Post not yet marked as solved
{"duration_ms":"227124", "share_with_app_devs":0,"roots_installed":0,"bug_type
":"142", "os_version": "iPhone OS 17.3.1
(21D61)", "slice_uuid":"D479D5BB-1F9F-3405-
BFAA-254435395FF3","is_first_party":0,"incident_id":"DFA88D80-8E48-46E9-8
A18-4BCOC496D6EB", "timestamp":"2024-02-14 14:18:15.00
-0500", "app_name":"backboardd", "name":"backboardd"} Date/Time:
2024-02-14 14:14:26.336 -0500
End time:
2024-02-14 14:18:13.460 -0500
OS Version:
iPhone OS 17.3.1 (Build 21D61)
Architecture:
arm64e
Report Version: 44
Incident Identifier: DFA88D80-8E48-46E9-8A18-4BC0C496D6EB
Data Source:
Microstackshots
Shared Cache:
B497C9DB-C62E-372D-B727-868EE7931E1 slid base address
0x186c3c000, slide 0x6c3c000
Shared Cache:
E6753008-4C83-3F88-899E-202E9BAE2994 slid base address
0x19108000, slide 0x1108000 Command:
backboardd
Path:
/usr/libexec/backboardd
Resource Coalition ID: 73
On Behalf Of:
1 sample backboardd [66], 1 sample UNKNOWN [60]
Architecture:
arm64e
Parent:
UNKNOWN [1]
PID:
66
Event:
wakeups
Action taken:
none
45002 wakeups over the last 227 seconds (198 wakeups per
second average), exceeding limit of 150 wakeups per second over 300 seconds Wakeups limit:
45000
Limit duration: 300s
Wakeups caused: 45002
Wakeups duration: 227s
Duration:
227.125
Duration Sampled: 226.25s
Steps:
249
Hardware model:
iPhone14,8
Active cpus:
6
HW page size:
VM page size:
16384
16384
Advisory levels: Battery -> 2, User -> 3, ThermalPressure -> 0, Combined - > 2
Free disk space: 93.55 GB/119.07 GB, low space threshold 150 MB
Vnodes Available: 62.95% (15107/24000, 12000 allocated, 12000 soft limit)
Preferred User Language: en-US
Country Code:
US
Keyboards:
en_US QWERTY, emoji Emoji
OS Cryptex File Extents: 1
Heaviest stack for the target process:
30 ??? (libsystem_pthread.dylib + 6660) [0x1f8b0ba04]
30 ??? (libsystem_pthread.dylib + 6500) [0x1f8b0b964]
29 ??? (libdispatch.dylib + 92280) [0x1969e4878]
29 ??? (libdispatch.dylib + 94212) [0x1969e5004]
17 ??? (libdispatch.dylib + 54952) [0x1969db6a8]
16 ??? (libdispatch.dylib + 50168) [0x1969da3f8]
libsystem_pthread.dylib
0x1fb3be000 -
0x1fb3c1fff 10SurfaceAccelerator
<007AAAE6-5817-3A37-BDCC-0A650D29174E> /System/Library/ PrivateFrameworks/lOSurfaceAccelerator.framework/lOSurfaceAccelerator
0x1c316000 -
0x1c339fff ANEServices
<8710EDDB-6F92-3D92-AB24-0D4C1BCB890D> /System/Library/ PrivateFrameworks/ANEServices.framework/ANEServices
0x229c09000 -
0x229dc3fff H13ISP.mediacapture
/System/Library/MediaCapture/ H13ISP.mediacapture
0х233403000 -
0x233776fff NRFV3
<4A85805A-
D53A-336D-B4A7-3E6DA86B6AA7> /System/Library/VideoProcessors/
NRFV3.bundle/NRFV3
Powerstats for:
appleh13camerad
UUID:
5476D86A-AEE4-3CC1-B022-F853712B83C6
Path:
/usr/sbin/appleh13camerad
Shared Cache:
B497C9DB-C62E-372D-B727-868EE7931E1 slid base address
0x186c3c000, slide 0x6c3c000
Resource Coalition ID: 187
Architecture:
arm64e
Start time:
2024-02-14 14:15:35.700 - 0500
End time:
2024-02-14 14:17:29.572 -0500
Num samples:
29 (12%)
Primary state: 25 samples Non-Frontmost App, Non-Suppressed, User mode, Effective Thread QoS Unspecified, Requested Thread QoS Unspecified, Override Thread QoS Unspecified
User Activity:
O samples Idle, 29 samples Active
Power Source:
29 samples on Battery, 0 samples on AC
29 ??? (libsystem_pthread.dylib + 6672) [0x1f8b0ba10]
29 ??? (libsystem_pthread.dylib + 9428) [0x1f8b0c4d4]
28 ??? (appleh13camerad + 199664) [0x104d90bf0]
28 ??? (CoreFoundation + 209244) [0x18ea0515c]
28 ??? (CoreFoundation + 209912) [0x18ea053f8]
24 ??? (CoreFoundation + 212384) [0x18ea05da0]
23 ??? (CoreFoundation + 214888) [0x18ea06768]
23 ??? (CoreFoundation + 220384) [0x18ea07ce0]
23 ??? (CoreFoundation + 220580) [0x18ea07da4]
22 ??? (10Kit + 48792) [0x197438e98]
18 ??? (appleh13camerad + 198828) [0x104d908ac]
17 ??? (appleh13camerad + 152568) [0x104d853f8]
17 ??? (appleh13camerad + 150332) [0x104d84b3c]
17 ??? (appleh13camerad + 89100) [0x104d75c0c]
11 ??? (appleh13camerad + 90160) [0x104d76030]
