PS. When I use pkgutil on the installer package, it looks like the pkg is signed. I get the following results: % pkgutil --check-signature MyInstaller.pkg Package "MyInstaller.pkg": Status: signed by a developer certificate issued by Apple (Development) Certificate Chain: 1. 3rd Party Mac Developer Installer: MyCompany Expires: 2024-11-12 22:49:38 +0000 SHA256 Fingerprint: F4 86 F1 45 97 3D DB B6 E2 92 3D 04 69 CE E3 04 9F 9D B3 4E F5 62 4B 7C 0D 49 96 C2 F4 87 8F 4C ------------------------------------------------------------------------ 2. Apple Worldwide Developer Relations Certification Authority Expires: 2030-02-20 00:00:00 +0000 SHA256 Fingerprint: DC F2 18 78 C7 7F 41 98 E4 B4 61 4F 03 D6 96 D8 9C 66 C6 60 08 D4 24 4E 1B 99 16 1A AC 91 60 1F ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24

I tried this, but I could't figure out how to get the code to open an auxiliary window. I feel this would be a cleaner approach than my solution, but I couldn't figure it out.

I found a solution to programmatically opening a window, but I don't know if it the most elegant. It is also a bit complicated. (I'm sorry, but I forgot the original author on the Internet to give them credit.) (1) I changed the Window to a WindowGroup. (2) That allowed me to add the .handlesExternalEvents() modifier. The scene now looks like: struct NetworkAgentInstallScene: Scene { var body: some Scene { WindowGroup("Initial Install Agent", id: "installagentwindow") { InstallAgentView() } .defaultSize(width: 400, height: 300) .commandsRemoved() .handlesExternalEvents(matching: Set(arrayLiteral: Wnd.InstallAgentView.rawValue)) } } (3) Wnd is an enum with the InstallAgentView as one of the types. This approach gives you the opportunity to open several different window types. enum Wnd: String, CaseIterable { case InstallAgentView = "InstallAgentView" case OtherView = "OtherView" func open(){ if let url = URL(string: "MyCompanyMyApp://\(self.rawValue)") { os_log("opening \(self.rawValue)") NSWorkspace.shared.open(url) } } } (4) I had to register the MyCompanyMyApp as a URL Type in the target's Info tab (5) Then, in the Swift class, I could call open() on the enum type: Wnd.InstallAgentView.open() This allows me to open an appropriate window when my regular Swift code notices that the user needs to handle something that is controlled through the auxiliary window.

Reviewing some of my old notes and searching online, the best answer I can come up with is: (1) Disable SIP (2) Restart and run the command (with the appropriate values for teamId and bundleId): systemextensionsctl uninstall <teamId> <bundleId> (3) Reenable SIP Is this still recommended?

I think I verified Quinn's suspicions: I needed to test with clean machines. I created two VMs in UTM running Ventura 13.6.1 and Sonoma 14.1 and creates an account that was not associated with my developer account. I then tried to run the automatically signed code (i.e., no provisioning profile) that worked strangely on my iMac Pro 13.6.1 and Mac Studio 14.1, and both VMs blocked the app from running. This is what I expected. Next step: checking with provisioning profiles...

Just a brief update: my iMac Pro running Ventura 13.6.1 didn't require the app to have a provisioning profile to install an endpoint system extension. That was unexpected (to me). I created a clean sheet project making it as simple as I can. I have both the main app and the endpoint system extension built using "Automatically manage signing". I have not created any provisioning profiles for for the main app or endpoint system yet. I did a quick test with where the endpoint system extension could be run and enable Full Disk Access. Status MacBook Pro (M1 Pro, Ventura 13.6.1) where I built in - everything ran fine (not surprised) Mac Studio (M1 Max, Sonoma 14.1) - I could install the endpoint system extension but not grant Full Disk Access (not surprised) iMac Pro (Intel, Ventura 13.6.1) - I could install the endpoint system extension and enable Full Fisk Access (surprised) I was surprised I could install endpoint system extension and grant Full Disk Access on a different Mac without needing any provisioning profiles. Next, I'll build with a testing profile to see if I can get it running on the Mac Studio (Sonoma 14.1). The Mac Studio with Sonoma is where I've been having problems granting Full Disk Access lately.

