“eskimo”

This isn’t the first time I’ve seen reports of this. Now where did I put that thread… ah, here it is: XPC connection consistently invalidated on app upgrade In my answer on that thread I suggested that folks file their own bugs about this, asking them to be marked as a dup of FB17032197. I’m going to reiterate that advice here. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

You are correct that nested virtualisation is not supported with macOS guests. Beyond that, I’m not sure if there’s much useful info I can give you. Let’s look at your remaining questions: [quote='827663021, trukhinyuri, /thread/827663, /profile/trukhinyuri'] 2- If not, should this be treated as an intentional current limitation … ? [/quote] Yes. [quote='827663021, trukhinyuri, /thread/827663, /profile/trukhinyuri'] 3- Is there a supported host-side API or validation behavior to detect this limitation before creating or starting the VM? [/quote] I don’t understand this question. As you’ve pointed at, the nested virtualisation properties are on VZGenericPlatformConfiguration rather than VZMacPlatformConfiguration, and creating a macOS guest requires the latter. Thus this lack of support is visible to you at compile time. There’s no need for dynamic validation. One consequence of this is that, if support for this were added in the future, it would require new API. If and when that happens, you’ll be able to mea

[quote='827548021, Pavel, /thread/827548, /profile/Pavel'] mechanism for starting a user‑level Network Extension [/quote] I want to start by clarifying this “user level” concept. A transparent proxy is not really a user-level thing. On macOS there’s a single networking stack and all users, and the system, use that stack. Your transparent proxy exists, at least conceptually, within the networking stack, and thus it sees network traffic from all users. Additionally, if you use sysex packaging then your NE provider is loaded by what is effectively a launchd daemon, which is completely disconnected from any user login state. Finally, macOS supports zero or more user login sessions, with an arbitrary mix of GUI and non-GUI sessions. You proxy needs to account for that flexibility. Having a launchd agent is a good start, because that will be instantiated in each login session (the exact behaviour depends on how you set LimitLoadToSessionType). Given all of the above, I don’t think it makes sense to start and stop t

This isn’t something we can help you with here on the forums. Rather, you need to seek help via official channels. For the details, see this post. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Let’s focus this discussion on your other thread. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='888864022, rbmanian75, /thread/826990?answerId=888864022#888864022, /profile/rbmanian75'] my goal is to prvoide a browser based remote control solution [/quote] Hmmm. How does that actually fit together? My best guess is: The user has a Mac. It’s running your software. Which is running a VM, with its associated VZVirtualMachineView. Your software proxies that view to some sort of screen sharing web service. The user, on some completely different computer, possibly not even a Mac, opens a web browser. And logs in to your screen sharing web service. Which proxies UI events from the web browser to the VZVirtualMachineView and screen updates in the other direction. Is that right? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Folks, I’m gonna lock this thread. It’s clear that people are finding the thread and piling on to it, without really grokking my earlier response. That’s not helpful, because the exact evolution of this process varies for each team. So, if you find yourself here: Please read this reply and this reply. My experience is that this “in-depth analysis” usually clears after a few days. If your requests have been stuck in the In Progress state for more than a week, please start a new thread in the Code Signing > Notarization subtopic and I’ll respond there. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='888886022, Madhuri_Ramapure, /thread/826318?answerId=888886022#888886022, /profile/Madhuri_Ramapure'] could you please review my initial post? [/quote] I re-read your original post and: It’s written in terms of your third-party tooling, which I can’t help you with. It doesn’t say anything about your high-level goal. Regarding that last point, my understanding of the issue as it currently stands is: Your app issues requests in a URLSession background session. You want to do custom HTTPS server trust evaluation on those requests. When the user ‘force quits’ your app, the next time they run the app those requests all fail. Which means that the authentication challenge delegate method never gets called. Is that correct? If so, the behaviour you’re seeing is all expected. Specifically: In step 3, the act of ‘force quitting’ the app causes all the requests to fail, as I explained above. In step 4, a request that’s failing in this way will go straight to urlSession(_:task:didCompleteWithError:), without call

[quote='827389021, matthewruzzi, /thread/827389, /profile/matthewruzzi'] FB22844424 [/quote] Thanks for that. DTS recently got together and compared our top N list of forums ERs, and this was high up on the list of one DTSer [1]. So he’ll be super pleased you filed this (-: Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] Not me, btw. I write all my forums posts in a text editor. This is a long-standing habit because a) I’m very used to my text editor (BBEdit), b) over the years I’ve been bitten by numerous websites ‘eating my homework’, and c) I archive and index all of the resulting text documents.

