I have a couple of LaunchDaemon installed helper executables that are calling a bash script. As of MacOS 13, these are now showing up as unidentified developer in Login Items which I am trying to resolve.
I have tried setting AssociateBundleIdentifiers in my plist file but the console tells me it is being ignored because bash does not have a Team Identifier.
I believe the fully correct way to resolve this is to switch to the new Service Management API, but my understanding is that would only work on MacOS 13 and would therefore break my app on older versions of MacOS
My questions are:
is there any other way to make my helper as part of my app's login items that I have missed?
is there an easy way to make an installer that will work for both newer and older versions of MacOS without having to package two separate versions?
Sample plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AssociatedBundleIdentifiers</key>
<array>
<string>com.mycompany.ExampleApp</string>
</array>
<key>Label</key>
<string>com.mycompany.ExampleApp.updater</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/var/root/Library/Group Containers/com.mycompany.ExampleApp/Library/Application Support/update.sh</string>
</array>
<key>StandardOutPath</key>
<string>/var/root/Library/Group Containers/com.mycompany.ExampleApp/Library/update.log</string>
<key>WorkingDirectory</key>
<string>/var/root/Library/Group Containers/com.mycompany.ExampleApp/Library/Application Support/</string>
<key>WatchPaths</key>
<array>
<string>/var/root/Library/Group Containers/com.mycompany.ExampleApp/Library/Application Support/latest.app.zip</string>
</array>
</dict>
</plist>
Service Management
RSS for tagThe Service Management framework provides facilities to load and unload launched services and read and modify launched dictionaries from within an application.
Posts under Service Management tag
86 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
Emiliss-MacBook-Air ~ % launchctl bootout
Usage: launchctl bootout [service-path1, service-path2, ...] |
emiliscy@Emiliss-MacBook-Air ~ % sudo launchctl unload /System/Libraly/LaunchDae
mons/ssh.plist
Unload failed: 5: Input/output error
Try running launchctl bootout as root for richer errors.
I don't understand what's happening please help me I can't connect github rep with visual studio.
I have an executable in macOS that I m launching as a User Agent. The same executable can be launched in multiple ways like either user can directly click the exe to launch it, or user can launch it from the terminal using ./ etc. One similar way is when the user launches the exe as a User Agent(i.e daemon in user session).
In this scenarios, I want to identify in my exe If my user has launched it as agent to perform certain task.
I wanted to know how can I accurately determine this?
I have tried figuring out If there is some unique session that agents operate in, but I could not find anything. Can someone help here? Is this even possible?
I built a custom binary which requires elevated privileges to execute. I wrote a launchd plist file and loaded it. On loading , the app is working as expected but lot of apps were corrupted. Apps like chrome, slack, zoom etc became un openable . Even my mouse right click stopped working. When I looked at the contents of the chrome in application directory it was missing few files.
contents of chrome before launching my custom app
-rw-r--r--@ 1 myusername admin 2556 May 14 16:49 CodeResources
drwxr-xr-x@ 3 myusername admin 96 May 14 15:59 Frameworks
-rw-r--r--@ 1 myusername admin 11851 May 14 16:17 Info.plist
drwxr-xr-x@ 3 myusername admin 96 May 14 15:59 Library
drwxr-xr-x@ 3 myusername admin 96 May 14 16:17 MacOS
-rw-r--r--@ 1 myusername admin 8 May 14 15:59 PkgInfo
drwxr-xr-x@ 61 myusername admin 1952 May 14 15:59 Resources
drwxr-xr-x@ 3 myusername admin 96 May 14 16:17 _CodeSignature
-rw-r--r--@ 1 myusername admin 12551 May 14 15:59 embedded.provisionprofile
contents of chrome after launching my custom app
drwxr-xr-x@ 3 myusername admin 96 May 14 15:59 Frameworks
drwxr-xr-x@ 3 myusername admin 96 May 14 15:59 Library
drwxr-xr-x@ 2 myusername admin 64 May 16 13:48 MacOS
drwxr-xr-x@ 58 myusername admin 1856 May 16 13:48 Resources
drwxr-xr-x@ 2 myusername admin 64 May 16 13:48 _CodeSignature
my custom app plist file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.zzzz.xxxx</string>
<key>Program</key>
<string>/path/to/app</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
If i run my custom app as a standalone process everything works as expected, no corruption or data loss.
To restore the apps, I reinstalled them. But cant figure out why this is happening. Also not sure how to make secondary click work again. I tried with multiple mouses , same issue.
