Hi, I have a macOS app bundle with multiple binaries. I can create an archive, notarize it and export the app bundle all within Xcode. But when I try to export the archive from the command line I get an error message: ╰─$ xcodebuild -exportArchive -archivePath myarchive.xcarchive -exportOptionsPlist myarchiveExportOptions.plist -exportPath ~/Desktop -verbose 2021-12-06 09:03:39.241 xcodebuild[15117:509468] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/qj/55jnf34d0dz7nrjmw9kkvj6c0000gn/T/....xcdistributionlogs". error: exportArchive: helperBinary does not support provisioning profiles. Error Domain=IDEProvisioningErrorDomain Code=10 "helperBinary does not support provisioning profiles." UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription=helperBinary does not support provisioning profiles., NSLocalizedRecoverySuggestion=helperBinary does not support provisioning profiles, but provisioning profile "$myprofile distribution" has been manually specified. Remove this item from the "provisioningProfiles" dictionary in your Export Options property list.} ** EXPORT FAILED ** This is the export options plist I use (that's the one Xcode has exported): <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>destination</key> <string>export</string> <key>method</key> <string>developer-id</string> <key>provisioningProfiles</key> <dict> <key>$BUNDLE_ID</key> <string>"$myprofile distribution"</string> </dict> <key>signingCertificate</key> <string>Developer ID Application</string> <key>signingStyle</key> <string>manual</string> <key>teamID</key> <string>...</string> </dict> </plist> How can I exclude the helper binary for the provisioning profile during the export of the archive? The main executable uses endpoint security. I tried to add a second key for the helper binary to specify no provisioning profile, but that didn't work either. Note: I already posted this question but wasn't able to edit it anymore. So I had to repost it in order to improve the readability (not ideal).

Hi, I have a macOS app bundle with multiple binaries. I can create an archive, notarize it and export the app bundle all within Xcode. But when I try to export the archive from the command line I get an error message: ╰─$ xcodebuild -exportArchive -archivePath myarchive.xcarchive -exportOptionsPlist myarchiveExportOptions.plist -exportPath ~/Desktop -verbose 2021-12-06 09:03:39.241 xcodebuild[15117:509468] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/qj/55jnf34d0dz7nrjmw9kkvj6c0000gn/T/....xcdistributionlogs". error: exportArchive: helperBinary does not support provisioning profiles. Error Domain=IDEProvisioningErrorDomain Code=10 "helperBinary does not support provisioning profiles." UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription=helperBinary does not support provisioning profiles., NSLocalizedRecoverySuggestion=helperBinary does not support provisioning profiles, but provisioning profile someName distribution has been manually specified. Remove this item from the "provisioningProfiles" dictionary in your Export Options property list.} ** EXPORT FAILED ** This is the export options plist I use (that's the one Xcode has exported): <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>destination</key> <string>export</string> <key>method</key> <string>developer-id</string> <key>provisioningProfiles</key> <dict> <key>...</key> <string>someName distribution</string> </dict> <key>signingCertificate</key> <string>Developer ID Application</string> <key>signingStyle</key> <string>manual</string> <key>teamID</key> <string>...</string> </dict> </plist> How can I exclude the helper binary for the provisioning profile during the export of the archive? The main executable uses endpoint security.

I couldn't find an event type to subscribe to for identifying user logins (SSH, GUI). As an alternative approach I investigated the possibility of monitoring process events e.g. for loginwindow. However, I noticed that this doesn't seem to work either, because the user id and audit session id changes from root 0/system session 100001 right after exec to the respective user's id (e.g. 501) and his gui session id (e.g.100005) after successful authentication. Since I couldn't find any evidence for a fork or exec event, I assume that something like setuid is used internally. Is there any way one could get notified for events which change the process' context (like setuid or a session id change)? Are there events for user logins/sessions I've overlooked?

I'm working on an enterprise product and we need to be able to provide a meaningful mapping between processes and the session context they're running in. I know that we can get the asid of a process based on an exec event subscription via ES, but the asid is too detailed. Ultimately we want to be able to say process A is running in the system/console of user {a,b,c}/ssh session. One problem is that for what we would consider a system session (non interactive) there exist multiple asids. So we need to group all non user sessions a be able to distinguish them from user gui/ssh sessions. Is there a way to get more information about a process' session, maybe but querying its asid? Maybe based on bsm and the audit token? I was thinking along the lines of what launchctl procinfo provides under the section audit flags. There are flags like has_console_access,has_authenticated. But I haven't been able to find out where this information is coming from. There are related flags in the Security framework (SessionAttributeBits) but especially the two I mentioned are missing.

The man pages sysctl(3) state that sysctlbyname and the other mentioned functions return either 0 in case of success or -1 and set errno. But the Apple Documentation (for objective C) for sysctlbyname says the following about the the return values: Return value 0 on success, or an error code that indicates a problem occurred. Possible error codes include EFAULT, EINVAL, ENOMEM, ENOTDIR, EISDIR, ENOENT, and EPERM. So which is it? Or does it return something different in objective C than the C function mentioned in the man pages? But even the provided example in Apple's documentation only checks for return value -1 and then uses errno to log the error. Seems to me that the documentation is wrong.

When I want to add libcurl as a dependency I add libcurl.4.tbd under Link Binary with Libraries and it works. As I understand it these tbd files are stub libraries to enable the linking process for dynamic libraries while keeping the Xcode SDK download small (by replacing the actual dylib with a kind of placeholder). When I open the libcurl.4.tbd in Xcode, it lists under install-name /usr/lib/libcurl.4.dylib and I expected to find this file. But I can't find the actual libcurl.4.dylib at this dir nor anywhere else on my system. otool -L gives me same filepath. How is the linking handled in this case and where is the actual dylib located? I've learned that libcurl.4.dylib actually resides within a shared cache file unter /System/Library/dyld. I'm running macOS 11.1 What's the benefit instead of just placing the dylib under the specified path like /usr/lib/?