In OS X 10.11, System Integrity Protection prevents non-Apple software from writing to /usr, with a few exceptions (like /usr/local and /usr/libexec/cups).  It appears that nothing in /usr/share is marked as writable by any actor besides Apple software.  More information about System Integrity Protection is available online:  Apple has a PDF guide and in its Developer documentation.


I should note that, even though /usr/libexec/cups is not listed as writable in the Apple documentation, it actually is writable.  Inspect the rootless.conf file in /System/Library/Sandbox to see for yourself:

cat /System/Library/Sandbox/rootless.conf | grep usr


* /usr/libexec/cups

* /usr/local

* /usr/share/man

The file's syntax indicates that /usr is protected, but that /usr/libexec/cups, /usr/local, and /usr/share/man (and their contents) are not protected by SIP.  Notice that /usr/share/cups is not whitelisted.


Therefore, whenever you try to install the Popup in OS X 10.11, the Installer reports a failure:  /usr/share/cups/mime/pharos.convs couldn't be written.  It looks like the pharos.convs file implements a CUPS command to call the abort_popup filter.  Per current CUPS documentation, it looks like the current guidance is to implement custom filters (including cupsCommand filters) in the PPD directly.  I realize that involves more work.  Inspection of the abort_popup filter reveals it's a shell script responsible for canceling jobs sent through the popup:// device URI.  Perhaps this canceling functionality would be better implemented in the backend itself instead of in a dummy filter.  I've written CUPS filters and backends that performed similar tasks in the past, but I don't have the complete picture as Pharos does.


While we're talking about the Apple package for the Pharos Popup, I should note that the package version is set to 0 (zero) instead of 9.0.5.  Again, check this yourself by running the following command on a system that has the current Popup installed:

pkgutil --pkg-info com.pharos.pkg.popup | grep version

version: 0


Not to sound too picky, but this should be fixed by Pharos in its next build of the package.  It's very easy to fix, too.  When building the package with pkgbuild, specify the package version with the --version argument.


--Gerrit DeWitt

Mac Engineering

Georgia State University