“eskimo”

[quote='880483022, chapo213, /thread/818938?answerId=880483022#880483022, /profile/chapo213'] I am trying to verify a helper binary/dylib inside my product that can be updated separately from the main binary. [/quote] Is this an executable or a dynamic library? Or do you need this test to support both? And by “inside my product” do you mean that it’s located within an app’s bundle? Or that it’s logically part of your product, but is stored in some other location on disk? And while I’ll have a lot more to say about your overall issue once I better understand it, I want to nip this one in the bud: [quote='880483022, chapo213, /thread/818938?answerId=880483022#880483022, /profile/chapo213'] Does extracting a team-id … automatically verifies that the anchor is apple? [/quote] No. You can’t trust the information you get back from SecCodeCopySigningInformation unless you’ve validated the code signature. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo

It’s hard to offer insight into this without more info. Do you have an Apple crash report for this? If so, please post it here. See Posting a Crash Report for advice on how to do that. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

You can expect that most uploads will be notarised quickly. Occasionally, some uploads are held for in-depth analysis and may take longer to complete. As you notarise your apps, the system will learn how to recognise them, and you should see fewer delays. For lots of additional info about notarisation, see Notarisation Resources. Specifically, it links to a Q&A with the notary service team that’s quite instructive. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='880351022, KayleeSC, /thread/791352?answerId=880351022#880351022, /profile/KayleeSC'] Omg it was the / at the end. [/quote] Well, blat! [quote='880351022, KayleeSC, /thread/791352?answerId=880351022#880351022, /profile/KayleeSC'] I’m gonna send this to the testers and see if that’s it. [/quote] Cool. If that does turn out to be the problem, I’d appreciate you filing a bug about it. The system should either tolerate this or vend a more helpful error. Please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Thanks for the backstory. [quote='880252022, shara7, /thread/818906?answerId=880252022#880252022, /profile/shara7'] which made me wonder whether this is a bug or intended behavior. [/quote] Well, it’s an an either or situation. Note this comment from the release notes: During the beta period, the cadence of notifications will be accelerated, enabling Apple and developers to address any issues that might occur. Honestly, I’m not sure whether this is what’s happening in your case or not. You might be able to learn more as to what’s actually going on by monitoring the system log entries from the ecosystemagent process. Many of these are at the debug level, so you’ll need to opt in to that. See Your Friend the System Log for hints and tips on using the system log effectively. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='880412022, hasii2021, /thread/818406?answerId=880412022#880412022, /profile/hasii2021'] I put them [in FB22267132] but not sure if this is correct [/quote] That’s cool. When I open the system log snapshot you included (system_logs.logarchive) I see this: type: default time: 2026-03-17 21:32:51.951555 -0500 process: spctl subsystem: com.apple.securityd category: security_exception message: UNIX error exception: 2 type: default time: 2026-03-17 21:32:51.951587 -0500 process: spctl subsystem: com.apple.securityd category: security_exception message: MacOS error: -67068 type: default time: 2026-03-17 21:32:51.951603 -0500 process: spctl subsystem: com.apple.securityd category: security_exception message: MacOS error: -67071 type: default time: 2026-03-17 21:32:51.951615 -0500 process: spctl subsystem: com.apple.securityd category: security_exception message: MacOS error: -67071 This seems like an understandable error cascade: The first error, 2, is ENOENT, which is an error commonly returned by the BSD su

[quote='880307022, SurferDog, /thread/818415?answerId=880307022#880307022, /profile/SurferDog'] We kind of expect the permissions to disappear when installing an update [/quote] I don’t know why you have that expectation. If both the old and new versions of the code are signed in the same way, the system should maintain the privilege across the update. TN3127 Inside Code Signing: Requirements talks about the mechanism used to implement that. [quote='880307022, SurferDog, /thread/818415?answerId=880307022#880307022, /profile/SurferDog'] I have filed a bug report: FB22261705 [/quote] Thanks! Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='880359022, timboudreau, /thread/818192?answerId=880359022#880359022, /profile/timboudreau'] Seems pretty byzantine and fragile [/quote] Yeah. I considered this approach before I replied to you yesterday, but I concluded that: I’m not sure if it’s possible to pull off [1]. And even if it is, it’s likely to be very fragile. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] Your appex is sandboxed so: It can’t spawn your app’s executable as a child process because that would require reinitialising the sandbox, something that the system specifically blocks. See App Sandbox Inheritance within Resolving Trusted Execution Problems. It should be able to launch the app with NSWorkspace, but NSWorkspace doesn’t honour all of its configuration when it’s called by a sandboxed process.

