Hi, I've built an installation package (file with .pkg suffix). when I double click the pkg file whereas newer version of the package is already installed, then the installer skip the downgrade process due to the following reason. 2023-02-22 20:19:11+02 my-Mac installd[744]: PackageKit: Skipping component “com.myapp.mycompany” (22.9.0-2209.0.0-*) because the version 23.2.3559-2302.3559.11638-* is already installed at /Applications/myapp.app. However, I still see that the preinstall and postinstall script being executed. Perhaps there's a way to either enable the downgrade, or disable it completely, so I won't get this partial install scenario. Is there a way I can get indication that the installer has skipped the file copying of the target pkg, from within the post/pre install scripts (so I can handle it properly) ?

Hi, I'm using NSURSessionDataTask in order to send REST command to remote server. the server doesn't request client-side verification in TLS, but the client does request server authentication as implemented in the following code if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) { NSURLCredential* credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil); However, even though I set the server certificate as "Trusted" I get the following failure : 2023-01-13 00:45:51.139349+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) System Trust Evaluation yielded stat us(-9802) 2023-01-13 00:45:51.139390+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) ATS failed system trust 2023-01-13 00:45:51.139413+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) Connection 132: system TLS Trust eva luation failed(-9802) 2023-01-13 00:45:51.139432+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) Connection 132: TLS Trust result -98 02 2023-01-13 00:45:51.139450+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) Connection 132: TLS Trust encountere d error 3:-9802 2023-01-13 00:45:51.139467+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) Connection 132: encountered error(3: -9802) 2023-01-13 00:45:51.139488+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) Connection 132: cleaning up 2023-01-13 00:45:51.139508+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) [com.apple.CFNetwork:Summary] Connec tion 132: summary for unused connection {protocol=“(null)“, domain_lookup_duration_ms=0, connect_duration_ms=0, secure_connection_duration_ms=0 , private_relay=false, idle_duration_ms=0} I also tried to connect the same URL from various browsers, and it passed those security checks... How can I figure out what is the problem here? I made sure that the server certificate is set to trusted on system keychain, and my process is running in elevated user mode. I know how to disable this check, but I prefer to understand exactly what It means and fix the certificate chain if needed. thanks

Hi, I've made a pkg installation file that usually works. However, for some setups I gets the following failure after postinstall finish (return 0) 2023-01-12 10:52:00-08 ESXBigSurVM-5 package_script_service[815]: Responsibility set back to self. 2023-01-12 10:52:00-08 ESXBigSurVM-5 installd[781]: PackageKit: Writing receipt for com.myprod.mycomp to / 2023-01-12 10:52:00-08 ESXBigSurVM-5 install_monitor[814]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr 2023-01-12 10:52:01-08 ESXBigSurVM-5 installd[781]: PackageKit: releasing backupd 2023-01-12 10:52:01-08 ESXBigSurVM-5 installd[781]: PackageKit: allow user idle system sleep 2023-01-12 10:52:01-08 ESXBigSurVM-5 installd[781]: PackageKit: Cleared responsibility for install from 773. 2023-01-12 10:52:01-08 ESXBigSurVM-5 installd[781]: PackageKit: Cleared permissions on Installer.app 2023-01-12 10:52:01-08 ESXBigSurVM-5 installd[781]: PackageKit: Install Failed: Error Domain=NSCocoaErrorDomain Code=513 "You don't have permission to save the file "com.myprod.mycomp.bom" in the folder "receipts"." UserInfo={NSFilePath=/var/db/receipts/com.myprod.mycomp.bom, NSUnderlyingError=0x7f92fe515760 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}} { NSFilePath = "/var/db/receipts/com.myprod.mycomp.bom"; NSUnderlyingError = "Error Domain=NSPOSIXErrorDomain Code=1 \"Operation not permitted\""; } 2023-01-12 10:52:01-08 ESXBigSurVM-5 installd[781]: PackageKit: Running idle tasks I've used the installer command with sudo, but i'm still getting the permissions issue ... sudo /usr/sbin/installer -pkg /path/to/my/file.pkg -target / Any idea why this is happening only in some setups (usually VMs running BigSur) ? and how could i prevent it ?

I have a MacOS network extension that activates 3 network "Proxies" (TransparentProxy, AppProxy and DNSProxy). To activate the proxies I do: NEAppProxyProviderManager.loadAllFromPreferences { saveToPreferences { error in if (error) { /* failed to save */ } /* saved */ } } Now I do this 3 times (once for each proxy). The behavior I observe is the following: Once the "saveToPreferences()" is called for the first time the app is installed, user gets an approval popup. Even before user clicks anything, the first 2 calls to "saveToPreferences" fail (both with the same message): Failed to save configuration MyTransparentProxy: Error Domain=NEConfigurationErrorDomain Code=10 “permission denied” UserInfo={NSLocalizedDescription=permission denied} The third call to "saveToPreferences()" does NOT return until a user either accepts or rejects the "allow vpn configuration" pop up. My question is, how can I make all the calls to block the completion callback until user decision ? For now, I figured out that this works as workaround: In the initialization of the first proxy I do: NEAppProxyProviderManager.loadAllFromPreferences { saveToPreferences { error in if (error) { /* failed to save */ } /* saved */ /* here I start the “next” proxies */ StartNextProxy(); } } In this case the first one is blocked until user accepts the pop up and once he does I start the second and the third proxies. This ensure avoidance of "permission denied" error as only one "saveToPreferences()" call waits for user approval. This doesn’t feel like the correct method to me, is there a way for multiple proxy manager to wait for "VPN Configuration" approval event ? Thanks !