Any help on this is appreciated.
Hello,
I was wondering, is it possible to run SMAppService.daemon... as root?
let service = SMAppService.daemon(plistName: "myApp.agent.plist")
Also, is it possible to launch the SMAppService.daemon without the XPC connection? The daemon currently supports grpc.
I was thinking about running it via Process?
I wanted to identify the shutdown event in macOS, so that If my application is running and the user performs a system shutdown then my application could be notified of the shutdown event and perform finalization.
I came across NSWorkspaceWillPowerOffNotification which is exactly what I require, however, I created a sample application to observe for this notification. Is is observed that right before the system shuts down, the OS terminates my application invoking applicationWillTerminate(_:) delegate and the observer method for 'NSWorkspaceWillPowerOffNotification' is not invoked.
I could perform my finalization in the applicationWillTerminate, but I wanted to know why is the observer not getting invoked. Also why is NSWorkspaceWillPowerOffNotification, even provided by apple when it invoked the termination delegate before shutdown?
below is how I m adding the observer:
NotificationCenter.default.addObserver(forName: NSWorkspace.willPowerOffNotification, object: nil, queue: nil, using: AppDelegate.handlePowerOffNotification)
Below is my observer function, which just logs:
public static func handlePowerOffNotification(_ notification: Notification) {
NSLog (AppDelegate.TAG + "System will power off soon! Perform any necessary cleanup tasks.")
// custom logger to log to a file
TWLog.Log ("System will power off soon! Perform any necessary cleanup tasks.")
}
How can a programs be launched at startup if it is not in Launch Options and Launch Daemons/Agents? Spotify, for example.
Hello,
I am trying to enumerate all ways on macOS for launching an application when a user opens a session.
Please note i am not looking for a way which requires root or sudo privileges.
I have found this:
~/Library/LaunchAgents/
Login Items (in macOS System Settings)
But are there others ?
Thanks
I have an application that is being deployed outside of the AppStore using a PKG installer. Since our application has to be deployed outside the AppStore (for enterprise configuration requirements) we also need to handle updates outside the AppStore. I understand that SMJobBless function is now deprecated which seems to be how much open source software is implementing their privileged helpers namely Firefox.
However, since I am already deploying my software using a PKG installer why should I use SMJobBless or the new version SMAppService rather than adding additional functionality to my postinstall script that will set up a LaunchDaemon to handle my automatic updates?
The main issues that come to mind for me is that if a user were to delete our application rather than running the uninstall script the LaunchDaemon would still persist. Therefore we will likely need to handle that scenario and either have the LaunchDaemon recognize that and remove itself, or exit and do nothing.
Additionally, I would be missing out on the security benefits that a service like SMJobBless provides by only allowing my AuthorizedClient to execute the privileged helper.
On the other hand at least my LaunchDaemon would consistently work with older versions of macOS and I wouldn't be locked in to either supporting both SMJobBless and SMAppService or supporting only systems running macOS 13+.
What have other people done to handle automatic updates when they can't deploy through the AppStore? Is just creating a LaunchDaemon a common path? How do people typically handle removing the LaunchDaemon if their application is uninstalled?
