“eskimo”

Can you reproduce this on a ‘clean’ machine? That is, a Mac that’s never seen your product before? I usually do this sort of testing in a VM, so I can restore to a clean snapshot between each test. See Testing a Notarised Product for a rough outline of the process I follow. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Oh, hey, thanks for pinging this thread, because it reminded me to take a look at the state of bwill’s bug report (FB21334477). And it seems that there have been changes in this space on macOS 26.3. Can either of you reproduce the issue on that release? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I’ve been working on this slowly but steadily over the past few weeks, but that effort has kinda bogged down due to my desire to use the new Network framework API ‘correctly’. That’s harder than it might seem )-: But, yeah, I’ll continue plugging away at this, just as soon as I file yet another bug against the new API! [1] Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] The closure you pass to the NetworkListener.run(_:) call really shouldn’t be marked as throws because, if you do throw, that error goes nowhere.

Thanks for the extra info. I recommend that you file own bug report about this, per the advice I gave to ozzotto upthread. Are you able to reproduce this reliably? Most of the reports I see about this are from folks trying to debug this based on crash reports coming in from the field. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='877613022, TarMac_, /thread/816939?answerId=877613022#877613022, /profile/TarMac_'] Can you please confirm that passkeys cannot work for on-premise solutions … ? [/quote] I can confirm that: The associated domain entitlement must be baked into your binary. The AASA has to be accessible from the public Internet. Does that make it impossible to use passkeys in managed environments? No. Device management isn’t really my field, but there are options for enabling passkeys in such environments. Check out WWDC 2023 Session 10263 Deploy passkeys at work. These may or may not work for you and your customers, depending on your specific needs. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I’m presuming that this is on the Mac. If not, lemme know. [quote='817264021, WangZiYuan, /thread/817264, /profile/WangZiYuan'] it suggested the possibility that the kernel might have marked the extension as untrusted [/quote] That’s nonsense. As to the actual cause, it’s hard to say. I’ve definitely seen similar reports, but I don’t remember the resolution. [quote='817264021, WangZiYuan, /thread/817264, /profile/WangZiYuan'] As soon as I stop the extension … the network immediately recovers [/quote] Does that terminate your sysex process? If it does, then that’s a strong indicating of an OS-level bug, because something in the OS is holding on to the bad state that causes the problem to come back when your start your filter again. OTOH, if it doesn’t then it’s possible that the bad state in being stored within your sysex process. In that case — and this is only as an experiment not as an actual workaround — try killing that process. Does that clear the bad state and allow your filter to function again? Share

[quote='817211021, crewshin, /thread/817211, /profile/crewshin'] it seems that Xcode generates random team ID's with it's automatic signing system [/quote] I think you’re mixing up the various different identifiers that all use the 10-character format. See Code Signing Identifiers Explained for more about that. ps Lemme know if this helps because I’m thinking of turning this into a technote in the Inside Code Signing series, and I’m more likely to make time for that if I know that it’s actually helpful. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

IAiSeed, it looks like your response was AI generated. If that’s the case, it’d be good to let folks know that, so that they can decide for themselves how much trust to put it in. Coming back to the technical issue, this isn’t right: [quote='877778022, IAiSeed, /thread/817236?answerId=877778022#877778022, /profile/IAiSeed'] Functions like class_getInstanceMethod and IMP are used to dynamically invoke Objective-C methods from C. [/quote] A minor issue is that IMP isn’t a function, it’s a type. A more significant issues is that this approach, known as IMP caching, is not the right option in most cases. Rather, if you want to call Objective-C directly from C it’s better to call the objc_msgSend function (or one of its variants; more on that below). When you call Objective-C in this way, it’s critical that you cast the objc_msgSend function pointer to a function pointer with the right arguments. For example, to call -[NSUUID getUUIDBytes:] you’d do this cast: typedef void (*NSUUID_getUUIDBytes_Ptr)(NSUUID *, SEL,

[quote='817343021, granada29, /thread/817343, /profile/granada29'] I am invoking this from a root shell [/quote] How is that root shell started? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='817172021, CA_, /thread/817172, /profile/CA_'] What is the root cause of the over‑release / invalid objc_release in this path? [/quote] It’s hard to say. The nature of over-release problems is that the code that crashes isn’t necessarily the code with the problem. It’s very common for the problem to be in completely unrelated code. For example, this could well be an over-release bug in your app’s code [1], with the Network framework being the ‘innocent victim’. Do you have an Apple crash report for this? If so, please post an example. See Posting a Crash Report for info on how to do that. IMPORTANT If you can find a JSON format crash report, that’d be ideal. Additionally, I recommend that you run your program under the standard memory debugging tools. This will often make the problem easier to reproduce, which is the first step towards debugging it (regardless of whether it’s in your code or the OS). Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo

[quote='817434021, pawanquantum, /thread/817434, /profile/pawanquantum'] while the tunnel is active in a pre-MFA quarantine state [/quote] I’d like to clarify my understanding of this. First up, what does “MFA” stand for in this context? Second, it sounds like your concerned about this sequence: The system wants to bring up the tunnel. So it instantiates your provider and calls the startTunnel(…) method. Your provider opens a connect to your VPN server. And then calls setTunnelNetworkSettings(…) to bring up the tunnel. However, the tunnel isn’t really up at this point, in that your VPN server won’t forward packets to the networks that the tunnel claims. Is that right? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='817359021, discorevilo, /thread/817359, /profile/discorevilo'] Happy to file it if someone can give an appropriate suggestion [/quote] Wi-Fi should work, but you can also choose Something else not on this list. I recommend that you enable the additional network logging per our Bug Reporting > Profiles and Logs page. For lots of other hints and tips about bug reporting, see Bug Reporting: How and Why? Please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

The macOS 15 development cycle triggered a bunch of changes in app groups. See App Groups: macOS vs iOS: Working Towards Harmony for the backstory. Going forward, I recommend that you: Decide on the app group ID you want to use. This can use either the macOS style or iOS style. For new code I recommend the iOS style, although if you have an exist product that uses the macOS style it usually makes sense to stick with that. For each program involved (so your app and your file provider appex)… Make sure it has an explicit App ID. Create a profile that authorises that App ID to access your app group. Make sure that profile gets embedded in the program’s bundle. Sign the program to claim access to that app group. IMPORTANT Make sure to sign the program with com.apple.application-identifier so that the system can associated the program with its provisioning profile. If you’re using Xcode, it will typically take care of this for you, although my experience is that this works better if you’re using an iOS style app g

First up, I want to make sure you’re aware of this: Apple Security Research Device Program But as to your specific situation, you could work with your customers to get builds of their app that are more amenable to your testing. For example, a development-signed build, with the get-task-allow entitlement, will allow you to attach with the debugger. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

See my response in your other thread. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com