I must be missing something really obvious, and I feel particularly dumb about it: I don't see any event -- authorization or notification -- for creating or removing a directory. I also don't see one for creating a symlink (although that can be handled via unlink, one presumes). The events for create seem to be file only (and I'm also quite surprised that the file mode isn't available in the authorization event for that). So how blind am I here? I mean, I *must* have missed something, right?

There's a notification for a write, but no authorization message for a write. Why is this? It's a pretty significant departure from kauth.

This may be a rather dumb question, but: if I want to use xpc (specifically mach messaging) to exchange data between a system extension (any sort) and my application, how do I do this? I think I keep getting confused at the launchd plist entries, but also trying to do both an extension and using Xcode's templating for XPC kept not working for me.

In doing some work, I realized I didn't understand XPC (or at least, the higher-level APIs) at all. So I did what I usually try to do, which is to write a completely, brain-dead simple program to use it, and then keep expanding until I understand it. This also, to my utmost embarrassment, will make it transparently clear how ignorant I am. (Note that, for this, I am not using Xcode -- just using swiftc to compile, and then manually run.) I started with this, to be the server side: import Foundation class ConnectionHandler: NSObject, NSXPCListenerDelegate {     override init() { super.init() print("ConnectionHandler.init()")     }     func listener(_ listener: NSXPCListener, shouldAcceptNewConnection newConnection: NSXPCConnection) -> Bool { print("ConnectionHandler.listener()") return false     } } let handler = ConnectionHandler() let listener = NSXPCListener(machServiceName: "com.kithrup.test") listener.delegate = handler listener.resume() print("listener = \(listener)") dispatchMain() That ... does absolutely nothing, of course, but runs, and then I tried to write the client side: import Foundation @objc protocol Hello {     func hello() } class HelloClass: NSObject, Hello {     override init() { super.init()     }     func hello() { print("In HelloClass.hello()")     } } let hello = HelloClass() let connection = NSXPCConnection(machServiceName: "com.kithrup.test", options: []) connection.exportedInterface = NSXPCInterface(with: Hello.self) let proxy = connection.remoteObjectProxyWithErrorHandler({ error in   print("Got error \(error)") }) as? Hello print("proxy = \(proxy)") connection.resume() dispatchMain() That gets proxy as nil. Because it can't coerce it to something of Hello protocol. And at no point, do I get the message from the server-side listener. So clearly I am doing everything wrong. Can anyone offer some hints?

The documentation for, eg NEAppProxyProvider, has a lot of redirections and implicit configurations that I simply don't know and sometimes can't follow. I wanted to try making a VPN network extension that (for the moment) just got loaded and did nothing. I can't even get that far, it seems. I'm clearly missing the setup I need to do. Unfortunately, the old SimpleTunnelCustomizedNetworkingUsingtheNetworkExtensionFramework sample doesn't build anymore, what with it being Swift 3 based. Is there a newer, made-for-idiots sample program somewhere?

Has anyone made a Swift class for IP packets? This is just me being lazy -- the goal is to be able to print them out nicely, and possibly change the values, mainly for experimentation and fun. (I mean, I can do it in C, so I can always wrap that in ObjC and bridge to Swift.)

This is mainly caused by my having misread the documentation, but then the behaviour seemed to match my misreading, but then suddenly it didn't. Specifically, I had thought that handleNewFlow could return false to indicate "I'm not interested in this particular connection," but it turns out to close it (killing some but not all? networking on the system) if I always return false. The specific thing I was trying to do was exclude certain apps from being proxied (without building a list of all apps, to filter them all). So my question is two-fold: how dumb was I to misread the documentation, and is there a way to do what I was trying to do? (Short of, say, monitoring all new processes as they start, adding them to the NEAppRule set, and deliberately excluding the ones I wanted to whitelist.)

The proxy doesn't seem to have a way to tell if the application is trying to make an IPv4 or an IPv6 connection (unless the remote endpoint is an explicit IPv4 or IPv6 address). Am I missing something there, or is that in fact how it's intended to be?

I've been trying and googling and forum-reading this for a couple of days, and ... am either missing something obvious, or am simply dumb. I'd prefer to simply be ignorant, and so I ask. 😄 I've got a personal, paid account. I've got some projects, and I've got some git repos. I'd like to allow some other people to check out a repo and then build the associated project. Only they can't, because the bundle identifier conflicts. The bundle identifier is, e.g., com.kithrup.filterTest. In my Xcode, the selected team is me. And that works, which isn't surprising because I did create it after all. I've tried using App Store Connect to invite someone, and they do show up there. But they can't build either, again due to the bundle identifier conflict. (Also they can't find any provisioning profiles, which makes sense given everything else not working.) This is a remarkably basic question for someone who's been developing on the Mac for... oh my, coming up on 20 years in a month. Of course, I managed to avoid Xcode for much of that time, by simply doing unixy stuff. Help?

I know you can go the other way, but I'm curious if there is a way to start with Xcode and end up with CMakeLists.txt?

Under macOS (and especially when using MDM), is it the case that a system extension (in particular, a Transparent Proxy Provider or Endpoint Security extension) must be embedded in an application bundle in /Applications? Or can they be located in some other location, or even directly installed into /Library/SystemExtensions and then activated via a LaunchDaemon? Does it matter whether it's distributed via the App Store or part of enterprise distribution? (Yes, my next step is to look into MDM, about which I know very little. 😄) This is a case of me being confused by the documentation, and looking at some existing products.

My project got more complicated, and I had to integrate in some C++ code. In the process, I ended up with a couple of targets, which had some shared ObjC++ and Swift code. Normally, if it's all the same language, I just put the files in question into each of the targets, and we're all happy. But with having both ObjC++ and Swift, I had to deal with the bridging headers. Which got created as ${PRODUCT_NAME}-Swift.h, which made it very difficult for that file to be included in a .mm file used in multiple targets. I tried googling, and forum-searching, and couldn't quite figure out how to make it generate a single header file. Instead, I added a new target, a static library using the common files. I added a Run Script phase which copied *-Swift.h from the Derived Sources directory to the build directory. Then I added the library as a dependency for each of the other targets, and of course linked with it. This seems to work, even after doing a rm -rf build and building everything again. So... was this the (or at least, a) right way to do this? Are there better practices I should be using? Merci beaucou, je suis tres stupid quelquefois.

On three different machines (all running Xcode 13 and Big Sur), it always tells me that the command-line developer tools need to be installed. I've "installed" them four times so far on one machine, and at least twice on the other two.

On three different machines (all running Xcode 13 and Big Sur), it always tells me that the command-line developer tools need to be installed. I've "installed" them four times so far on one machine, and at least twice on the other two.

I wrote a very dumb transparent proxy. The extension simply sends data to a daemon, and that daemon sends network data back to the proxy. It worked with small test connections, and I was fairly pleased. Then I tried transferring a ~4mbyte file (using curl), and it got a way in, and then the daemon did a network read of something like 400kbytes, and went to send that to the extension, and the flow.write method never called the completion handler. If I limit the read size to 64k max, it works. The most frustrating thing is I don't see any logging information related to it, so I can only guess what's going on. Any ideas, thoughts, or clear stupidities on my part?