Update keystone_install.sh for 10.8, avoiding cfprefsd when reading from Info.plist files

chrome/installer/mac/keystone_install.sh

 #!/bin/bash -p
 
 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # usage: keystone_install.sh update_dmg_mount_point
 #
 # Called by the Keystone system to update the installed application with a new
 # version from a disk image.
@@ skipping 370 matching lines @@
 
 # Returns 0 (true) if ksadmin supports --version-path and --version-key.
 ksadmin_supports_versionpath_versionkey() {
   # --version-path and --version-key were introduced in Keystone 1.0.9.2318.
   is_ksadmin_version_ge 1.0.9.2318
 
   # The return value of is_ksadmin_version_ge is used as this function's
   # return value.
 }
 
+# Runs "defaults read" to obtain the value of a key in a property list. As
+# with "defaults read", an absolute path to a plist is supplied, without the
+# ".plist" extension.
+#
+# As of Mac OS X 10.8, defaults (and NSUserDefaults and CFPreferences)
+# normally communicates with cfprefsd to read and write plists. Changes to a
+# plist file aren't necessarily reflected immediately via this API family when
+# not made through this API family, because cfprefsd may return cached data
+# from a former on-disk version of a plist file instead of reading the current
+# version from disk. The old behavior can be restored by setting the
+# __CFPREFERENCES_AVOID_DAEMON environment variable, although extreme care
+# should be used because portions of the system that use this API family
+# normally and thus use cfprefsd and its cache will become unsynchronized with
+# the on-disk state.
+#
+# This function is provided to set __CFPREFERENCES_AVOID_DAEMON when calling
+# "defaults read" and thus avoid cfprefsd and its on-disk cache, and is
+# intended only to be used to read values from Info.plist files, which are not
+# preferences. The use of "defaults" for this purpose has always been
+# questionable, but there's no better option to interact with plists from
+# shell scripts. Definitely don't use infoplist_read to read preference
+# plists.
+#
+# This function exists because the update process delivers new copies of
+# Info.plist files to the disk behind cfprefsd's back, and if cfprefsd becomes
+# aware of the original version of the file for any reason (such as this
+# script reading values from it via "defaults read"), the new version of the
+# file will not be immediately effective or visible via cfprefsd after the
+# update is applied.
+infoplist_read() {
+  __CFPREFERENCES_AVOID_DAEMON=1 defaults read "${@}"
+}
+
 usage() {
   echo "usage: ${ME} update_dmg_mount_point" >& 2
 }
 
 main() {
   local update_dmg_mount_point="${1}"
 
   # Early steps are critical.  Don't continue past any failure.
   set -e
 
@@ skipping 130 matching lines @@
         err "update_app must be a directory"
         exit 2
       fi
     fi
 
     # Get some information about the update.
     note "reading update values"
 
     local update_app_plist="${update_app}/${APP_PLIST}"
     note "update_app_plist = ${update_app_plist}"
-    if ! update_version_app="$(defaults read "${update_app_plist}" \
-                                             "${APP_VERSION_KEY}")" ||
+    if ! update_version_app="$(infoplist_read "${update_app_plist}" \
+                                              "${APP_VERSION_KEY}")" ||
        [[ -z "${update_version_app}" ]]; then
       err "couldn't determine update_version_app"
       exit 2
     fi
     note "update_version_app = ${update_version_app}"
 
     local update_ks_plist="${update_app_plist}"
     note "update_ks_plist = ${update_ks_plist}"
-    if ! update_version_ks="$(defaults read "${update_ks_plist}" \
-                                            "${KS_VERSION_KEY}")" ||
+    if ! update_version_ks="$(infoplist_read "${update_ks_plist}" \
+                                             "${KS_VERSION_KEY}")" ||
        [[ -z "${update_version_ks}" ]]; then
       err "couldn't determine update_version_ks"
       exit 2
     fi
     note "update_version_ks = ${update_version_ks}"
 
-    if ! product_id="$(defaults read "${update_ks_plist}" \
-                                     "${KS_PRODUCT_KEY}")" ||
+    if ! product_id="$(infoplist_read "${update_ks_plist}" \
+                                      "${KS_PRODUCT_KEY}")" ||
        [[ -z "${product_id}" ]]; then
       err "couldn't determine product_id"
       exit 2
     fi
     note "product_id = ${product_id}"
   else  # [[ -n "${is_patch}" ]]
     # Get some information about the update.
     note "reading update values"
 
     if ! update_version_app_old=$(<"${patch_dir}/old_app_version") ||
@@ skipping 114 matching lines @@
   # versioned directory.  This will be used later, to avoid removing the
   # existing installed version's versioned directory in case anything is still
   # using it.
   note "reading install values"
 
   local installed_app_plist="${installed_app}/${APP_PLIST}"
   note "installed_app_plist = ${installed_app_plist}"
   local installed_app_plist_path="${installed_app_plist}.plist"
   note "installed_app_plist_path = ${installed_app_plist_path}"
   local old_version_app
-  old_version_app="$(defaults read "${installed_app_plist}" \
-                                   "${APP_VERSION_KEY}" || true)"
+  old_version_app="$(infoplist_read "${installed_app_plist}" \
+                                    "${APP_VERSION_KEY}" || true)"
   note "old_version_app = ${old_version_app}"
 
