please provide more detail about the camera that doesn't work. Is it yours (do you own the firmware?) Is it supported on the Mac by the vendor? Have you inspected its USB descriptors?

maybe this is helpful? https://llvm.org/docs/CommandGuide/llvm-as.html

use a second Mac with Apple System Configurator 2 to restore or recover the OS. https://support.apple.com/guide/apple-configurator-mac/intro-to-apple-configurator-cadf1802aed/2.17/mac/14.0

Further progress here. Following the instructions in TN3125, I find that the certificate inside the .mobileprovision file is expired after all! The steps were: remove the cms (Cryptographic Message Syntax wrapper) security cms -D -i <path-to-app>/embedded.provisionprofile -o badapp-payload.plist eyeball the badapp-payload.plist file, verifying that it includes a DeveloperCertificates section extract the first certificate plutil -extract DeveloperCertificates.0 raw -o - badapp-payload.plist | base64 -D > cert0.cer inspect the certificate certtool d cert0.cer which says Not After : 21:10:25 Sep 21, 2023 so, big oops on our part. Hopefully someone aside from myself can learn something from this, I'll post if the problems are all fixed by using a valid certificate.

I tried the new tool, syspolicy_check. It said (rightly) that we'd forgotten to staple the notarization. My Mac has Internet access to that won't make any difference, but I stapled it anyway. The results didn't change - the app won't launch.

@eskimo thanks for the reply codesign --display --entitlements does show a com.apple.application-identifier is present, it is the same for both apps - the bundleID prefixed by our teamID. security cms -D on the embedded.provisionprofile shows the same result for both apps, including the same com.apple.application-identifier value in the Entitlements section. The working and non-working app both refer to the same certificate, with the same serial number, hash and expiration date. The profile for both the working and non-working app expires Sep 23, 2040 at 9:36:53 AM PDT The The plists differ a little, because the two apps were built on different Macs with different toolchains. BuildMachineOSBuild good 22A400, bad 22G90 DTPlatformBuild, good 14A309, bad <empty string> DTPlatformVersion, good 12.3, bad 13.3 DTSDKBuild good 21E226, bad 22E245 DTSDKName good macosx12.3, bad macosx13.3 DTXcode good 1400 bad 1430 DTXcodeBuild good 14A309, bad 14E222b I ran spctl --assess -vvv on the bad app, which said accepted I edited this post, previously I said spctl claimed the bundle format was unrecognized. That was my error - I passed it a path to the app which has spaces in its name with un-escaped spaces. Instead of it telling you that the path doesn't exist, spctl says it is broken. I don't know whether to believe that, because the system log tells me something else. Also, the bundles are almost identical. The "good" app has an additional profile, "embedded.mobileprovision". Which one does the OS use, and why is there an embedded.mobileprovision file in a macOS app? I'll have another look at those links you cited, thanks

I think this error is OSSystemExtensionErrorExtensionNotFound, from <SystemExtensions/SystemExtensions.h>. I see this error also when I try to deactivate my camera extension (after approving its removal with the OS' dialog), but I'm running on a laptop with a built-in, non-removable camera. Maybe the error doesn't happen if there are no cameras in the system, so my extension can be unloaded. I don't know and don't particularly care, because in our shipping apps we never make a deactivationRequest. It isn't clear to me what that API is for - as far as the user is concerned, the driver is installed because they installed its host app and approved it.

I have reposted this question with better tags, here: https://developer.apple.com/forums/thread/744312 Sorry for the noise, but I didn't notice within the editing timeout period.

I don't think you're liable to get an answer here (this is a forum about technical issues with creating software for Apple platforms, not an official support channel). Try starting here instead: https://developer.apple.com/contact/#!/topic/select

are these jpgs all the same size (width/height)?

Well, I'm out of ideas. If it were me, I'd file a DTS incident

I see. I didn't know that you installed other items. In this case, yes you would use an uninstaller. But the uninstaller doesn't need to deactivate the camera extension, all it needs to do is delete the hosting app. The camera extension will be deactivated and eventually deleted from the system. If the extension is still in use, it won't be unloaded until the hardware is unplugged or the system restarts. On macOS, the bundle ID of the extension and the hosting app don't have to be related. The Xcode template project sets up related bundle IDs, there's no good reason to stray from the practice. On iOS/iPad OS, the extension's ID must begin with hosting app's ID. Usually, the team ID of the extension and the host ID have to match, unless you have the com.apple.developer.system-extension.redistributable entitlement (macOS only) I don't know whether another app can deactivate your driver. Maybe it only works if the uninstaller also contains the driver extension (even if it would never activate it?). But it shouldn't be necessary anyway - just delete the camera extension's hosting app, and your audio plug-in.

@W1EBR I know exactly what you mean (I'm trying to do something similar currently myself). Fortunately, my project is for our own hardware; we are entitled to our own USB vendor ID so we can make an iPadOS driver for our hardware. If your SDR is your own, or that of a business partner, you/they can request the entitlement com.apple.developer.driverkit.transport.usb entitlement. If it were third-party hardware, but the software is open source, you can let users download and compile it to run locally. No entitlements are needed, but obviously the barriers to entry for most users is way too high. If the SDR is a commercial product, it is up to the vendor of the product to provide a driver. There doesn't seem to be a way (yet? who knows?) to talk to arbitrary USB hardware on iPadOS. Apple would encourage you to file a feature request using Feedback Assistant if that's what you would like to able to do.

It is possible to use pkgbuild without --component-plist, it looks like you are doing that. If you want more control, run pkgbuild with the --analyze option, then edit the template plist to your liking (this is where you could make the app bundle non-relocatable), and subsequently use pkgbuild with --component-plist. It has been forever since I did this, so this is as far as I think I could assist. I hope it helps.

import IOKit import IOKit.serial