Problems with macOS apps launching since Sequoia 15.1 (spawn constraints failure)

What

Starting from macOS Sequoia 15.1, a terminal app (KiTTY) installed via Nix fails to launch apparently due to new hardening mechanism in CoreServices introduced in 24B83

Seems this is triggered not every time. If I create new volume and copy the same path with KiTTY on it, it worked on the first occasion but I failed to make it work reproducibly.

@Eskimo I would kindly appreciate if you could highlight more about Secure Launch and related spawn constraints.

Anyway, this is blocker issue for me so I'm rolling back to 15.0.1

❯ open /nix/var/nix/profiles/default/Applications/kitty.app
_LSOpenURLsWithCompletionHandler() failed with error -54.

Logs

❯ log stream | grep kitty
...

2024-10-30 09:38:56.005739+0100 0x9383     Error       0x45fac              584    0    CoreServicesUIAgent: (LaunchServices) [com.apple.launchservices:open] LAUNCH: Launch requires secure launch with spawn constraints, but none are present or valid, so returning permErr for <FSNode 0x600001e656c0> { isDir = ?, path = '/nix/store/wiindrplkcj1mn22x6nbl8clpnz7adpm-kitty-0.36.4/Applications/kitty.app' }
2024-10-30 09:38:56.005837+0100 0x9383     Error       0x45fac              584    0    CoreServicesUIAgent: (LaunchServices) [com.apple.launchservices:open] LAUNCH: Launch failure with -54/permErr <FSNode 0x600001e778e0> { isDir = y, path = '/nix/store/wiindrplkcj1mn22x6nbl8clpnz7adpm-kitty-0.36.4/Applications/kitty.app' }
2024-10-30 09:38:56.006106+0100 0x9383     Default     0x45fac              584    0    CoreServicesUIAgent: (libxpc.dylib) [com.apple.xpc:connection] [0x600002148d20] activating connection: mach=true listener=false peer=false name=com.apple.coreservices.quarantine-resolver
2024-10-30 09:38:56.006440+0100 0x9383     Error       0x45fac              584    0    CoreServicesUIAgent: (LaunchServices) [com.apple.launchservices:default] LAUNCH: Launch failed in CSUI with error Error Domain=NSOSStatusErrorDomain Code=-54 "permErr: permissions error (on file open)" UserInfo={_LSLine=4224, _LSFunction=_LSOpenStuffCallLocal}
2024-10-30 09:38:56.007039+0100 0x9381     Default     0x45fac              584    0    CoreServicesUIAgent: (libxpc.dylib) [com.apple.xpc:connection] [0x14f00fca0] activating connection: mach=false listener=false peer=true name=com.apple.coreservices.quarantine-resolver.peer[584].0x14f00fca0
2024-10-30 09:38:56.007602+0100 0x9381     Error       0x45fac              584    0    CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: status=-54 {\n    Action = odoc;\n    AppPath = "/nix/store/wiindrplkcj1mn22x6nbl8clpnz7adpm-kitty-0.36.4/Applications/kitty.app";\n    Documents =     (\n        "kitty.app"\n    );\n    ErrorCode = "-54";\n    FullPaths =     (\n        "/nix/store/h33cy9y53p6dnyzx41a1dfxsr0df8i4c-system/Applications/kitty.app"\n    );\n}

Environment

❯ uname -a
Darwin airstation.local 24.1.0 Darwin Kernel Version 24.1.0: Thu Oct 10 21:05:14 PDT 2024; root:xnu-11215.41.3~2/RELEASE_ARM64_T8103 arm64

~ 
❯ sw_vers
ProductName:		macOS
ProductVersion:		15.1
BuildVersion:		24B83

❯ arch
arm64

Are you involved in the development of either of these products (KiTTY or Nix)?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This seems to have been fixed by https://github.com/NixOS/nixpkgs/pull/352795

Problems with macOS apps launching since Sequoia 15.1 (spawn constraints failure)
 
 
Q