I'm working on some app that has LaunchDaemon running on the background, and thus it requires some operations to be removed, prior to deleting the data/exe files. Is there an option to call an uninstall script upon drag-and-drop my app into the trash bin ? or at least, prevent the uninstallation and trigger popup window that tells the user this app cannot be removed until he unload the service (sudo launchctl stop /Library/LaunchDaemons... or sudo launchctl unload -w /Library/LaunchDaemons...) my app uses pkg file format for deployment, but I couldn't find any uninstall callback within this format. is there a way to do so ? Thanks

After macOS minor upgrade of Monterey I've noticed that a directory of mine that lies under /Library/Application Support/myCompany/myProj/myFolder has been mysteriously deleted. Is there a way to check in retrospect which process deleted my directory ? I know of fs_usage, but it's used to record ongoing file activities... the question is how to get file auditing event from the past. Thanks

I'm trying to understand where do I get the dns server configuration from. As I understand, if the file /etc/resolve.conf contain no servers, than it fallback to servers that are defined by the physical connection (Wi-Fi) However, once I removed all dns servers from /etc/resolve.conf, I got that my DNS is configured to the loopback address (127.0.0.1) instead of what the connection provides. nslookup > server Default server: 127.0.0.1 Address: 127.0.0.1#53 Default server: ::1 Address: ::1#53 and Here's the the default dns servers from the Wi-Fi connection: Here's what's configured by the interface : Perhaps anyone can tell me why doesn't the default DNS server is selected to 10.196.X.X as provided by the connection (instead I get the loopback address)

Hi, I've developed network extension that is being loaded from container application. Currently, i'd like to test the extension using development profile in signature. I've implemented 4 providers inside the extension, each derived from NE basic class. here are the definitions of my providers : @interface myAppProxyProvider : NEAppProxyProvider @interface myFilterDataProvider : NEFilterDataProvider @interface myFilterPacketProvider : NEFilterPacketProvider @interface myDnsProxyProvider : NEDNSProxyProvider and added them in the Info.plist accordingly: <key>NetworkExtension</key> <dict> <key>NEMachServiceName</key> <string>MY_TEAM_ID.com.myBrand.ext</string> <key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.app-proxy</key> <string>myAppProxyProvider</string> <key>com.apple.networkextension.dns-proxy</key> <string>myDnsProxyProvider</string> <key>com.apple.networkextension.filter-data</key> <string>myFilterDataProvider</string> <key>com.apple.networkextension.filter-packet</key> <string>myFilterPacketProvider</string> </dict> </dict> I also gave the extension proper entitlements, that my developer provision profile supports. <dict> <key>com.apple.application-identifier</key> <string>MY_TEAM_ID.com.myBrand.ext</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string> </array> <key>com.apple.developer.team-identifier</key> <string>MY_TEAM_ID</string> <key>com.apple.security.application-groups</key> <array> <string>MY_TEAM_ID.myGroup.com</string> </array> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> </dict> First, I activate the extension from the container app, so it set to [activated enabled] Then, In order to spawn the xpc client process, I start the xpc connection from the container application. but the process gets immediate exception and crash right after startup for the following reason : System Integrity Protection: enabledCrashed Thread:       0 Dispatch queue: com.apple.main-threadException Type:       EXC_BREAKPOINT (SIGTRAP) Exception Codes:      0x0000000000000001, 0x00000001aab620f8 Exception Note:       EXC_CORPSE_NOTIFYTermination Reason:   Namespace SIGNAL, Code 5 Trace/BPT trap: 5 Terminating Process:  exc handler [1268]Application Specific Information: Configuration error: Couldn’t retrieve XPCService dictionary from service bundle. The problem may hint wrong configuration of the Info.plist, no ? Any idea what can lead to this ? Thanks

Hi, I've like to calculate the path mtu between one of the local interfaces and a remote address. Perhaps there's such option using native networking framework like nsurlconnection ? Should I need to set the DF (don't fragment) bit and send to each hop in the path, or can I acquire this value from some cached storage per connection ? thanks

Hi, I'm using the reachability framework in order to register network status event for a specific address (address_st in the code below)... I'd like to support change of address which will trigger unregister from the old address and register to the new one. How can it be done ? SCNetworkReachabilityRef reachabilityRef = SCNetworkReachabilityCreateWithAddress(NULL, reinterpret_cast&lt;sockaddr *&gt;(&amp;address_st)); SCNetworkReachabilityContext context = {0, NULL, NULL, NULL, NULL}; SCNetworkReachabilitySetCallback(reachabilityRef, ReachabilityCallback, &amp;context)) SCNetworkReachabilitySetDispatchQueue(reachabilityRef, dispatch_queue_create("com.reachability.test", nil)); thanks,

