“eskimo”

On recent versions of macOS a program needs the Location privilege (from System Settings > Privacy & Security) to access SSID information. It should be feasible for a launchd agent to get that — unlike, say, a launchd daemon — but it’s not without its challenges. My usual advice here is: Install the from a container app using SMAppService. This ensures that the system understands the relationship between the app and the agent. Request the Location privilege in the container app. In the agent, confirm that you have the Location privilege before attempting to do anything with Core WLAN. There’s a new-fangled way to do this but I tend to rely on the old ways. I’ve run through this process for other privileges and it works a treat. However, the Location privilege is kinda weird — it’s not managed by the standard TCC infrastructure — so I’m not 100% sure this will work in that case. But give it a whirl and lemme know how you get along. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Sup

Coming at this from the perspective of the C API, the equivalent of writeDirectoryContents(archiveFrom:path:keySet:selectUsing:flags:threadCount:) is the combination of AAPathListCreateWithDirectoryContents and AAArchiveStreamWritePathList. And to write a single file you can create the path list with AAPathListCreateWithPath. The Swift API combines these two into a single step, so there’s no Swift equivalent of AAPathListCreateWithPath. However, it’s not clear whether you need that. If you put a file in a directory and then point writeDirectoryContents(…) at that directory, you end up with an archive that contains just that file. For example, with this hierarchy: /Users/ quinn/ Test/ somefile.text passing /Users/quinn/Test to writeDirectoryContents(…) I end up with this: % aa list -v -i output.aar Operation: list worker threads: 14 verbosity level: 1 input file: output.aar entry types: bcdfhlmps D PAT= UID=502 GID=20 MOD=00755 FLG=0x00000000 CTM=1663853978.872477459 MTM=1771930096.106661813 F PAT=somefile.tex

Someone pinged me about this via a different channel so I thought I’d post an update here. [quote='661920022, SerusMac, /thread/673322?answerId=661920022#661920022, /profile/SerusMac'] I confirm that we use NETransparentProxyProvider and return FALSE from the callback. [/quote] Right. This a key test. A transparent proxy should be… well… transparent when you always return false from your handle-new-flow method. If you’re having compatibility problems with your transparent proxy, this is a great diagnostic test: Tweak your code to always return false and see if the problem persists. If so, it’s not your proxy’s fault, pretty much by definition. Anyway, I just took a look at FB9002173 and it didn’t result in a fix. However, a different developer filed their bug about this, FB13053446, and it’s carrying the torch forward. Having said that, I’ve no meaningful information to share about FB13053446. It’s still subject to investigation. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ A

@KayleeSC , Please take another run at submitting your app. I just checked on FB19582905 and there’s signs of movement there [1]. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] Our bugs system should officially notify you of this soon, but I figured you’d appreciate a heads up as soon as possible.

[quote='876924022, GangOrca, /thread/816179?answerId=876924022#876924022, /profile/GangOrca'] please correct if not true [/quote] That’s right. Oh, except the bit about the exact 5 second timeout, which is an implementation detail rather than part of an API contract. Our watchdog timeouts have changed in the past and could well change again in the future. [quote='876924022, GangOrca, /thread/816179?answerId=876924022#876924022, /profile/GangOrca'] The duration of the timer is expected to be in milliseconds [/quote] Blocking the main thread for milliseconds is not ideal, because it can cause hitches [1] in the UI, but it’s not going to cause the serious problems that you get if you block if for multiple seconds. But note my comment about the iOS app lifecycle. I regularly see folks try to run cleanup code like this on app termination, only to discover that app termination is rare on iOS. And if you have to structure your app to work properly in the iOS case, then what’s the point of writing a bunch of code tha

[quote='877011022, Pushpak-Ambadkar123, /thread/815498?answerId=877011022#877011022, /profile/Pushpak-Ambadkar123'] will it work with WebKit as well … ? [/quote] Hmmmm, that depends on what you mean by “WebKit”. If you’re talking about WKWebView (WebView in SwiftUI) then I expect, like Safari, it’d get filter support because it loads web content using URLSession. If you’re talking about the WebKit open source project, that’s not something I support and thus I’ve not looked at it. [quote='877011022, Pushpak-Ambadkar123, /thread/815498?answerId=877011022#877011022, /profile/Pushpak-Ambadkar123'] I am trying to implement a solution that would block urls from the block list on the browsers installed on iOS device. [/quote] Can you clarify what you mean by that? But, just so we’re on the same page about Network Extension’s capabilities, it supports two scenarios: Implementing a URL filter — This allows you to block pages loaded by URLSession and anything layered on top of it, including WebKit’s web views and Safar

