Hey devs, I have a really weird issue and at this point I cannot determine is it a Big Sur 11.1 or M1 issue or just some macOS settings issue. Short description programatically (from node, electron) I'd like to store x509 cert to keychain. I got the following error message: SecTrustSettingsSetTrustSettings: The authorization was denied since no user interaction was possible. (1) I could reproduce this issue on: a brand new mac mini with M1 chip and Big Sur 11.1 another brand new mac mini with M1 chip and Big Sur 11.1 a 2018 MacBook pro with Intel chip and Big Sur 11.1 I couldn't reproduce this issue on: 2020 MacBook pro with intel i9 chip and Big Sur 11.1 2020 MacBook pro with intel i9 chip and Big Sur 11.0 How am I trying to store the cert node test.js test.js const { exec } = require('child_process') exec( 	`osascript -e 'do shell script "security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/kotapeter/ssl/testsite.local.crt" with prompt "Test APP wants to store SSL certification to keychain." with administrator privileges'`, 	(error, stdout, stderr) => { 		if (error) { 			console.log(error.stack) 			console.log(`Error code: ${error.code}`) 			console.log(`Signal received: ${error.signal}`) 		} 		console.log(`STDOUT: ${stdout}`) 		console.log(`STDERR: ${stderr}`) 		process.exit(1) 	} ) testsite.local.crt: ----BEGIN CERTIFICATE MIIDUzCCAjugAwIBAgIUD9xMnL73y7fuida5TXgmklLswsowDQYJKoZIhvcNAQEL BQAwGTEXMBUGA1UEAwwOdGVzdHNpdGUubG9jYWwwHhcNMjEwMTE3MTExODU1WhcN NDEwMTEyMTExODU1WjAZMRcwFQYDVQQDDA50ZXN0c2l0ZS5sb2NhbDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBANM08SDi06dvnyU1A6//BeEFd8mXsOpD QCbYEHX/Pz4jqaBYwVjD5pG7FkvDeUKZnEVyrsofjZ4Y1WAT8jxPMUi+jDlgNTiF jPVc4rA6hcGX6b70HjsCACmc8bZd+EU7gm4b5eL6exTsVzHc+lFz4eQFXgutYTL7 guDQE/gFHwqPkLvnfg3rgY31p3Hm/snL8NuD154iE9O1WuSxEjik65uOQaewZmJ9 ejJEuuEhMA8O9dXveJ71TMV5lqA//svDxBu3zXIxMqRy2LdzfROd+guLP6ZD3jUy cWi7GpF4yN0+rD/0aXFJVHzV6TpS9oqb14jynvn1AyVfBB9+VQVNwTsCAwEAAaOB kjCBjzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIC9DA7BgNVHSUENDAyBggrBgEFBQcD AQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgwHQYDVR0O BBYEFDjAC2ObSbB59XyLW1YaD7bgY8ddMBkGA1UdEQQSMBCCDnRlc3RzaXRlLmxv Y2FsMA0GCSqGSIb3DQEBCwUAA4IBAQBsU6OA4LrXQIZDXSIZPsDhtA7YZWzbrpqP ceXPwBd1k9Yd9T83EdA00N6eoOWFzwnQqwqKxtYdl3x9JQ7ewhY2huH9DRtCGjiT m/GVU/WnNm4tUTuGU4FyjSTRi8bNUxTSF5PZ0U2/vFZ0d7T43NbLQAiFSxyfC1r6 qjKQCYDL92XeU61zJxesxy5hxVNrbDpbPnCUZpx4hhL0RHgG+tZBOlBuW4eq249O 0Ql+3ShcPom4hzfh975385bfwfUT2s/ovng67IuM9bLSWWe7U+6HbOEvzMIiqK94 