Hi, I’d like to perform client-side certificate authentication from https based connection in macOS. I’m using the method didReceiveChallenge from URLSession. However, I cannot read the keychain directly since my process is running as Daemon, and my client certificate reside in login keychain. So I've followed the guidance from this question https://developer.apple.com/forums/thread/106851, and sent this authentication request to a user-based process which is running in the current user so it has access to the keychain. After I acquire the NSURLCredential object, I’d like to return it back to the Daemon, so it may run the completionHandler with that credential. However, After I successfully create the NSURLCredential in the user process, and send it back using some reply callback. It looks like the object didn’t serialized properly and I get the following error : Exception: decodeObjectForKey: Object of class "NSURLCredential" returned nil from -initWithCoder: while being decoded for key <no key> Here’s my client side code ( I made sure that the server side create a valid NSURLCredential object). and the problem occur after I send the XPC request, right when i’m about to get the callback response (reply) - (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler { if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate) { [myXpcService getCertIdentityWithAcceptedIssuers:challenge.protectionSpace.distinguishedNames withReply:^(NSURLCredential *cred, NSError *error) { if (error != nil) { completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil); } else { completionHandler(NSURLSessionAuthChallengeUseCredential, cred); } }]; } Perhaps anybody can tell me what did I do wrong here ? Does XPC is capable to pass complex objects like NSURLCredentials ? thanks !

Hi, I was wondering if there's any option to run xcodebuild to compile the project and skip the code signing phase, even though, a signing account is set in the project under signing and capabilities. The motivation for that, is that on some occasions, my project get built using GitLab CI/CD pipeline, which have machine pool that doesn't have Xcode with account. So I'd like to build only and check that nothing got broken. thanks

I've got an array of strings that I want to present using swiftUI Picker widget. Each string is composed of multiple words delimited by spaces. I'd like to get the Picker showing the full string of each item in the list, while the selection variable should only get the first word (the selected item is stored in arg) This was my attempt to do so. notice that the object that hold the items called myHandler, and it's shared to the swiftUI view, and can be modified by external swift closure: class myHandler: ObservableObject { @Published var items = [String]() } struct ContentView: View { @State var arg: String = "" @ObservedObject var handler : myHandler ... VStack { Picker("items", selection: $arg) { Text("AAA").tag("***") Text("BBB").tag("yyy") Text("CCC").tag("zzz") ForEach(handler.items , id: \.self, content: { Text($0).tag($0.components(separatedBy: " ")[0]) }) } } .frame() TextField("firstword", text: $arg).frame() For the options outside the ForEach statement, I can see that arg get the value written in the tag. However, for all options that derived from the ForEach, I see that arg equals to the iterable item ($0) which is the multi work string, and not to the first word as expected. Any idea how to fix those items that are generated from the ForEach, so that selection of such item, will set the arg to the string value of the first word in the iterator ?

Hi, I was wondering if there's any limitation for the context where I initialize my xpc service. This is the code that initialize my xpc service : listener_ = [[NSXPCListener alloc] initWithMachServiceName:@"com.bla.bla"]; xpcService *delegate = [xpcService new]; listener_.delegate = delegate; [listener_ resume];  [[NSRunLoop mainRunLoop] run]; Doing it from the main method and everything works just fine. However, when calling it from different method(main)/thread(main thread)... It doesn't accept remote calls although it seems like the listener was properly initialized. I even tried to wrap this code to run on the main thread using the following wrapper dispatch_sync(dispatch_get_main_queue(), ^{ listener_ = [[NSXPCListener alloc] initWithMachServiceName:@"com.bla.bla"]; xpcService *delegate = [xpcService new]; listener_.delegate = delegate; [listener_ resume]; } where the [[NSRunLoop mainRunLoop] run]; is called from the main method... So my question is what are the requirements to make the XPC work.. is it mandatory to call it from the main method ?

Consider a C++ method that retrieve struct of native typed arguments like enum class, sub-structs, std::string, int, etc... I'd like to create a swift API that return the same struct but in swift variables for example : class ErrorMessage { public: int status; std::string message; }; class serverResponse { public: ErrorMessage error; std::string str_value; std::uint16_t int_val; std::time_t last_seen; EnumVal status; }; serverResponse getServerResponse(); So I'd like to convert it to the swift equivalent struct with native members open class serverResponseSwift : NSObject { open class var error: ErrorMessage { get } open var str_value: String { get } open var int_val: UInt16 { get } open var status: EnumVal { get } }; I know that direct conversion is not yet possible so I need to use objective-C++ code as a mediator. So I've used a bridging header to include the converting method in objective-C++ which will look like this : @interface Converter - (serverResponseSwift) getServerStatusSwift; @end and the equivalent .mm file will implement the conversion function, but can I use the swift Class in objective-c in order to fill it up according to the CPP serverResponse ? @implementation Converter - (serverResponseSwift) getServerStatusSwift { serverResponse x = getServerResponse(); /// How do I create serverResponseSwift out of serverResponse } Thanks !