#!/usr/bin/perl
#
# postinstall perl script
#
# - set "nvda_drv" NVRAM variable to "1"
#
use strict;
sub IsWebDriverLoaded;
sub IsSIPDisabled;
sub IsWebDriverRejected;
my $cmd;
if (!IsSIPDisabled() and !IsWebDriverLoaded())
{
my $USER = $ENV{USER};
# give the user a chance to open the Security prefPane
# and click Allow.
my $retryCount = 0;
my $rejected = 1;
while ($retryCount < 6)
{
# force the web driver kext approval panel to appear
# and check if it's loadable ("allowed") or not.
if (IsWebDriverRejected())
{
sleep 5;
$retryCount++;
next;
}
else
{
$rejected = 0;
last;
}
}
# the alert message unfortunately shows up right on top
# of the "allow NVIDIA" OS alert panel.
while ($rejected)
{
# if rejected, open System Preferences to let the user "allow"
# the web driver kexts to load.
$cmd = "su $USER -c \"osascript -e 'tell app \\\"System Preferences\\\" to reveal anchor \\\"General\\\" of pane id \\\"com.apple.preference.security\\\"' -e 'tell app \\\"System Preferences\\\" to activate'\"";
system($cmd);
## check if SIP is not disabled and the web driver is not loaded
$cmd = "su $USER -c \"osascript -e 'display alert \\\"You may need to open the Security & Privacy Preferences and allow macOS to use this driver.\\\" as critical message \\\"Open the Security & Privacy preference panel, click the Allow button in the General tab, then click the Continue button in this window.\\\" buttons {\\\"Cancel\\\", \\\"Continue\\\"} default button \\\"Continue\\\" cancel button \\\"Cancel\\\"'\"";
my $r = system($cmd);
$r >>= 8;
if ($r != 0)
{
# cancelled. select the stock driver.
$cmd = "nvram -d nvda_drv";
system("$cmd");
# and clean up the web driver and prefPane pieces.
$cmd = "rm -rf /Library/Extensions/NVDA*Web* /Library/Extensions/GeForce*Web* /System/Library/Extensions/GeForce*Web* /Library/LaunchDaemons/com.nvidia.nvroothelper.plist /Library/LaunchAgents/com.nvidia.nvagent.plist '/Library/PreferencePanes/NVIDIA Driver Manager.prefPane'";
system("$cmd");
exit 1;
}
$rejected = IsWebDriverRejected();
}
}
# select the web driver
$cmd = "nvram nvda_drv=1";
system("$cmd");
# done
## check if the web driver is rejected
sub IsWebDriverRejected()
{
my $StartupWeb = "/Library/Extensions/NVDAStartupWeb.kext";
sleep 1;
my $cmd = "kextutil -tn $StartupWeb";
my $r = system($cmd);
$r >>= 8;
return ($r == 27);
}
## detect if the web driver is loaded
sub IsWebDriverLoaded()
{
## check if NVDAResmanWeb kext is loaded or not
my $cmd = "/usr/sbin/kextstat | egrep 'NVDAResman.*Web'";
my $r = system($cmd);
$r >>= 8;
return ($r == 0);
}
## detect SIP (kext signing) is disabled or not
sub IsSIPDisabled()
{
## check if SIP is competely disabled or at least Kext Signing is disabled
my $cmd = "/usr/bin/csrutil status | /usr/bin/egrep 'System Integrity Protection status: disabled|Kext Signing: disabled'";
my $r = system($cmd);
$r >>= 8;
return ($r == 0);
}