Post

Replies

Boosts

Views

Activity

How do you get group/user info from file ACLs?
Documentation is sparse on this and it doesn't help that Apple's version differs from POSIX. I know to specify ACL_TYPE_EXTENDED for acl_get_file() and know how to cycle through entries. From what I can tell, the tag is either ALLOW or DENY and you can check the permset for which actions the tag applies to. I can't figure out how get the group or user the entry applies to. The only way I've been able to get this info is by using acl_to_text and scraping that output. Anyone know how to do this using the acl APIs?
5
0
203
Oct ’24
LoginItem not launching on Ventura
Older thread on this topic: https://developer.apple.com/forums/thread/133038 On Ventura, I'm getting the exit code 78 again. Using SMLoginItemEnabled set to false does not fix it nor removing it using launchctl. I've also had reports of this from users out in the field so it's not a dev machine issue. It isn't always consistent as some users have reported that the helper does launch but there are XPC issues later. It does feel as if something really broke in this subsystem. Console is not showing anything interesting though I can post an excerpt if you really want to see it.
0
0
751
Sep ’22
Problems with keychain sharing on Mac
Since the older ACL APIs are deprecated, I'm switching to using keychain sharing. I've seen this post: https://developer.apple.com/forums/thread/123824 My app has an embedded login item helper app as well as a commandline program. I need the main app and commandline program to share keychain items. My app is not sandboxed/MAS; it is Developer ID. I first tried setting up an app group. I created an app group on the dev portal, tied to the app IDs, and tied those to provisioning profiles. When the main app stores a keychain password (via SecItemAdd), it fails citing lack of entitlements. Note that I fetch the app group dynamically from the bundle's entitlements and setting the kSecUseDataProtectionKeychain flag in the query. If I switch to keychain groups, it works. Problem is that the commandline program crashes on launch. If I provide a separate entitlement file for the commandline program omitting the keychain group entry, it launches but fails to find the keychain item. Is there a way to get this all working? I'm seriously tempted to go back to the ACL code and suppress the deprecation warnings.
0
0
323
Aug ’22
Sending file parameters to a Shortcut on Monterey programmatically?
I'm trying to run Shortcuts programmatically on Monterey. My understanding is that the official API for this is via AppleScript to the Shortcuts Events process. I created a Shortcut that does Quicklook on the passed in file parameter. It works as a Finder action but I can't figure out how to get it to work when running it via AppleScript or Scripting Bridge. If I send a file, alias or POSIX file, I get a generic Shortcuts error 4. If I send a path as a string, it just does a preview of the string passed in, and not the contents of the file the path references. Anyone have any insight on how to get this working?
0
0
850
Sep ’21
Is stapling a notarization ticket to a DMG sufficient or do I need to staple to the app within as well?
I'm receiving conflicting info on this. My impression from the docs was that only the DMG would need to be stapled. In a DTS interaction concerning other issues with notarization, the DTS engineer pointed out that my app wasn't stapled and that I should staple that as well. Problem is that when I staple the app, I need to re-create the DMG package. After doing that, when trying to staple the DMG as well it fails with error 65. My guess is that it fails because the signature changed by stapling the app which leads to a bit of a catch-22 situation. Do I really need to staple the app contents and if so, what is the correct procedure for re-packaging and stapling the outer DMG?
5
0
1.1k
Jan ’21
NSWindowRestoration?
I've been playing with NSWindowRestoration. I have it set on my app's main window and it seems to be restoring (the methods are called). The problem is that the only thing it's restoring is the window's frame. It was my impression that views would also save/restore state, like NSSplitView and NSOutlineView. I know both of those classes have their own autosave mechanism but I thought those were superceded by NSWindowRestoration. If I need to implement encoding state for standard Appkit classses, it seems like I might as well go back to the old mechanisms and where I set autosavenames. Not seeing much of a point of using NSWindowRestoration. What am I missing here?
0
0
398
Sep ’20
Issues with using XPC login item and Notification Center