YYPmOC62cdhOaZIJmro6lL7eFLqlYfLU4H52ICuntBxvOx0UBExn----END CERTIFICATE testsite.local.key: ----BEGIN RSA PRIVATE KEY MIIEpQIBAAKCAQEA0zTxIOLTp2+fJTUDr/8F4QV3yZew6kNAJtgQdf8/PiOpoFjB WMPmkbsWS8N5QpmcRXKuyh+NnhjVYBPyPE8xSL6MOWA1OIWM9VzisDqFwZfpvvQe OwIAKZzxtl34RTuCbhvl4vp7FOxXMdz6UXPh5AVeC61hMvuC4NAT+AUfCo+Qu+d+ DeuBjfWnceb+ycvw24PXniIT07Va5LESOKTrm45Bp7BmYn16MkS64SEwDw711e94 nvVMxXmWoD/+y8PEG7fNcjEypHLYt3N9E536C4s/pkPeNTJxaLsakXjI3T6sP/Rp cUlUfNXpOlL2ipvXiPKe+fUDJV8EH35VBU3BOwIDAQABAoIBAQDDGLJsiFqu3gMK IZCIcHCDzcM7Kq43l2uY9hkuhltrERJNle70CfHgSAtubOCETtT1qdwfxUnR8mqX 15T5dMW3xpxNG7vNvD/bHrQfyc9oZuV6iJGsPEreJaV5qg/+E9yFzatrIam0SCS7 YL6xovPU58hZzQxuRbo95LetcT2dSBY33+ttY7ayV/Lx7k6nh0xU6RmTPHyyr8m7 yHpoJoSxdT/xv5iBSZ8mM9/2Vzhr14SWipVuwVVhDSfbn8ngHpIoQDkaJLMpWr+m 4z3PqfftAwR6s6i96HnhYLnRir618TQh4B9IEngeEwCMn4XAzE3L+VTaKU1hg9el aMfXzPERAoGBAPa+sJ2p9eQsv0vCUUL8KeRWvwjDZRTd+YAIfpLMWrb0tMmrBM4V V0L2joF76kdDxt1SAlHoYCT/3Rn8EPmK0TN3MEskiXQ7v57iv+LZOZcpe0ppG/4A ZihF9+wUjFCDw4ymnRQD463535O6BgZV+rcZksFRD2AwvEjt1nYm93VXAoGBANsh AYM+FPmMnzebUMB0oGIkNkE9nVb9MPbQYZjEeOeHJqmt1Nl6xLuYBWTmWwCy7J4e QPtnuMCdO6C1kuOGjQPBFIpeyFMzll+E3hKzicumgCpt5U8nTZoKc/jZckRD7n3p lbYYgHOR3A/3GCDK5L3rwziWpSRAGMSCQylvkOC9AoGBAKLfZL3t/r3LO8rKTdGl mhF7oUYrlIGdtJ/q+4HzGr5B8URdeyJ9u8gb8B1Qqmi4OIDHLXjbpvtFWbFZTesq 0sTiHCK9z23GMsqyam9XbEh3vUZ082FK6iQTa3+OYMCU+XPSV0Vq+9NPaWGeHXP5 NTG/07t/wmKASQjq1fHP7vCpAoGBAK4254T4bqSYcF09Vk4savab46aq3dSzJ6KS uYVDbvxkLxDn6zmcqZybmG5H1kIP/p8XXoKCTBiW6Tk0IrxR1PsPHs2D3bCIax01 /XjQ1NTcYzlYdd8gWEoH1XwbJQWxHINummBTyowXguYOhVhM9t8n+eWbn1/atdZF 2i+vS3fhAoGAYKw6rkJfTSEswgBKlQFJImxVA+bgKsEwUti1aBaIA2vyIYWDeV10 G8hlUDlxvVkfwCJoy5zz6joGGO/REhqOkMbFRPseA50u2NQVuK5C+avUXdcILJHN zp0nC5eZpP1TC++uCboJxo5TIdbLL7GRwQfffgALRBpK12Vijs195cc=----END RSA PRIVATE KEY What I've already found If I run the following command from terminal It asks my password first in terminal and after that It asks my password again in OS password prompt. sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/kotapeter/ssl/testsite.local.crt It looks like I'm getting the above error message because osascript hides the second password asking dialog. The cert always gets stored in keychain but when I get the error message the cert "Trust" value is not "Always Trust". References StackOverflow question: https://stackoverflow.com/questions/65699160/electron-import-x509-cert-to-local-keychain-macos-the-authorization-was-deni opened issue on sudo-prompt electron package: https://github.com/jorangreef/sudo-prompt/issues/137