I am attempting to install and utilize an agent using the new(ish) SMAppService API with an existing app. The agent appears to install (no error is returned), but when I try to start the agent from Terminal, I get the following in the launchd.log:
2024-04-22 09:57:27.469039 (gui/502/com.redacted.service.agent) : internal event: WILL_SPAWN, code = 0
2024-04-22 09:57:27.469080 (gui/502/com.redacted.service.agent) : service state: spawn scheduled
2024-04-22 09:57:27.469081 (gui/502/com.redacted.service.agent) : service state: spawning
2024-04-22 09:57:27.469100 (gui/502/com.redacted.service.agent) : launching: one-shot
2024-04-22 09:57:27.469105 (gui/502/com.redacted.service.agent) : Allowing non-reentrant proxy for resolving path
2024-04-22 09:57:27.469947 (gui/502/com.redacted.service.agent [71866]) : xpcproxy spawned with pid 71866
2024-04-22 09:57:27.469960 (gui/502/com.redacted.service.agent [71866]) : internal event: SPAWNED, code = 0
2024-04-22 09:57:27.469964 (gui/502/com.redacted.service.agent [71866]) : service state: xpcproxy
2024-04-22 09:57:27.469997 (gui/502/com.redacted.service.agent [71866]) : internal event: SOURCE_ATTACH, code = 0
2024-04-22 09:57:27.506283 (gui/502/com.redacted.service.agent [71866]) : Service could not initialize: posix_spawn(/Users/chrisf/Library/Developer/Xcode/DerivedData/Redacted-gttupgdyakodzddurpavhmscwabs/Build/Products/Debug/Redacted App.app/Contents/MacOS/Service Agent.app), error 0xd - Permission denied
2024-04-22 09:57:27.506306 (gui/502/com.redacted.service.agent [71866]) : initialization failure: 23E224: xpcproxy + 31420 [1098][A7EF179C-FBCC-349E-A7D2-09B2F1408413]: 0xd
2024-04-22 09:57:27.506309 (gui/502/com.redacted.service.agent [71866]) : internal event: INIT, code = 13
2024-04-22 09:57:27.506313 (gui/502/com.redacted.service.agent [71866]) : job state = spawn failed
2024-04-22 09:57:27.507148 (gui/502/com.redacted.service.agent [71866]) : xpcproxy exited due to exit(78)
2024-04-22 09:57:27.507153 (gui/502/com.redacted.service.agent [71866]) : exited due to exit(78)
2024-04-22 09:57:27.507162 (gui/502/com.redacted.service.agent [71866]) : already handled failed init, ignoring
2024-04-22 09:57:27.507170 (gui/502/com.redacted.service.agent [71866]) : service state: exited
2024-04-22 09:57:27.507186 (gui/502/com.redacted.service.agent [71866]) : internal event: EXITED, code = 0
(tldr: error 0xd - Permission denied)
I'd also be curious how we are expected to launch agents once registered with SMAppService. Is it sufficient simply to make an XPC call to an exposed method?
Thanks!
I'm busy designing my app's functionality and really would like to provide some features that rely on background processing after the user has logged in. A Login Item seems ideal for this use case.
I appreciate the lengths Apple go to, to communicate the complex technologies involved in app development, including the planning of macOS apps. I haven't found any information in the planning and design (admittedly under HIGs) documentation on whether it's possible to provide some background processing element along with an app destined for the Mac App Store. Perhaps it's not mentioned for a reason?
However, it would be really useful to background processing dealt with up-front, especially under planning, because it has a huge impact on how one moves forward with product design. Especially when you're an indy developer with limited time and resources.
I can't, for the life of me, find where I previously read that daemons and agents weren't allowed to be shipped with a Mac App Store app, because of the Sandbox requirements. It was probably a reply by Eskimo somewhere in the forums. Does the same apply to Login Items? The bulk of the Login Item documentation is in the documentation archive, most of which was written before the existence of the app stores, so I couldn't find any answers there. I previously believed that an app destined for the Mac App Store could only include a single binary, that of the main app itself. Although I've seen the recent article on including a command line utility binary in the distribution too.
Also, if my understanding of code signing is correct, apps distributed via an app store are signed by Apple, and thus can't communicate via XPC with a binary signed and distributed via a Developer ID. Or is there some workaround there that might get me closer to my goal?
I'm a bit confuse on the file permission between root and admin account.
I'm developing the background user agent process, and I created the agent plist file with the permission R&W for my admin account.
When I tried to load my agent process with launchd, it said the plist file permission is not right. Only after I change the plist file owner to root chown root my.plist, did everything work.
From the above situation, it seems that the root user cannot access files that are only authorized to the admin user.
Admin account also can't access files authorized only to root, unless you add sudo or enter the password when the request admin password box pops up. But by sudo or password, it just temporarily converts your account from admin to root account.
So am I right in my speculation?
1、
my plist /Library/LaunchAgents/com.vivi.control.serviceAgent.plist like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.vivi.control.serviceAgent</string>
<key>ProgramArguments</key>
<array>
<string>/Users/yuellppa/Downloads/vivo_test</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
when the label is other any name but not "com.vivi.control.serviceAgent", use launchctl load /Library/LaunchAgents/com.vivi.control.serviceAgent.plist
and
launchctl unload /Library/LaunchAgents/com.vivi.control.serviceAgent.plist
is ok.
when label is "com.vivi.control.serviceAgent", launchctl load or launchctl unload get error 5: Input/output error.
use launchctl list | grep com.vivi.control.serviceAgent get nothing, so has no conflicting service。
Can anyone help me take a look?
