What is the best practice for running the UI? Should I use the as user option or the as admin option?
One issue I just had and debugged manually with the as user option is that updating the appupdater.gpg keyring failed silently because the keyring file had been created/updated earlier by the administrator account. The user version, when trying to add my repo’s gpg key -- and when I tried to add my repo’s key manually --, downloaded my apps.xml but silently ignored it, making me wonder for a long while why it never listed my apps in appupdater’s GUI nor even tried to download versions.xml.
So, what is the point of running the UI as User? Why does it not automatically upgrade actions which require administrator mode to administrator mode like how Windows forms will have the little UAC icon and UAC you when you click on them?
Generally you should use the admin option, this avoids a bunch of UAC prompts. The "run as user" option exists because that is technically the least privilege that you need to run Appupdater. The only reason that it needs administrator privileges is if the installer triggered by an update also needs it. Not all installers require admin so depending on what you want to update, "run as user" will work. "Run as user" mode should raise a UAC prompt when an installer runs that requires admin to provide the same functionality as admin mode. What it really comes down to is do you want to grant Appupdater blanket admin at the start, maybe so you can walk away, or do you want more security and explicitly grant each installer admin that needs it?
I was not aware of the gpg keyring permission issue. That might be something GPG does automatically, limit access to the original user. If you file a bug I can try to track it down further. Also it may be related to ID 3291020:
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.