“eskimo”

kTCCServiceEndpointSecurityClient is an implementation detail. Likewise for the TCC database itself. I’m not prepared to explain these implementation details because of all the usual reasons. If you want Apple to take action here — document something, add a feature, or fix what you think is a bug — I suggest you request that via Feedback Assistant. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

It sounds like you’re trying to use Developer ID signing for day-to-day development. That’s something I recommend you avoid. Rather, use an Apple Development signing identity for development. For background on this, The Care and Feeding of Developer ID. Having said that, I can help you debug this specific problem. I recommend that you start out by isolating this from Xcode. If you run these commands, what do you see: % cp /usr/bin/true MyTrue % codesign -s Developer ID Application -f MyTrue Run these from Terminal, logged into the same GUI login session as you’re using for Xcode. If that prints a no identity found message, what do you see when you run this command: % security find-identity -p codesigning Policy: Code Signing Matching identities … 11) ADC03B244F4C1018384DCAFFC920F26136F6B59B Developer ID Application: Quinn Quinn (SKMME9E2Y8) (CSSMERR_TP_CERT_EXPIRED) 12) 3F8BE319780F84EB2E94ABDFA24E8045A0572A7B Developer ID Application: Quinn Quinn (SKMME9E2Y8) 12 identities found Valid identities only … 4) 3F

I tried to reproduce this but didn’t have any luck. If you extract the code out into a small test project — well, test playground I guess — does it have the same problem? If so, please reply here with a link to that. Note You might have to post the link in the clear; see tip 14 in Quinn’s Top Ten DevForums Tips. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Let’s focus this discussion in your other thread. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Well, that’s not good. I suggest you retry this on the current 26.3 beta, just in case. Assuming the problem shows up there as well, you should file a bug about it. Make sure to include a sysdiagnose log taken shortly after reproducing the problem, ideally as soon as you see the fuzzy screen you showed in your screenshot. Once you’re done, please post your bug number and I’ll take another look. At the API level, one option you have is to create an LAContext and pass it in to each SecItemCopyMatching call via kSecUseAuthenticationContext. It’s not clear whether you’re doing that or not. Please confirm either way. It’s also not clear if it’s even the right thing to do. This technique makes sense when the user performs a single high-level operation that requires multiple cryptographic operations with the same key. However, if the user performs two separate high-level operations back-to-back and that reproduces this issue, then trying to work around this using kSecUseAuthenticationContext isn’t really the right c

[quote='875615022, daniel-l, /thread/814827?answerId=875615022#875615022, /profile/daniel-l'] Is this a known service-side delay? [/quote] That depends on what you mean by “delay”. I recommend you read my up-thread post that discusses the “in-depth analysis” path. [quote='875615022, daniel-l, /thread/814827?answerId=875615022#875615022, /profile/daniel-l'] should I just wait? [/quote] Yes. If it stays stuck longer than a week, write back here and I’ll dig deeper. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='875490022, digitalbrandingmasters, /thread/815000?answerId=875490022#875490022, /profile/digitalbrandingmasters'] All 6 submissions stuck. [/quote] Yep. That’s typical of what I’ve seen developer report in cases like this. [quote='875490022, digitalbrandingmasters, /thread/815000?answerId=875490022#875490022, /profile/digitalbrandingmasters'] my oldest submission is now over 63 hours stuck In Progress [/quote] Indeed. That’s longer that typical, but certainly not unheard of. If it stays stuck that way for longer than a week, ping me here and I’ll dig deeper. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Doing what you’re suggesting on iOS isn’t really feasible. There are two potential sticking points: Running in the background Inter-process communication (IPC) I talk about the first in general terms in iOS Background Execution Limits. However, in your case this might not be a showstopper because you’re interacting with a Bluetooth LE accessory, and Core Bluetooth does have background execution facilities [1]. The second point is much more problematic. In general, iOS doesn’t allow unmediated IPC between apps from different teams. This isn’t a limitation, but a deliberate design decision based on security and privacy policy. The only path forward I see here is for you to ship an SDK that interacts with the Bluetooth accessory directly, that is, from within the process of the app that adopts the SDK. However, that presents other challenges: Each app will need to request the Bluetooth privilege from the user. You have to find a way to mediate access from multiple apps. You can’t do that on the iOS side because

