[macOS Sequoia] Sudden surge of "failed to retrieve app-scope key" logs and failed URL security scoping

Hello,

with macOS Sequoia I've observed a sudden, substantial surge in reports about the Mac App Store version of my app Yoink no longer accepting files dropped to it, with the following message being logged in Console.app:

08:16:05.516307+0200	Yoink	---Yoink Error--- Could not create NSURL bookmark for /Users/<redacted>/Downloads/<redacted>/<redacted>.txt
err: Error Domain=NSCocoaErrorDomain Code=256 "Failed to retrieve app-scope key" UserInfo={NSDebugDescription=Failed to retrieve app-scope key}

The code line that causes this is the following:

NSData *bmData = [fileURL bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope
							   includingResourceValuesForKeys:nil
												relativeToURL:nil
														error:&err];

Sometimes a relaunch of Yoink, or a restart of the Mac resolves the issue, but only temporarily. Other times, even a restart doesn't work, but running

tccutil reset All at.EternalStorms.Yoink

in Terminal and then restarting the Mac works (again, temporarily).

The trial version and Setapp versions of my app both work as expected, however.

I myself cannot reproduce this issue, so any pointers would be greatly appreciated.

(This might be considered a follow up to https://developer.apple.com/forums/thread/46583 , years back)

Thanks a ton,
– Matthias

Answered by DTS Engineer in 807857022

Is there a bug with security-scoped bookmarks on macOS Sequoia?

Yes, there is (r.136626856). This forum post has some more specifics about the issue, which I summarized as:

What you're hitting is bug in ScopedBookmarksAgent which can cause it hang if it happens to have been launched when the keychain was also locked (for example, late in the screen lock process). That bug is fixed as of macOS 15.1 beta 4.

If you're hitting it regularly during development, you can resolve the issue by killing ScopedBookmarksAgent (you may also need to kill and relaunch your app, depending on what state it ends up). On the user side, a log out (or reboot) should resolve the issue.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Is there a bug with security-scoped bookmarks on macOS Sequoia? I don't think anything could have changed with entitlements, since it all works on my Macs.

I also just got a report about my app Transloader that apparently can no longer hold references to user-selected apps for its Link and File actions (on that user's Mac - again, for me, it all works).

I am in the exact same situation with an app of mine. Something is wrong with creating with creating security-scoped bookmarks.

Accepted Answer

Is there a bug with security-scoped bookmarks on macOS Sequoia?

Yes, there is (r.136626856). This forum post has some more specifics about the issue, which I summarized as:

What you're hitting is bug in ScopedBookmarksAgent which can cause it hang if it happens to have been launched when the keychain was also locked (for example, late in the screen lock process). That bug is fixed as of macOS 15.1 beta 4.

If you're hitting it regularly during development, you can resolve the issue by killing ScopedBookmarksAgent (you may also need to kill and relaunch your app, depending on what state it ends up). On the user side, a log out (or reboot) should resolve the issue.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Good news! Thx!

[macOS Sequoia] Sudden surge of "failed to retrieve app-scope key" logs and failed URL security scoping
 
 
Q