[quote='827442021, maliyilmaz0, /thread/827442, /profile/maliyilmaz0'] macOS does not allow the use of a custom 802.1X supplicant. [/quote] Correct. [quote='827442021, maliyilmaz0, /thread/827442, /profile/maliyilmaz0'] Is there any roadmap … in future macOS releases? [/quote] Not that I’m aware of. If you’d like to see such an API added in the future, I encourage you to file an enhancement request describing your requirements. Please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

You can expect that most uploads will be notarised quickly. Occasionally, some uploads are held for in-depth analysis and may take longer to complete. As you notarise your apps, the system will learn how to recognise them, and you should see fewer delays. For lots of additional info about notarisation, see Notarisation Resources. Specifically, it links to a Q&A with the notary service team that’s quite instructive. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

AFAIK there’s been no change of policy on this front. That WWDC session, and for that matter TN3134, don’t discuss this debugging affordance because they’re focused on deployment, not development. [quote='827318021, Colin_newbie, /thread/827318, /profile/Colin_newbie'] All I get is NEConfigurationErrorDomain Code=10 permission denied before my app code even runs. [/quote] I don’t understand this comment. This affordance affects your ability to save a configuration. That is, with this affordance your container app can successfully save a configuration using NEFilterManager.saveToPreferences() under circumstances where it would not normally be allowed to do that. So I’m struggling to see how you could get into this situation “before my app code even runs”. Please clarify. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='888791022, RomainDropB, /thread/827228?answerId=888791022#888791022, /profile/RomainDropB'] The url-filter-provider capability does not appear in the Capability Requests tab of my developer portal. [/quote] This isn’t a standalone capability. Rather, this feature is gated by the url-filter-provider element of the com.apple.developer.networking.networkextension entitlement. And that entitlement is available all paid developers. To activate it: In Signing & Capabilities, make sure you have automatic code signing enabled [1] and select a paid team from the Team popu. Click the add (+) capability button and choose Network Extensions. Enable URL Filter. Do this for both your container app target and the URL filter provider target. [quote='888791022, RomainDropB, /thread/827228?answerId=888791022#888791022, /profile/RomainDropB'] does the full PIR server + Privacy Pass infrastructure need to be deployed and running before submitting the form, [/quote] Yes. Part of the approval process checks that your s

[quote='888831022, Paul from Vancouver, /thread/826941?answerId=888831022#888831022, /profile/Paul+from+Vancouver'] I can now verity the .pkg file with Transporter and upload to App Store Connect [/quote] Cool. [quote='888831022, Paul from Vancouver, /thread/826941?answerId=888831022#888831022, /profile/Paul+from+Vancouver'] but installing to the Applications folder does not work. [/quote] Installing how? By opening the .pkg with the Installer? That’s not expected to work. In general, you can’t test distribution signed code like this. Rather, upload your app to the App Store and then test it with TestFlight. For more backstory, see Don’t Run App Store Distribution-Signed Code. [quote='888831022, Paul from Vancouver, /thread/826941?answerId=888831022#888831022, /profile/Paul+from+Vancouver'] I am making an Adobe AIR app so I may need to treat the UNIX executable included in the .app file as an embedded file. [/quote] I’m not sure I understand what you’re getting at here. If you’re publishing on the Mac App Sto

I don’t think you’ll learn more from these crash reports. My advice is that you try to find a way to make this more reproducible. That’s what we need to further investigate the bug. See my previous post for suggestions on how you might go about this. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com