“eskimo”

[quote='888521022, Pavel, /thread/826844?answerId=888521022#888521022, /profile/Pavel'] Is there any way to reset the Always Trust policy? [/quote] These are known as trust settings and they have both a command-line and API presence. On the command line, use various subcommands of the security tool: % security | grep trust-settings dump-trust-settings Display contents of trust settings. user-trust-settings-enable Display or manipulate user-level trust settings. trust-settings-export Export trust settings. trust-settings-import Import trust settings. Programmatically, you have a bunch of Trust Settings APIs. IMPORTANT Neither of these let you set up a trusted anchor without user approval. Or at least they shouldn’t (-: If you find a way to do that, lemme know and I’ll file a security bug about it! Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Indeed. Thanks for closing the loop here. And just for the sake of those following along at home, I wanted to post a couple of links to rbmanian75’s other threads, where we’ve been discussing the mechanics, and the limitations, of this technique: Port forwarding with VZVmnetNetworkDeviceAttachment Programmatic IP Discovery for VZVirtualMachine in an App Store Sandbox Actually, come to think of it, rbmanian75’s All Posts page currently reads like a Virtualization FAQ (-: Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

If you haven’t already done so, I recommend that watch WWDC 2025 Session 234 Filter and tunnel network traffic with NetworkExtension. Alice gives a good overview of the expected use cases for this stuff. Regarding your specific questions, lemme tackle the second one first: [quote='827106021, Pavel, /thread/827106, /profile/Pavel'] 2- Can a single container app install and manage more than one Network Extension in the system? [/quote] Yes. There are actually two ways to slice this: Put each provider in a separate sysex. Create a single sysex with multiple providers. Additionally, you can combine different sysex types into a single sysex. For example, folks often combine an ES client and NE providers into one sysex. My general advice is that you use as few sysexen as possible. Managing sysexen is a bit of a pain, so life is easier if you have just one. If your sysex has multiple providers, you can enable and disable them independently by enabling or disabling each provider configuration using its corresponding

[quote='827033021, CTMacUser, /thread/827033, /profile/CTMacUser'] Does an archive type HAVE to compress the file data … ? [/quote] No. A tar archive, public.tar-archive, conforms to public.archive but is not compressed. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I presume you’ve read TestFlight, Provisioning Profiles, and the Mac App Store. If not, please do so now. As to what’s going wrong, it’s hard to say because I’m not confident that the XML snippets you posted survived the trip into DevForums. In future, I recommend that you put them in a code block. See tip 3 in Quinn’s Top Ten DevForums Tips. Having said that, there’s an easy way to see what this file should look like: Create a dummy Xcode project with the same bundle ID as your app. Make sure that automatic code signing is enabled. Add some restricted entitlement to the app. See TestFlight, Provisioning Profiles, and the Mac App Store for more about that. Build the app. Dump its entitlements: % codesign -d --entitlements - --xml /path/to/your.app Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Have you tried riffing off the technique you described in your earlier thread? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Are you using Network framework? Or URLSession? Or some other API? [quote='826943021, ShrutiGoyal7032, /thread/826943, /profile/ShrutiGoyal7032'] Do we have anywhere written in documentation (evidence) ? [/quote] Just to set expectations here, Apple rarely documents what isn’t possible [1]. Rather, our documentation focuses on what is possible. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] Conceptually that’d require an infinite amount of documentation (-:

I don’t want to speak on behalf of a third-party developer, so I’m just gonna drop this link: https://openai.com/index/axios-developer-tool-compromise/ Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='888338022, Madhuri_Ramapure, /thread/826318?answerId=888338022#888338022, /profile/Madhuri_Ramapure'] How do the custom notification buttons … continue to work even after the applications have been manually force-quit or killed? [/quote] I’ve no idea, sorry. I’m not familiar with those products, so I don’t know what those buttons actually do. And even if I did, there’s no guarantee I’d be able to work out how they do it. However, I can offer some general titbits: Removing an app from the multitasking UI is a strong indication from the user that the app should not run in the background again until they manually relaunch it. Some subsystem, like URLSession, honour that request scrupulously; others less so. So the exact behaviour varies by subsystem. And even within a subsystem it changes over time. Testing Background Session Code explains one change in URLSession, but other subsystems have their own unique history. And some stuff that happens in the background doesn’t involve background execution of the

[quote='826831021, Austrodev, /thread/826831, /profile/Austrodev'] is there official information [/quote] I’m not aware of such a thing but, if it did exist, it would come from Apple Support rather than the developer side of things. You can ask on Apple Support Community, run by Apple Support, to see if anyone there has any suggestions. [quote='826831021, Austrodev, /thread/826831, /profile/Austrodev'] Our strict policy only allows that we deploy our app for OS version which still get security updates. [/quote] That makes sense to me. If you’d like the Apple Developer website to publish this info then you should absolutely file an enhancement request with this rationale. However, I can’t make any promised on that front. It’s a tricky thing to publish because the lines are all a bit grey. If you do file an ER, please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='826844021, Pavel, /thread/826844, /profile/Pavel'] Is it officially possible to set Always Trust for certificate programmatically from a LaunchDaemon? [/quote] No. Furthermore, it’s not possible to programmatically install a trusted anchor without user interaction. This isn’t a bug, but the result of a security hardened effort a few years back. [quote='826844021, Pavel, /thread/826844, /profile/Pavel'] Our DLP agent is specifically designed for environment where MDM is not present … [/quote] MDM is the standard way around this. If you can’t rely on MDM then you’ll have to ask the user to approve the anchor. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='826871021, jodotri, /thread/826871, /profile/jodotri'] but v2 pops up an error on open [/quote] Indeed. I see the same thing on my Mac. [quote='826871021, jodotri, /thread/826871, /profile/jodotri'] I guess Tahoe doesn't have that. [/quote] It does, but it’s moved from one private framework to a different private framework, and something has gone wrong with the redirect logic that we usually use in such situations. Regardless, that’s all implementation detail. This is clearly a bug and I encourage you to file it as such. Please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I can’t help you with this, but I wanted to drop a link to your earlier thread just for context. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

You’ll have to talk to Apple Developer Program Support about this. You can reach them via Apple > Developer > Contact Us > Membership and Account > Account Information Update. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='888308022, jaikiran, /thread/826273?answerId=888308022#888308022, /profile/jaikiran'] This gives the wrong impression that the timestamp difference is on host H2 … while in reality the tool is merely reporting the difference that was present in the previous signature (on host H1). [/quote] Ah, yeah, I can see how that’d happen and also how it’s super confusing. I think you should file a bug against codesign for better diagnostics here; please post your bug number, just for the record. [quote='888308022, jaikiran, /thread/826273?answerId=888308022#888308022, /profile/jaikiran'] maybe the timestamp difference message should be a warning and the tool should exit with an exit code of zero? [/quote] Agreed. Again, I’d appreciate you filing a second bug about that. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com