I have filed FB21917334 Thanks! however not in a Hypervisor Framework category as it does not exist Virtualization is fine. But that’s not a problem; it’ll find its way to the right place. ps It’s better to reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

OK, cool. Well, not cool, but you know what I mean (-: Given that you can reproduce this so easily, I recommend that you file a bug about it now. When doing that: Make sure to enable additional VPN logging, per the VPN (Network Extension) instructions on our Bug Reporting > Profiles and Logs page. After reproducing the problem, grab a sysdiagnose and attach it to your bug report. Once you’re done, post your bug number here. My plan is then to grab the crash report from your sysdiagnose log and dig a bit deeper. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Entitlements and code-signing requirements are very different. See the following for more background on each: TN3125 Inside Code Signing: Provisioning Profiles TN3127 Inside Code Signing: Requirements You can use a code-signing requirement to check for an entitlement, for example: % codesign --verify -R '=entitlement [com.apple.security.app-sandbox] exists' -v /Applications/Pages.app … /Applications/Pages.app: explicit requirement satisfied % codesign --verify -R '=entitlement [com.apple.security.app-sandbox] exists' -v /usr/bin/true … test-requirement: code failed to satisfy specified code requirement(s) However, entitlements are tricky to use in this situation because: You can’t create a provisioning profile that authorises a custom requirement. Many of of the popular entitlements are either unrestricted on macOS, or only restricted in that they clear the entitlement-validate flag [1]. Given that, I think maintaining your previous approach makes sense, that is, check for the Team ID and a list of code-signi

Most of the weird keychain failures I see like this are caused by folks using the keychain API incorrectly. I talk about this a lot of in: SecItem: Fundamentals SecItem: Pitfalls and Best Practices However, your additem and readitem summaries look pretty reasonable. It’s hard to see how you could hit the symptoms you’ve described based on this setup. Are you able to reproduce this on a device that you control? Or are you investing this based solely on reports coming in from your users? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Thanks for bringing this to the Apple Developer Forums. First up, I want to double check that this is for iOS. You mentioned the “System Keychain”, which is a macOS thing [1]. On iOS there is only one keychain, known as the data protection keychain. Within that keychain, credentials exist within a keychain access group. Your app’s access to keychain access groups is moderated by entitlements, as explained in Sharing access to keychain items among a collection of apps. Note For a lot more background on keychain APIs, see: SecItem: Fundamentals SecItem: Pitfalls and Best Practices Next, let’s look at your specific questions: [quote='815135021, HSB, /thread/815135, /profile/HSB'] 1- Is there an API that allows us to create a signature without us having to pass the private key itself [/quote] No. iOS does have the ability to work with keys where the key material isn’t directly accessible to your app. We use this, for example, to allow keys to be protected by the Secure Enclave and to support keys stored on a hard

I’m generally skeptical of using Network framework for multicasts. It should work in general, but: There are a bunch of things it can’t do. And even when it can, you often hit weird edge cases. My general advice — and this makes me very sad — is to stick with BSD Sockets for broadcasts and multicasts. See Extra-ordinary Networking > Broadcasts and Multicasts, Hints and Tips. Having said that, this is weird: [quote='815127021, Anshuman1989, /thread/815127, /profile/Anshuman1989'] Reinstalling the app fixes the issue [/quote] This isn’t a standard pathology I see with Network framework’s multicast support and you are right to suspect local network privacy in that case. So let’s dig into that. First up, you’ve signed your app with the the com.apple.developer.networking.multicast entitlement, right? You didn’t mention that, and it’s very important. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

You mean that the compiler crashes? If so, that’s probably something best addressed over in Swift Forums > Using Swift. And speaking generally, to improve your chances of getting traction: Be clear about what version of the compiler you’re testing with. Isolate the code into a small test project that reproduces the issue. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com