   # old_version_app is not required, because it won't be present in skeleton
   # bootstrap installations, which just have an empty .app directory.  Only
   # require it when doing a patch update, and use it to validate that the
   # patch applies to the old installed version.  By definition, skeleton
   # bootstraps can't be installed with patch updates.  They require the full
   # application on the disk image.
   if [[ -n "${is_patch}" ]]; then
     if [[ -z "${old_version_app}" ]]; then
@@ skipping 14 matching lines @@
   if [[ -n "${old_version_app}" ]]; then
     old_versioned_dir="${installed_versions_dir}/${old_version_app}"
   fi
   note "old_versioned_dir = ${old_versioned_dir}"
 
   # Collect the installed application's brand code, it will be used later.  It
   # is not an error for the installed application to not have a brand code.
   local old_ks_plist="${installed_app_plist}"
   note "old_ks_plist = ${old_ks_plist}"
   local old_brand
-  old_brand="$(defaults read "${old_ks_plist}" \
-                             "${KS_BRAND_KEY}" 2> /dev/null ||
+  old_brand="$(infoplist_read "${old_ks_plist}" \
+                              "${KS_BRAND_KEY}" 2> /dev/null ||
                true)"
   note "old_brand = ${old_brand}"
 
   ensure_writable_symlinks_recursive "${installed_app}"
 
   # By copying to ${installed_app}, the existing application name will be
   # preserved, if the user has renamed the application on disk.  Respecting
   # the user's changes is friendly.
 
   # Make sure that ${installed_versions_dir} exists, so that it can receive
@@ skipping 173 matching lines @@
   # is not considered a critical step, and if it fails, this script will not
   # exit.
   if [[ -n "${needs_touch}" ]]; then
     touch -cf "${installed_app}" || true
   fi
 
   # Read the new values, such as the version.
   note "reading new values"
 
   local new_version_app
-  if ! new_version_app="$(defaults read "${installed_app_plist}" \
-                                        "${APP_VERSION_KEY}")" ||
+  if ! new_version_app="$(infoplist_read "${installed_app_plist}" \
+                                         "${APP_VERSION_KEY}")" ||
      [[ -z "${new_version_app}" ]]; then
     err "couldn't determine new_version_app"
     exit 9
   fi
   note "new_version_app = ${new_version_app}"
 
   local new_versioned_dir="${installed_versions_dir}/${new_version_app}"
   note "new_versioned_dir = ${new_versioned_dir}"
 
   local new_ks_plist="${installed_app_plist}"
   note "new_ks_plist = ${new_ks_plist}"
 
   local new_version_ks
-  if ! new_version_ks="$(defaults read "${new_ks_plist}" \
-                                       "${KS_VERSION_KEY}")" ||
+  if ! new_version_ks="$(infoplist_read "${new_ks_plist}" \
+                                        "${KS_VERSION_KEY}")" ||
      [[ -z "${new_version_ks}" ]]; then
     err "couldn't determine new_version_ks"
     exit 9
   fi
   note "new_version_ks = ${new_version_ks}"
 
   local update_url
-  if ! update_url="$(defaults read "${new_ks_plist}" "${KS_URL_KEY}")" ||
+  if ! update_url="$(infoplist_read "${new_ks_plist}" "${KS_URL_KEY}")" ||
      [[ -z "${update_url}" ]]; then
     err "couldn't determine update_url"
     exit 9
   fi
   note "update_url = ${update_url}"
 
   # The channel ID is optional.  Suppress stderr to prevent Keystone from
   # seeing possible error output.
   local channel
-  channel="$(defaults read "${new_ks_plist}" "${KS_CHANNEL_KEY}" 2> /dev/null ||
-             true)"
+  channel="$(infoplist_read "${new_ks_plist}" \
+                            "${KS_CHANNEL_KEY}" 2> /dev/null || true)"
   note "channel = ${channel}"
 
   # Make sure that the update was successful by comparing the version found in
   # the update with the version now on disk.
   if [[ "${new_version_ks}" != "${update_version_ks}" ]]; then
     err "new_version_ks and update_version_ks do not match"
     exit 10
   fi
 
   # Notify LaunchServices.  This is not considered a critical step, and
@@ skipping 312 matching lines @@
   # Chrome, because the updater runs as root when on a system ticket, and root
   # can't access individual user Keychains.
   #
   # Even if the reauthorization tool is launched, it doesn't necessarily try
   # to do anything. It will only attempt to perform a reauthorization if one
   # hasn't yet been done at update time.
   note "maybe reauthorizing Keychain"
 
   if [[ -z "${system_ticket}" ]]; then
     local new_bundleid_app
-    new_bundleid_app="$(defaults read "${installed_app_plist}" \
-                                      "${APP_BUNDLEID_KEY}" || true)"
+    new_bundleid_app="$(infoplist_read "${installed_app_plist}" \
+                                       "${APP_BUNDLEID_KEY}" || true)"
     note "new_bundleid_app = ${new_bundleid_app}"
 
     local keychain_reauthorize_dir="\
 ${update_dmg_mount_point}/${KEYCHAIN_REAUTHORIZE_DIR}"
     local keychain_reauthorize_path="\
 ${keychain_reauthorize_dir}/${new_bundleid_app}"
     note "keychain_reauthorize_path = ${keychain_reauthorize_path}"
 
     if [[ -x "${keychain_reauthorize_path}" ]]; then
       local framework_dir="${new_versioned_dir}/${FRAMEWORK_DIR}"
@@ skipping 19 matching lines @@
 
 # Check "less than" instead of "not equal to" in case Keystone ever changes to
 # pass more arguments.
 if [[ ${#} -lt 1 ]]; then
   usage
   exit 2
 fi
 
 main "${@}"
 exit ${?}