Hello! I need to load dylib signed by another developer (using dlopen). For that, I added following entitlement to hardened runtime: com.apple.security.cs.disable-library-validation However, after adding this entitlement, the app fails to start, generating a crash report indicating codesigning fail. This happens even without any code for loading the library in the app. I tried it in a blank project, and it worked just fine. The app also has Endpoint security entitlement (in provisioning profile), so I am suspecting that might be the cause, however, I was not able to find anything about this in the documentation. Thank you for any help.

Hello everyone, I'm trying to create an App Clip for my existing app (it's a multiplatform app). Now Xcode can't sign my app, and the following error appears: Provisioning profile "iOS Team Provisioning Profile: xx" doesn't match the entitlements file's value for the com.apple.developer.associated-appclip-app-identifiers entitlement. If I don't add that row in my project's entitlement then I can sign my app but I can't upload it to App Store Connect, telling me that the value is missing. I've tried to delete the saved profiles in my Mac and force Xcode to download them again. I started thinking about if you can create an App Clip for a multiplatform project or even if it's a bug in Xcode 12.5 beta 3. Does anyone experienced the same or have some suggestion to try? Thank you! Aniol

I'm trying to monetize my app with MoPub for iOS 14, but my ad is not being shown and I get some errors that include Target is not running or required target entitlement is missing. According to MoPub Support, this is NOT a problem with MoPub -- it's a problem with my app configuration. However, the problem only occurs if the MoPub framework is added to the project. Here are the relevant logs: Initialized OM SDK version: 1.3.4-Mopub Attempting to load ad [assertion] Error acquiring assertion: Error Domain=RBSAssertionErrorDomain Code=3 "Target is not running or required target entitlement is missing" UserInfo={RBSAssertionAttribute=RBSDomainAttribute| domain:"com.apple.webkit" name:"Background" sourceEnvironment:"(null)", NSLocalizedFailureReason=Target is not running or required target entitlement is missing} [ProcessSuspension] 0x10b0b8bc0 - ProcessAssertion: Failed to acquire RBS Background assertion 'WebProcess Background Assertion' for process with PID 18829, error: Error Domain=RBSAssertionErrorDomain Code=3 "Target is not running or required target entitlement is missing" UserInfo={RBSAssertionAttribute=RBSDomainAttribute| domain:"com.apple.webkit" name:"Background" sourceEnvironment:"(null)", NSLocalizedFailureReason=Target is not running or required target entitlement is missing} SDK initialized and ready to display ads. Initialized adapters: No adapters initialized Could not signal service com.apple.WebKit.WebContent: 113: Could not find specified service Could not signal service com.apple.WebKit.Networking: 113: Could not find specified service I tried integrating the MoPub framework manually, and via cocoa pods -- with the same outcome. Question: What entitlement(s) do I need to add to my app, assuming that this is an entitlements issue? How do I fix these errors? Thank you! Edit: I tried adding the "Access WiFi Information" capability and also the "App Transport Security Settings" - "Allow Arbitrary Loads" .plist entry, to no avail.