Some context: https://developer.apple.com/forums/thread/129855 Because, for some reason, my helper app bundle has to have a horrible name of my team ID plus a reverse FQDN, in Notification Center, any notification my helper sends comes from this unwieldy and scary looking process name. I have CFBundleDisplayName set to something more user friendly and oddly, that is what gets used in, say, Activity Monitor, among other places. Is there any way to have my notifications come from a more user friendly process name? I would think it would use CFBundleDisplayName or use the containing app bundle's name, as it does for privacy settings. I feel like if it's not possible then I'll have to add a non-XPC helper process that I'll use just to post user notifications which seems to make my whole effort to follow the security guidelines pointless.
2
0
662
Sep ’20
Any ways to speed up codesign?
I've been noticing that code sign phases seem to take an inordinate amount of time, like on a scale of 3-8 seconds. This adds up when you have multiple binaries involved and are doing incremental builds. Note that this is for debug builds with the --timestamp=none flag set. I've tried turning on verbosity but nothing interesting gets output. Any thoughts on what may be causing this and if there are ways to speed this up? I'm running Xcode 12 beta 5.
1
0
976
Aug ’20
LoginItem sporadically not launching, not debuggable
As per a previous thread which for some reason is not coming up in search, I have an app with a helper app embedded within as a login item. It is registered via SMLoginItemSetEnabled. XPC is used to communicate with it.This was working fine before but recently I'm finding one of the following happening:- The helper app does not launch. launchctl will list an entry for it with an exit code of 78.- The helper app will launch, but when I have Xcode set to attach on launch, it won't attach and any XPC communication doesn't seem to do anything.- The helper app will launch and I can attach with Xcode, but it doesn't seem to stop at any breakpoints. This indicates that some shadow version of the process is running.- I launch the helper app in Xcode but the app will not communicate with it.Also, even when the helper is running and launchctl show things are hunky dory, before, if I killed the process, launchctl would immediately launch it again and I would have to remove it to stop it entirely. Now, it will not relaunch.This has made it near impossible for me to debug anything in the helper for the past couple of days. Any insight or additional tools I can use to diagnose this would be greatly appreciated.Thanks.
4
0
1.8k
May ’20
NSToolbarDelegate method called only in certain case
I have a specific NSToolbarItem subclass. There need to be multiple instances in a toolbar. I overrode -allowsDuplicatesInToolbar though that never gets called. So, to ensure that I get separate instances, I implemented -toolbar:itemForItemIdentifier:willBeInsertedIntoToolbar: to create a new instance every time.The odd thing is that it only gets called for this specific subclass. I can't figure out why it doesn't get called for the other toolbar items. They are all created and loaded from a xib. Now, in this particular case, I only care about this one particular subclass so it works for my current purposes but this seems a bit fragile and I'd like to know the logic here.
0
0
485
Mar ’20
Issues with XPC as general IPC
I've found little documentation about this situation as it mostly is focused on XPC in terms of XPC services. My situation is that I have an app, a helper app and a commandline program. The last two reside with in the first app's bundle.The helper app is not handled by launchd, though may be started as a login item. There are various reasons for this, including the fact that it needs to present UI as well as unique lifecycle/scheduling requirements.I have been using DO to communicate from the app and commmandline program to the helper. I've been told I could use XPC for this and have done the conversion. The helper has a listener on a mach service name. I am using NS API's, btw, not the xpc_* ones.There are some problems though:- It only seems to work if all processes are run or attached from Xcode.- If any of the end points are run outside of Xcode, any connections are immediately invalidated with no other errors or logs presented.Based on other articles which touch on this, I'm still not clear if this is a supported configuration and if it isn't, it would be nice to have a definitive answer. Note that all processes are part of the same app bundle. Also, if it isn't supported, it's a bit confusing that it would work within Xcode.Thanks.
4
0
1.2k
Mar ’20