I am having a bundled application(.app file) and I am wanting to run this application via ssh session which does not have GUI access. Launching this application in a desktop GUI session, runs the application perfectly. However, on running it on the same machine via ssh session produces an error.
Note: My application does not bring up any GUI window(it' just produces some logs on the terminal), so running it in a non-GUI environment should have worked.
I get the below error when trying to launch the unix exe in the .app bundle( ./Myapp.app/Contents/MacOS/Myapp
) on the terminal. I have observed that applicationDidFinishLaunching(_:) gets called and then the below error occurs.
+[NSXPCSharedListener endpointForReply:withListenerName:replyErrorCode:]: an error occurred while attempting to obtain endpoint for listener 'ClientCallsAuxiliary': Connection interrupted
I tried running other bundled applications via ssh, but all seems to produce the same error. Can someone confirm Is running bundled application in a non GUI session not allowed by Apple. If its allowed, how can I solve this?
Even running the .app file using the open command fails to launch the application, although it produces a different error which is consistent across different applications.
Hi we are developing a launchDeamon application and need to be notified when a new session is initiated or when a user connects to the Mac
We looked into the Notifications in Cocoa and the Security framework and couldn't get a precise number
is there any way to detect the ammount of users/sessions currently active?
We have a test scenario where we install our app package on a Mac setup using MDM (Jamf). Below are the test steps and observation:
This installation is done on this Mac with no user logged in.
Installation is completed successfully.
Now when an user log in on this mac machine, the expectation is that the app bundle will be started by the launchd (RunAtLoad). But the app is not started. When I check console logs I could see few logs around the app but from those logs I couldn't figure out why the app didn't start.
I rebooted my test machine but that also didnt start my app. My app is not listed in 'launchctl list' command.
My App bundle contains container app and a packet tunnel extension.
Below is how my plist file looks like in '/Library/LaunchAgents/com.****.***ui.plist':
{
KeepAlive = 1;
Label = "com.*****.client.****ui";
LimitLoadToSessionType = (
Aqua
);
ProgramArguments = (
"/Applications/*********.app/Contents/MacOS/****Module"
);
RunAtLoad = 1;
SuccessfulExit = 1;
Version = "110.200.0.100";
}
In Console below are the last set of log which I could find related to my app:
support_log.txt
In above logs below statement mentions the extn which is related to my app bundle:
2024-03-19 15:48:55.256020+0530 0x462 Default 0x0 206 0 symptomsd: (SymptomEvaluator) [com.apple.symptomsd:analytics] [Skipping first 85 of 95 entries]
2024-03-19 15:48:55.256051+0530 0x462 Default 0x0 206 0 symptomsd: (SymptomEvaluator) [com.apple.symptomsd:analytics] entry: Thu Feb 8 20:48:26 2024 NetworkExtension.com.*****.client.*****-Client.*****ui.*****pkttunnel.104.2.12.191.104.2.12 (bundle) 0 0 0 0 0 0
Can someone please help me in understanding what could be wrong here, why would 'RunAtLoad' key word wont work here to start my app on user login or reboot?
Note: Everything work fine when my app is installed with an user logged in to the test machine. Also App starts successfully if I run command 'lauchctl bootstrap gui/ /Library/LaunchAgents/com.****.****ui.plist' in the above mentioned test scenario where app didnt auto start by launchd: 'RunAtLoad'.
I am implementing parental control app via python 3.9 for macOS. Therefore I want to use launch agent to keep my application always alive (app reopened automatically after reboot pc and protected against to be closed via activity monitor.) I want to give keep alive enabling and disabling option to parents that they can deactivate or activate it in the app GUI.