Hi everybody, I’m the maintainer of GNU Prolog (gprolog). I try to port it to the new arm64/darwin apple architecture since a contributor gave me an ssh access to its machine (I can thus only execute commands via command-line bash). I can compile gprolog (it uses a classical unix-style procedure ./configure + make using gcc (clang)). The machine is pretty fast ! However, at run-time I obtain a segmentation violation which I’d like to debug using lldb. I initially obtained this error:  error: process exited with status -1 (developer mode is not enabled on this machine and this is a non-interactive debug session.) I asked the owner of the machine to enable the developer mode. But now I obtain: error: process exited with status -1 (this is a non-interactive debug session, cannot get permission to debug processes.) I saw several posts mentioning entitlements (I’m sorry I’m not an expert of Mac). Here is what I obtain with my executable (I created a simple test case executable called ./t): codesign -d -vvv --entitlements :- ./t Executable=/Users/ddiaz/GP/src/BipsPl/t Identifier=t Format=Mach-O thin (arm64) CodeDirectory v=20400 size=8410 flags=0x20002(adhoc,linker-signed) hashes=260+0 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=c0ddf4ad6672b7c65b2a90d274bb29783625d502 CandidateCDHashFull sha256=c0ddf4ad6672b7c65b2a90d274bb29783625d5021b6e1d67c6be5c7774c265b5 Hash choices=sha256 CMSDigest=c0ddf4ad6672b7c65b2a90d274bb29783625d5021b6e1d67c6be5c7774c265b5 CMSDigestType=2 CDHash=c0ddf4ad6672b7c65b2a90d274bb29783625d502 Signature=adhoc Info.plist=not bound TeamIdentifier=not set Sealed Resources=none Internal requirements=none I saw, in some posts, a permission com.apple.security.get-task-allow which should be enable. Do you think the problem comes from this permission ? How can I add it using command-line console ? Thanks you for your help Didou

Hi , I have successfully provisioned my card into Apple wallet. nd after that I am calling passes() API of PKPassLibrary class , getting empty data.  let passLibary = PKPassLibrary() let pass = passLibary.passes() // giving empty response.  I tried with below API as well, this is giving empty response.  let passListItems = passLibary.passes(of: .secureElement).Pls guide me where I am missing something.

Invalid Provisioning Profile. The provisioning profile included in the bundle ***.***.XX [Payload/Runner.app/PlugIns/OneSignalNotificationServiceExtension.appex] is invalid. [Missing code-signing certificate]. A Distribution Provisioning profile should be used when submitting apps to the App Store. For more information, visit the iOS Developer Portal. With error code STATE_ERROR.VALIDATION_ERROR.90161 for id 81c3cef4-fefe-468d-910c-cf7a4b5377a8 Any help? I have tried to create new provisioning profile and identifiers but still get this error when uploading app to the App Store.

Hi, application that i'm working on uses NFC which is invoking Apple Pay. I've got permission from Apple to suppress it. I've set com.apple.developer.passkit.pass-presentation-suppression to true. Then i had to follow instructions from email: Go to the developer website, login, edit provisioning profile, select the entitlement from the drop down menu In first step i don't have dropdown to select entitlements From the Xcode IDE, go to Build Settings, ensure same profile from Step 1 is selected to sign the app Add entitlement manually to the entitlement plist. Any manually created provisioning profile fails to sign app due to missing entitlement. Using automatic signing also fails. I couldn't find any relevant informations about this issue over the web. Thanks for your help

I have a macOS app that captures screen images. The first time I run this application, a dialog is shown directing the user to give my app Screen Recording permission. Is there a way I can trigger this dialog earlier and detect whether the permission was granted?

I'm working on new virtual camera by using IOUSBHostControllerInterface, when I run my code, it asks for the approval of com.apple.usb.hostcontrollerinterface entitlement from Apple, I disabled SIP of the system and it won't let me go further. I submitted the FB9203842 by middle of last month and no response from Apple yet, submitted DTS and that won't speed up the approval process. Is there any way I could continue working on it while waiting for Apple's approval? I believe the entitlement approval is only for distribute the product, not developing the product. Thanks Steven

Hi, My account was approved for the com.apple.developer.playable-content entitlement, but now it's deprecated and I want to switch to the new one com.apple.developer.carplay-audio. I have some problems making the transition, do I need to submit a new request to Apple for the new entitlement? Thanks.

Is the com.apple.developer.kernel.increased-memory-limit entitlement working as of iOS 15 Beta 3. As of right now if I try to add this entitlement on Beta 3 or below, the Automatic Signing fails. How much extra memory would be provided for an Application or its extension with this entitlement?