[quote='876864022, SwiftieDog, /thread/797007?answerId=876864022#876864022, /profile/SwiftieDog'] I know this may sound like a why question [/quote] Two points: If you think that Mac users need more warnings than they already get — keeping in mind the one presented when the app saves a VPN configuration — you are welcome to file a bug about that. If you think that Apple should document this policy officially, you can file an enhancement request against the documentation. A good place for this sort of stuff is the Apple Platform Security guide. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

It seems like you created a specific thread for this question. [This was a mistake, as explained below — Quinn, 2026-02-25] Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='816333021, agorneanu, /thread/816333, /profile/agorneanu'] Any idea what's wrong with my machine? [/quote] Oh, there are so many possibilities )-: In Testing a Notarised Product I encourage folks to do their Gatekeeper testing on a Mac that’s “never seen [their] product before”, and this is an example of why I give that advice. Development machines see many builds of a given app, including ‘broken’ development builds, and that exercises lots of edge cases in Launch Services and the trusted execution system, not all of which are handled correctly. If you create a new account on the problematic machine, does it have the same problem? Expanding on ssmith_c’s comments: [quote='876858022, ssmith_c, /thread/816333?answerId=876858022#876858022, /profile/ssmith_c'] Check the system log to see if there are any further details on the reasons why. [/quote] I have lots of general hints and tips about the system log in Your Friend the System Log, and trusted execution specific stuff at the end of Resolving Trusted

Lemme see if I understand you correctly: You submit a notarisation request with notarytool submit. While the request is in progress, you can see it in the notarytool history list. At some point it disappears from that list. Presumably this is when the notarisation request completes, but it’s hard to be sure about that from the outside. Once that happens, you can no longer get info about that request using notarytool info. Is that right? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Please file a bug about this, making sure to attach a sysdiagnose log taken shortly after reproducing the problem. Once you’re done, post the bug number and I’ll pick things up from there. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

First up, please re-test to confirm that you’re still having the problem. The notary service is quite reliable IME, and when I do see errors like this they often get fixed based on internal monitoring. If you confirm that you’re still having the problem, please file a bug about it and then post the bug number here. Finally, I often find that folks can work around issues like this by switching from app-specific password authentication to key-based authentication. So, in addition to filing that bug, you should try that switch to see if it can get you back notarising again. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='816507021, EdwardD20, /thread/816507, /profile/EdwardD20'] how would that be passed to WeatherKit? [/quote] I don’t think there’s any way to do that. [quote='816507021, EdwardD20, /thread/816507, /profile/EdwardD20'] The only thought I have is that they would need to compile the code on their own … [/quote] Right. Now, compiling things from scratch can be a bit of a pain, so another option would be for you to distribute an unsigned app and have folks re-sign it. However, that’s tricky because the WeatherKit service is tied to your App ID, which is in turn tied to your bundle ID. So it’s not just a case of re-signing the app. There’d have to be some process for customising the bundle ID and then re-signing. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I just posted a response on your other thread that clarifies our position here. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I want to clarify the overall situation here. The Apple Developer Forums are primarily focused on helping developers with Apple APIs, developer tools, and so on. We’re not really set up to help folks with ‘user-level’ questions, even those from advanced users like yourself. For that, I recommend that you bounce over to Apple Support Community, run by Apple Support, and specifically the Business and Education areas. Questions like this fall into two categories: Developers who are trying to create products based on macOS’s built-in services. Users who are trying to configure those services. From a developer perspective, the presence of built-in services, in this case Postfix, is considered an implementation detail, not an API. If you want to build a product that runs a mail server, you should embed your own copy of Postfix rather than relying on the built-in one. And if you want to run that as a daemon, it will naturally have a different launchd job label. From a user perspective, it’s fine to use these built-i