I achieved to keep alive my app standalone signed app without sandboxing(or via Terminal command) but if I sign it with sandbox then I get following error for "launchctl load" and "launchctl bootstrap" commands which are executed in the application "Load failed: 5: Input/output error"
My steps without Sandbox which works fine:
1- Create a com.test_gui.macos.plist file under /Library/LaunchAgents with following content:
`<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>test_gui</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>-g</string>
<string>-a</string>
<string>/Applications/test_gui.app</string>
</array>
</dict>
</plist>`
2- create a python file for launch agent activation (I know either launchctl load or bootstrap should be used but I used both of them to test both.):
import subprocess
cmd = "launchctl enable gui/501/test_gui"
response = subprocess.call(cmd, shell=True)
time.sleep(2)
cmd = "launchctl load -w /Library/LaunchAgents/com.test_gui.macos.plist"
response = subprocess.call(cmd, shell=True)
time.sleep(2)
cmd = "launchctl bootstrap system /Library/LaunchAgents/com.test_gui.macos.plist"
response = subprocess.call(cmd, shell=True)
time.sleep(50)
3- Create standalone app via nutika:
python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle
\--macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=/Users/emre/Documents/MrProtect/icons/app_icon.png
\--include-data-dir=icons=icons test_gui.py
4-Create a .sh file to sign app without sandboxing:
#!/bin/sh
APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app"
SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)"
PASSWORD="***"
codesign -s "$SIGNING_IDENTITY_APP" -f \
"$APP_PATH/Contents/MacOS/Python"
codesign -s "$SIGNING_IDENTITY_APP" -f \
"$APP_PATH/Contents/MacOS/test_gui"
exit 0
5-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature
6-copy paste signed standalone app(without sandbox) file under /Applications/
7-execute app and try to close app via activity monitor and observe that the app is reopened automatically. so the launch agent works fine
Failed Steps(Sign the same app with sandbox and observe that both launchctl load and bootstrap returns "Load failed: 5: Input/output error")
8- create an app.entitlements file with following content:
\<?xml version="1.0" encoding="UTF-8"?\>
\<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"\>
\<plist version="1.0"\>
\<dict\>
\<key\>com.apple.security.app-sandbox\</key\>
\<true/\>
\</dict\>
\</plist\>
9-Create a .sh file to sign app with sandboxing:
#!/bin/sh
#
APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app"
SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)"
PASSWORD="***"
codesign -s "$SIGNING_IDENTITY_APP" -f \
\--entitlements app.entitlements \
"$APP_PATH/Contents/MacOS/Python"
codesign -s "$SIGNING_IDENTITY_APP" -f \
\--entitlements app.entitlements \
"$APP_PATH/Contents/MacOS/test_gui"
exit 0
10-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature
11-execute app and try to close app via activity monitor and observe that the app is closed although app started the launch agent.
12-you can re-execute app under /Applications/test_gui.app/Contents/MacOS folder with "./test_gui" or even with sudo "sudo ./test_gui" commands you would see following error message for both launchctl load and bootstrap returns: "Load failed: 5: Input/output error". So if you close the app, it will not be re-opened
Moreover console tool launchd.log output shows also (1: Operation not permitted) error for launchctl load and bootstrap commands
My questions:
1-Is there any other method different than launch agent for keep alive? I researched it in internet but I could not find any other method unfortunately. Moreover launch agent is not user friendly anyway, with the reason that sandboxed apps cannot copy paste any files under LaunchAgents folder automatically. I am planning to provide my plist file to users that they can copy paste the file themself into launch agent folder out of sandbox.
2-How can i get rid of "Load failed: 5: Input/output error", thereby I can proceed at least with lanuchctl?
What I have tried additionally:
1-I have also tried to use these linux commands, before executing my sandboxed standalone app file:
sudo -S chown 600 /Library/LaunchAgents/com.test_gui.macos.plist
sudo -S chown root:wheel /Library/LaunchAgents/com.test_gui.macos.plist
2-I have already given security fulldisk access to my test_gui app, but it also did not work
My Requirements:
Nuitka:
1.9rc5
Commercial: None
Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40)
Flavor: CPython Official
Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9
OS: Darwin
Arch: x86_64
Version C compiler: /usr/bin/clang (clang).
macOS Sonoma:
14.2.1
I have made an app that requires a daemon to run. For this I use the ServiceManagement framework and the SMAppService.register to register the daemon.
The macOS 14.4 update broke the installation process and the daemon cannot be installed anymore and instead returns an error when trying to install the helper. The installation works on MacOS 14.3.1 or lower.
I have narrowed the error to the main app being sandboxed. Both the daemon and the main app are sandboxed (as MacOS 14.2 introduced the restriction that a sandboxed app can only run/install a sandboxed daemon, https://developer.apple.com/documentation/macos-release-notes/macos-14_2-release-notes#ServiceManagement).
