Posts

Post not yet marked as solved
1 Replies
448 Views
My macOS app contains basic GUI client and daemon which reads/writes some private data into default keychain at dameon startup. I build a pkg installer to distribute the app which has post install script to create an plist entry in LaunchDameon and start the daemon after installation.Above all works fine if I sign the app with developer certificate and pkg installer with Developer ID installer cert but if I sign the app with Developer ID Application (distribution certificate), I cannot access the Keychain in daemon.dameon throws below error:code: -25308, message: "User interaction is not allowed."console app has following log19:14:23.073923 -0700 securityd 96 0x7f892d324db0(0x7f892d3250d0) unlocking for makeUnlocked() 19:14:23.073965 -0700 securityd 96 reading system unlock record from /var/db/SystemKey 19:14:23.081023 -0700 trustd 170 OCSPResponse: single response has extension(s). 19:14:23.082415 -0700 trustd 170 asynchronously fetching CRL (http://crl.apple.com/root.crl) for client (securityd[96]/0#-1 LF=0) 19:14:23.082463 -0700 trustd 170 cert[2]: AnchorTrusted =(leaf)[force]> 0 19:14:23.086401 -0700 securityd 96 code requirement check failed (-67050), client is not Apple-signed 19:14:23.086421 -0700 securityd 96 Keychain query for process 2794 (UID 0) 19:14:23.086452 -0700 securityd 96 client is valid, proceeding 19:14:23.086787 -0700 securityd 96 code requirement check failed (-67050), client is not Apple-signed 19:14:23.086866 -0700 securityd 96 displaying keychain prompt for /Applications/MyApp.app/Contents/Resources/dameon-p(2794) 19:14:23.087276 -0700 securityd 96 new SecurityAgentConnection(0x70000ebe2410) 19:14:23.087295 -0700 securityd 96 new SecurityAgentXPCQuery(0x70000ebe2410) 19:14:23.087636 -0700 securityd 96 code requirement check failed (-67050), client is not Apple-signed 19:14:23.087667 -0700 securityd 96 activate(0x70000ebe2410) 19:14:23.087735 -0700 securityd 96 MacOS error: -25337 19:14:23.088876 -0700 securityd 96 CSSM Exception: 224 unknown error 224=e0 19:14:23.089677 -0700 securityd 96 SecurityAgentXPCQuery(0x70000ebe2410) dying 19:14:23.089695 -0700 securityd 96 SecurityAgentConnection(0x70000ebe2410) dying 19:14:23.094558 -0700 dameon-p 2794 CSSM Exception: -2147415840 CSSMERR_CSP_NO_USER_INTERACTIONIf I read above log correctly, securityd is complaining that daemon is not Apple-signed but not sure if that means signing with AppStore distribution certificate is needed for daemon to access keychain.Anyone saw this behavior before? Few people online suggested to use SessionCreate key in LaunchDaemon plist and setting it to true but that didn't made any difference.
Posted Last updated
.
Post not yet marked as solved
1 Replies
1.9k Views
I'm implementing UDP based iOS app and using Network framework to do actual communication to remote server. I'm seeing quite a few abnormalities with iOS12.2 which are outlined below:a) Type of dispatch queue set in NWConnection.start(): It wasn't clear if queue should be serial or even concurrent queue is also fine. nwcat example uses main queue which is serial but wondering whether concurrent queue works as well to speed up things little bit.On iOS 12.2, when I use concurrent queue, I see that there are two calls to completion handler in quick sucession for `ready` state but there is only one call if I instead use serial queue.Above behavior is only seen starting with iOS 12.2 and there is always only one call to completion handler for `ready` state on iOS 12.1.1 irrespective of whether serial or concurrent queue is used.b) UDP datagram size in NWConnection.receive(): Might be related to above but when I invoke NWConnection.receive() after connection state is set to `ready`, I see data size much higher than underlying datagram sizes received by the interface. I verified with wireshark that each datagram is around 1500 bytes with no fragmentation involved while I see datagram size to be around 2500 in some instances in the completion handler.Isn't data in NWConnection.receive() completion handler at datagram granularity or is it based on available received data irrespective of datagrams? It is at datagram granularity in Network.Extension framework so wondering if it is any different in Network framework.Sample code below. Line 10 gets called twice on iOS 12.2 with concurrent queue used for NWConnection while it only gets called once in iOS 12.1.1 irrespective of queue type. private func setupStateHandler() { connection.stateUpdateHandler = { [weak self] (state) in guard let strongSelf = self else { return } switch state { case .ready: strongSelf.canSendAndReceive = true strongSelf.receiveDatagrams() default: strongSelf.canSendAndReceive = false } } } private func receiveDatagrams() { connection.receive(minimumIncompleteLength: 1, maximumLength: Int(INT32_MAX), completion: { (data, _, isComplete, error) in if error != nil { return } if let validData = data, isComplete { self.delegate?.didReceiveDatagrams(datagrams: [validData]) } self.receiveDatagrams() }) }
Posted Last updated
.