Apple Maps Guides

[quote='802437021, berd-lp, /thread/802437, /profile/berd-lp'] Is this flag something I should be explicitly setting? [/quote] Probably not. Library validation is implicitly enabled by the hardened runtime [1]. If you have that set, there’s no security benefit from enabling library validation explicitly. OTOH, it won’t cause any problems either. There are a few situations where having both flags is a benefit: If you run on systems prior to macOS 10.14, where the hardened runtime was introduced [2]. In macOS 10.15.x, x < 4, there was a Gatekeeper bug (r. 57278824) that you could workaround by explicitly enabling library validation. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] Unless you then opt out of it via the com.apple.security.cs.disable-library-validation. [2] I suspect that’s why various apps have it set. They added in back in the day and no one has got around to removing it.

[quote='802458021, jzilske, /thread/802458, /profile/jzilske'] For testing purposes [/quote] What are you trying to test here? What’s the actual goal of this test? I’m asking because the best path forward here depends on your ultimate goal. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I can’t answer why questions. See tip 3 in Quinn’s Top Ten DevForums Tips. My advice here is that you file an enhancement request for a better screen saver API, one based on app extension technology. While we’ve seen similar requests many times before, a fresh bug report will allow you to express your needs in your own terms, and allow Apple engineering to gauge the level of demand. Please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Something like this perhaps: % security find-certificate -c Apple Development: Quinn Quinn (7XFU7D52S4) -p > cert.pem % certtool d cert.pem … Subject Name : Other name : UT376R4K29 Common Name : Apple Development: Quinn Quinn (7XFU7D52S4) OrgUnit : SKMME9E2Y8 Org : Quinn Quinn Country : US … Unfortunately it relies on the name. If you’re worried about duplicates, you can pass -a, which results in a PEM with multiple certificates. certtool won’t deal with that properly, but now that you’re in PEM format you can use openssl. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I am unsure if there has been any progress in this area. But I needed to resolve a recent Tahoe panic, so chatgpt cobbled together this: https://gist.github.com/lundman/54e633a850e7623aae5adab38a39f464 If we are allowed to share? Either way, output was: ./symbolicate_panic.py -p ~/ZFS.2.3.1rc1.kernel.panic.-.Tahoe.M4.Pro.Mac.Mini.txt -k /Library/Extensions/zfs.kext/Contents/MacOS/zfs --kernel --kdk-nearest --accept-mismatch === KEXT mapping === bundle: org.openzfsonosx.zfs arch: arm64e base@: 0xfffffe004400d840 file __TEXT vmaddr: 0x0 file __TEXT_EXEC vmaddr: 0x70000 delta=0x70000 chosen TEXT_LOAD: 0xfffffe0043f9d840 === Kernel mapping (via KDK) === checking for KDK build 25A354 ... nearest: /Library/Developer/KDKs/KDK_26.0_25A353.kdk build: 25A354 SoC: t6041 kernel: /Library/Developer/KDKs/KDK_26.0_25A353.kdk/System/Library/Kernels/kernel.release.t6041 panic Kernel UUID: E67CAF31-8F84-389C-BB27-7FAEC762FA14 KDK Kernel UUID: E67CAF31-8F84-389C-BB27-7FAEC762FA14 file __TEXT vmaddr: 0xfffffe00

What do you mean by “legitimate”? What are you hoping to achieve by poking around in the internals of WebKit? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I have a few resources to share with you: Placing content in a bundle explains how bundles should be structured. Creating distribution-signed code for macOS and Packaging Mac software for distribution explain how to manually sign code. Embedding nonstandard code structures in a bundle offers advice on how to deal with non-Apple code structures, like the ones used by Python. You have a couple of choices here: You can strictly follow the rules in Placing content in a bundle, which is a bunch of extra work right now but will likely work better in the long term. You can bend those rules by simply signing your code as it’s currently structured. Based on the script you included, it looks like you’re attempting the second approach. It’s likely you’ll be able to make that work, but that script will need significant enhancement. For example, Creating distribution-signed code for macOS explains that you need to sign code from the inside out from a dependency perspective, and your script is doing it from a file

Developer ID signing identities are precious. If you have one, you can sign code that’s indistinguishable from legitimate code created by your organisation. Given that, Apple has additional limits on such signing identities. I talk about that in gory detail in The Care and Feeding of Developer ID. One of those limits is that only an Account Holder can manually create Developer ID certificates. I suspect you’re not the Account Holder for your team, and that’s why you’re seeing this problem. You should talk to your Account Holder and discuss how to proceed. IMPORTANT Make sure you read the above-mentioned post because it’s easy to paint yourself into a corner with Developer ID. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

It’s hard to offer specific insight into this because I don’t maintain expertise in third-party tooling. I usually recommend that folks in your situation ask for help via the support channel for the tools they’re using. However, I can offer some general advice. My experience is that, when an app fails to launch like this, without generating a crash report, it’s usually because the third-party runtime has detected a problem and called exit. That’s fine during debugging, because you can get a breakpoint on exit and look at the backtrace. However, it’s problematic when the app is Distribution signed, because you can’t attach with the debugger. My usual advice here is to use Xcode to export a Development signed app from the same Xcode archive that you submitted to TestFlight. See Isolating Code Signing Problems from Build Problems. I’m not sure how well that’ll map to your third-party tooling. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 +

I also find that surprising. I’m gonna do some research and get back to you about this. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='802495021, ssmith_c, /thread/802495, /profile/ssmith_c'] Is this a managed entitlement? [/quote] Yes. It’s certainly restricted, in the sense that it must be authorised by a profile. TN3125 Inside Code Signing: Provisioning Profiles talks about that. And given that it’s not listed under Capabilities in the App ID editor on the Developer website, you can’t assign it to to yourself, so it’s not simply restricted but also managed. Normally we have some sort of application form for managed capabilities, but I’m unable to track that down here. I’ve seen requests for this go by in the past, and I think I know the right process, but this is definitely more of a Kevin thing than a me thing. I’m gonna run this past him before I say anything definitive. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='860350022, Michael8619, /thread/802183?answerId=860350022#860350022, /profile/Michael8619'] after 3.5 days of waiting. [/quote] Blergh. Lemme know if you see such a long delay in your subsequent notarisation requests. Normally I see follow-up requests go through quickly, but that’s after a successful notarisation. I’m curious to see if your unsuccessful notarisation still allowed the system to ‘learn’. [quote='860350022, Michael8619, /thread/802183?answerId=860350022#860350022, /profile/Michael8619'] I must have missed some files in mine as I just received invalid on all my files [/quote] OK. If you’re unable to resolve this, I’d be happy to take a look. My only ask is that you start a new thread with the details, so we can leave this thread focused on the “in-depth analysis” issue. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

See my reply in the other thread that you waded in to. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Please don’t do this. I explain why it’s a bad idea in your other thread. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com