[quote='880390022, Abel_Kefan, /thread/819088?answerId=880390022#880390022, /profile/Abel_Kefan'] I realized that I hadn't added the Hotspot Configuration Entitlement [/quote] Oh, hey, would ya look at that. I can reproduce this myself using NEHotspotConfiguration Sample. If I remove the Hotspot capability I get error 8 when attempting to add a configuration. [quote='880390022, Abel_Kefan, /thread/819088?answerId=880390022#880390022, /profile/Abel_Kefan'] I still think it would be better if the error message [provider] a clearer hint to developers [/quote] Agreed. Please file a bug requesting that and then post the bug number here. And now I’m off to update Understanding NEHotspotConfigurationErrorInternal (-: Thanks for sharing this titbit! Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='880441022, jzilske, /thread/817599?answerId=880441022#880441022, /profile/jzilske'] I was using a wi-fi that basically blocks everything [/quote] Hey hey! And, yeah, I see stuff like that all the time (-: [quote='880441022, jzilske, /thread/817599?answerId=880441022#880441022, /profile/jzilske'] apparently the connection is secured using some sort of pinning [/quote] Interesting. The weird part about this is your suspicion that the traffic is coming from within the web view, but it’s not obvious code running in the web view — so JavaScript, basically — could implement pinning. So, I think it’d be worthwhile double checking the origin of this network connection. With mitmproxy you should be able to get the source IP and port number of the request. And you can then use RVI to track the originating process. RVI puts this in packet metadata, which you can display by running tcpdump with the -k option. See the tcpdump man page for details. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technica

You’re code signing your app and app extension, right? There was a very similar report last week that was caused by a failure to sign. [quote='819160021, alexfs123, /thread/819160, /profile/alexfs123'] The logs show the following [/quote] That’s quite hard to read. See tip 5 in Quinn’s Top Ten DevForums Tips for advice on how to post preformatted text. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

The PPQ outage from last week [1] was a very specific thing and it’s definitely not related to whatever issue you’re hitting now. [quote='819180021, KW-P, /thread/819180, /profile/KW-P'] Ping still fails [/quote] Testing with ping isn’t helpful in this case; AFAICT ppq.apple.com never responds to pings. Consider: % ping ppq.apple.com PING use1-ppq-ext-prod.sbz.apple.com (17.33.200.235): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 ^C --- use1-ppq-ext-prod.sbz.apple.com ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss % curl -I http://ppq.apple.com HTTP/1.1 301 Moved Permanently … Location: https://ppq-ext.v.aaplimg.com/ If you want to try out the redirect link, you have disable the client’s trust evaluation on the server: % curl -I https://ppq-ext.v.aaplimg.com/ curl: (60) SSL: no alternative certificate subject name matches target host name 'ppq-ext.v.aaplimg.com' … % curl -I --insecure https://ppq-ext.v.aaplimg.com/ HTTP/2 404 … Of course, that

I’ve not heard of widespread problems with iCloud Private Relay on the iOS 26.4 betas, but that doesn’t mean that this problem isn’t real. My general advice on this front is that you file a bug. Or, in this case, encourage your user to file a bug. They can do that using Feedback Assistant. Ideally they’d do that immediately on seeing the problem, so that the sysdiagnose log attached by Feedback Assistant captures the issue in progress. If they do this, ask them to pass the bug number along and then post it here. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='880415022, ToshiyukiTakeda, /thread/819261?answerId=880415022#880415022, /profile/ToshiyukiTakeda'] Will the Entitlements field for Team ID NWKYYYYYYY be added if I simply wait? [/quote] Our records show that Team ID NWKYYYYYYY already has access to the entitlements need to use NEAppPushProvider. In Xcode’s Signing & Capabilities editor, it should show up as Network Extension (additional values). Likewise in the App ID editor on the Developer website. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

There’s no general-purpose way to get Wi-Fi scan results on iOS. Depending on your specific scenario, there may be special-purpose ways to achieve your goals. TN3111 iOS Wi-Fi API overview has more about that. Please read that and then reply back here if you have follow-up questions. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com