I have been able to confirm that removing the sandbox on the main application results in the register function working again on MacOS 14.4. However, the release notes of 14.4 do not mention anything regarding the ServiceManagement API or something related. So my question is, what has changed in MacOS 14.4 so that the register function for a daemon causes an error when the main app is sandboxed? And moreover, how can I prevent this error without removing the sandbox
-- Information regarding the error:
The .register function returns the following error:
Error Domain=SMAppServiceErrorDomain Code=22 "Invalid argument" UserInfo={NSLocalizedFailureReason=Invalid argument
I have also created a log file according to the procedure at the link below and attached it to this post: https://forums.developer.apple.com/forums/thread/707482#716553022
It appears from the log file and from observing the logs in the Console app, that the error "plist changed between client and smd" causes the issue but I don't understand what causes this error
out2 2.log
--
(I already use the com.apple.security.temporary-exception.sbpl entitlement in the daemon such that it can write to a specific file that the pmset command write to when invoked. This to indicate that I would prefer to keep the main app sandboxed as well. As I could also just remove the sandbox but I don't want to do that)
I am developing an app, in this case for macOS. My app has two parts:
A GUI
A Server
From the GUI i can start and stop the serve.
My problem is that i need the server starts when the mac boots. Using the LaunchAgents i got to launch it when the user logins on, but i need to initiate it before.
I saw that i need to saving my .plis inside of /Library/LaunchDaemons.
I did it but when i restart the computer the server didn t initiate.
I checked that my service gave me the status 1 so, it didn t launch correctly. Maybe the failure is inside the plist... but i dont understand why it works in LaunchAgent and not inside LaunchDaemons
My plist is:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.turnoffpc.turnoffpcplist</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Turn Off PC.app/Contents/Resources/Turn Off PC/Server/dist/turn_off_pc_server.app/Contents/MacOS/turn_off_pc_server</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
For loading the service im using the following sh:
#!/bin/bash
# Copiar el archivo plist a /Library/LaunchDaemons/
sudo cp com.turnoffpc.turnoffpcplist.plist /Library/LaunchDaemons/
# Establecer los permisos adecuados
sudo chown root:wheel /Library/LaunchDaemons/com.turnoffpc.turnoffpcplist.plist
sudo chmod 644 /Library/LaunchDaemons/com.turnoffpc.turnoffpcplist.plist
# Descargar y luego cargar el servicio utilizando launchctl
sudo launchctl unload /Library/LaunchDaemons/com.turnoffpc.turnoffpcplist.plist
sudo launchctl load /Library/LaunchDaemons/com.turnoffpc.turnoffpcplist.plist
I checked that the service is in the correct location
The path to my app is: inside /Applications
Turn Off PC.app
Resources
Turn Off PC
- Server
- dist
- turn_off_pc_server.app
- Contents
- MacOS
- turn_off_pc_server
Someone sees the error or the thing that i am doing wrong?
Thanks in advance
Hi, we are working on an application which will perform scheduled backup tasks in macOS 14. The app has been granted full disk permission.
Recently we updated the code signing for the executable (/Applications/MyApp.app/Contents/MacOS/MyApp below) for passing the new notarization.
After that, we found launchctl unable to load the plist for the schedule job
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<key>Label</key>
<string>com.MyApp.scheduler</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/MyApp.app/Contents/MacOS/MyApp</string>
<string>/Applications/MyApp.app</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
<key>WorkingDirectory</key>
<string>/Applications/MyApp.app/bin</string>
</dict>
</plist>
Related error message found in /var/log/com.apple.xpc.launchd/launchd.log*
2023-12-13 13:59:34.639672 (system/com.MyApp.scheduler [13434]) <Notice>: internal event: SOURCE_ATTACH, code = 0
2023-12-13 13:59:34.644530 (system/com.MyApp.scheduler [13434]) <Error>: Service could not initialize: posix_spawn(/Applications/MyApp.app/Contents/MacOS/MyApp), error 0x1 - Operation not permitted
2023-12-13 13:59:34.644545 (system/com.MyApp.scheduler [13434]) <Error>: initialization failure: 23C64: xpcproxy + 38300 [1097][925DE4E7-0589-3B33-BB64-7BC2F8629897]: 0x1
2023-12-13 13:59:34.644548 (system/com.MyApp.scheduler [13434]) <Notice>: internal event: INIT, code = 1
2023-12-13 13:59:34.644915 (system/com.MyApp.scheduler [13434]) <Notice>: xpcproxy exited due to exit(78)
We have tried to update the entitlements for library and main executable files while still not success on make it works again. We have no idea what else could do for troubleshooting this.
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
<key>com.apple.application-identifier</key>
<string>...</string>
<key>com.apple.developer.team-identifier</key>
<string>...</string>
</dict>
</plist>
Appreciate for any suggestions. Thank you.