I figured it out. When my endpoint system extension encountered the initial error calling es_new_client() because the program didn't have Full Disk Access, I did not exit the program (see sample code below). Once I added code to exit the program when an error was encountered, the operating system would restart the endpoint system extension 10 seconds later. The OS would keep starting the endpoint system extension every 10 seconds. Once the user did enable Full Disk Access, the next time the OS ran the endpoint system extension, es_new_client() succeeded and the program ran fine. Old (bad) code: @autoreleasepool { dispatch_sync(myQueue, ^{ setupMonitoring(); }); } dispatch_main(); In the code above, setupMonitoring(), which configures the es_client_t, returned a non-zero value if there was a problem (e.g., es_new_client() returned ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED), but I ignored that value. New (working) code: @autoreleasepool { dispatch_sync(myQueue, ^{ if (setupMonitoring() != 0) { exit(-1); } }); } dispatch_main();

I still need to write up a detailed report, but a quick interim report: I compiled and notarized the app on my iMac Pro (Intel) running Ventura, I can now enable Full Disk Access on my iMac Pro. Also, the name in the Full Disk Access section is no longer to full Bundle ID but just the last component of the Bundle ID. (Previously I had compiled and notarized the app on a Mac Book Pro (M1 Pro) running Ventura)

Note, the socket family = 30. IANA lists address family 30 as "MT IPv6: Multi-Topology IP version 6", and I've seen some material of Apple Wireless Direct Link (AWDL). I guess this is the first AWDL traffic I've noticed.

Good point. I've added some additional detail below. (I'm hoping there is a standard way of doing this, and I can just use that technique instead of my drag gesture code)

Here is a screenshot showing the output of the SwiftUI view sample code above. I can grab the dark bar/rect in the middle and drag it up and down to adjust which pane (blue or red) gets more space. Also, if there is a more elegant/standard way of doing this, I'd appreciate any pointers. I tried a Divider() instead of a rect, but I had problems selecting the divider with my mouse. Here is how I am using this in actual code. The top view is a list of organizations running code on my Mac. The bottom pane provides details about that team. The horizontal bar lets me adjust which view gets more space - the list view or the details view.

I think the problem was a combination of certificates expiring and registered devices expiring. Once I corrected these, installation of Endpoint System Extensions started working again. Note: I had multiple certificates generated on multiple Macs (that I actively use), which expired at different times. I think this created a rolling set of failures over a span of about a week. Development stopped working on one machine but not another. Eventually everything stopped working. It was very confusing for me at the time.

I was hoping there was an easy way for a user to determine UBF8T346G9 = Microsoft EQHXZ8M8AV = Google etc. A lot of the time the first two components in the signing ID was helpful (e.g., com.google), but as Eskimo mentions, this is only a convention and not reliable as an unique identifier. In the attached screenshot, I've searched for "crashpad". In the list of programs recently executed, and two different programs named "chrome_crashpad_handler" with the same signing ID ("chrome_crashpad_handler") popped up. Each had a different path. One was launched by Google Chrome (and had the Google Team ID) and one was launched by Microsoft Teams (and had the Microsoft Team ID). My end goal is to identify every organization that contributed signed code that ran on a given machine. The Team ID seems to do it, but it isn't very understandable to humans.

FYI: I just compiled and ran Apple's sample GardenApp from their 2021 WWDC presentation SwiftUI on the Mac: Build the fundamentals, and after entering a search term for the table and then clearing the search term, the app generates the same warning. So, at least we are in good company. 2023-04-11 07:27:38.870357-0700 Garden App[14053:1032028] WARNING: Application performed a reentrant operation in its NSTableView delegate. This warning will become an assert in the future.

I am getting this too when clearing the search field for a table in a macOS app built with SwiftUI. My code is very similar to the OP's code. I have a MainActor class that is an @ObservableObject (I create a singleton of it) holding a Deque of data that is @Published. I have a computed property that returns a filtered Deque (from the published Deque), and that what is used to populate the table. The table has a .searchable(text:) modifier. I get the alert when I clear the search field.