We have an ipad that connects to a mac device on the local network. And the connections have suddenly stopped working after Xcode 12 and driving us crazy as to where the issue is. (We don’t have the multicast entitlement capabilities so it wasn’t added to any of our builds. ) Xcode 11: For some reason all our builds from Xcode 11 have successful local network connections on IOS 12 & 14 Xcode 12: but ever since we updated Xcode to 12 local networking on all our builds no longer work on IOS 14. To make it more interesting they do work on older IOS 12 devices. So we’re left wondering where to apply any solutions here. We’ll apply for multicast but still wondering how it’s possible local networking works only with Xcode 11 builds on all IOS and Xcode 12 builds work only on iOS 12 and not IOS 14 What should we do here? Any tips can help thank you.

Hi there! I'm not able to build my NFC APP with Xcode 12.5.1 for my Iphone 11 pro Provisioning profile ... doesn't include the com.apple.developer.nfc.readersession.felica.systemcodes and com.apple.developer.nfc.readersession.iso7816.select-identifiers entitlements. **Here is my info.plist: ** and here is my entitlement: What could be the problem? Thank you in advance. Best Regards, Daniel

On Big Sur, user interaction is sometimes necessary to modify trust settings of a certificate (see https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Security). This means that sometimes, app calling SecTrustSettingsSetTrustSettings blocks until user enters password even if it is running as root (or fails with "The authorization was denied since no user interaction was possible" if it is run from a context where user session is not available). But it seems that for vast majority of machines, entering the password is not necessary (for other voice confirming this, please see https://developer.apple.com/forums/thread/671582). Please is there any way how to check whether user interaction will be required for this operation on the machine in advance? Be it via api or some characteristics of the system? This would lead to better user experience of our app...

I have fetched the Apple Sample code for SimpleTunnel project and modified it to build and run under current Xcode and Swift 5. I am trying to establish a VPN tunnel app<->tunnel_server using the default configurations (default config.plist, default "Demo VPN" setting in "PacketTunnel" section of app). My issue is that PacketTunnel Network Extension get terminated due to not having suitable Entitlements, at least this is how I read the log in Console: -CMSessionMgr- CMSessionMgrHandleApplicationStateChange: CMSession: Client com.mycompany.com.example.apple-samplecode.SimpleTunnel.PacketTunnel with pid '3348' is now Terminated. Background entitlement: NO LongFormVideoApp: NO I did follow this forum post to create appID and provisioning profile and I tripple checked I am using this profile for the "PacketTunnel" target. Dumping the profile, that looks OK to me: <key>Entitlements</key> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> </array> ...

Hi, I have requested USB Transport and UserClient Access successfully, but the applications containing the entitlemet don't work. driver.dext: User-mode usb driver Driver.app: Application to install the user-mode driver Error Termination Reason: Namespace CODESIGNING, Code 0x01 ・entitlement file of driver.dext <key>com.apple.developer.driverkit</key> <true/> <key>com.apple.developer.driverkit.transport.usb</key> <array> <dict> <key>idVendor</key> <integer>****</integer> </dict> </array> ・entitlement file of Driver.app <key>com.apple.developer.driverkit.userclient-access</key> <array> <string>****bundle id of driver.dext</string> </array> ・driver.dext provisioning profile CMS command <key>Entitlements</key> <dict> <key>com.apple.developer.driverkit.transport.usb</key> <array> </array> <key>com.apple.developer.driverkit</key> <true/> <key>com.apple.application-identifier</key> <string>bundle id</string> <key>keychain-access-groups</key> <array> <string>****</string> </array> <key>com.apple.developer.team-identifier</key> <string>****</string> </dict> ・Driver.app provisioning profile CMS command <key>Entitlements</key> <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.application-identifier</key> <string>bundle ID</string> <key>keychain-access-groups</key> <array> <string>****.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>****</string> </dict> Would you let me know the solutions if you have?