6
??? (appleh13camerad + 114140) [0x104d7bddc]
3
??? (appleh13camerad + 125900) [0x104d7ebcc]
2
??? (appleh13camerad + 125504) [0x104d7ea40]
5
??? (appleh13camerad + 126164) [0x104d7ecd4] ??? (appleh13camerad + 113792) [0x104d7bc80]
1
??? (appleh13camerad + 126192) [0x104d7ecf0] ??? (appleh13camerad + 125900) [0x104d7ebcc] ??? (appleh13camerad + 125520) [0x104d7ea50] ??? (appleh13camerad + 125508) [0x104d7ea44]
3
??? (appleh13camerad + 125504) [0x104d7ea40]
??? (appleh13camerad + 92848) [0x104d76ab0]
2 ??? (appleh13camerad + 131932) [0x104d8035c]
1 ??? (appleh13camerad + 131960) [0x104d80378] ??? (appleh13camerad + 99236) [0x104d783a4] ??? (appleh13camerad + 92648) [0x104d769e8]
1 ??? (appleh13camerad + 129768)
(QuartzCore + 519284) [0x19005cc74]
4 ??? (QuartzCore + 486688) [0x190054d20]
3 ??? (QuartzCore + 487556) [0x190055084]
3 ??? (QuartzCore + 488956) [0x1900555fc]
3 ??? (10MobileFramebuffer + 11728) [0x1bf5d8ddO]
3 ??? (10Kit + 7056) [0x19742eb90]
3 ??? (10Kit + 6508) [0x1974296c]
3 ??? (libsystem_kernel.dylib + 4472) [0x1d6169178]
3
??? (QuartzCore + 487292) [0x190054f7c]
1 ??? (10MobileFramebuffer + 11728) [0x1bf5d8dd0]
1 ??? (10Kit + 7056) [0x19742eb90]
1 ??? (10Kit + 6508) [0x19742e96c]
1 ??? (libsystem_kernel.dylib + 4472) [0x1d6169178]
1
4 ??? (QuartzCore + 524852) [0x19005e234]
2 ??? (QuartzCore + 603072) [0x1900713c0]
1 ??? (10MobileFramebuffer + 7660) [0x1bf5d7dec]
1
??? (IOMobileFramebuffer + 7920) [0x1bf5d7ef0]
??? (IOMobileFramebuffer + 7596) [0x1bf5d7dac]
1
??? (IOKit + 5692) [0x19742e63c]
1 ??? (IOKit + 5880) [0x19742e6f8]
1
??? (IOKit + 6508) [0x19742e96c]
1 ??? (libsystem_kernel.dylib + 4472) [0x1d6169178]
1
1 ??? (QuartzCore + 600724) [0x190070a94]
1
??? (QuartzCore + 605164) [0x190071bec]
1 ??? (Metal + 310724) [0x18e606dc4]
1 ??? (libdispatch.dylib + 80616) [0x1969e1ae8]
1 ??? (libdispatch.dylib + 17152) [0x1969d2300]
1 ??? (Metal + 30856) [0x18e5c2888]
1 ??? (Metal + 31384) [0x18e5c2a98]
1 ??? (10GPU + 19312) [0x20515db70]
1 ??? (10GPU + 19704) [0x20515dcf8]
1 ??? (10Kit + 208296) [0x19745fda8]
1
‹Kernel mode>
1 ??? (QuartzCore + 594540) [0x19006f26c]
1 ??? (IOMobileFramebuffer + 11016) [0x1bf5d8b08]
1 ??? (10Kit + 7056) [0x19742eb90]
1 ??? (10Kit + 6508) [0x19742e96c]
??? (libsystem_kernel.dylib + 4472) [0x1d6169178]
1
1 ??? (QuartzCore + 523680) [0x19005dda0]
1 ??? (QuartzCore + 302748) [0x190027e9c]
1 ??? (QuartzCore + 303720) [0x190028268]
1
??? (QuartzCore + 807976) [0x1900a3428]
1 ??? (QuartzCore + 26328) [0x18ffe46d8]
1 ??? (QuartzCore + 24376) [0x18ffe3f38]
1 ??? (QuartzCore + 26328) [0x18ffe46d8]
??? (QuartzCore + 26328) [0x18ffe46d8]
??? (QuartzCore + 24376) [0x18ffe3f38]
??? (QuartzCore + 26328) [0x18ffe46d8]
1 ??? (QuartzCore
Post not yet marked as solved
I'm currently trying to develop a transparent data encryption(TDE) system on MacOS 12.6.8. Our company has its own file encryption format. In order to facilitate safe and convenient file transfer between Windows and Mac platforms, we need to develop a TDE system on the Mac platform (on the Windows platform, we have developed such a system based on the Minifilter framework).
I tried to implement this system using a MacFuse based file system and the Endpoint Security system extension, but found that this did not allow complete control of files on the Mac system. For example, when you use Finder to copy an encrypted file, the decrypted data will be copied out. I'm guessing this might be due to Finder or some other system process cache.
By referring to the current product introductions of other companies, I learned that the current TDE systems on Mac systems are all based on kernel extension. But I noticed that Apple no longer encourages kernel extension development, and the Mac kernel has fewer and fewer APIs open to development.
So I would like to ask is it still feasible to develop a TDE system based on the kernel extension?
Post not yet marked as solved
Hey everyone,
I'm currently working on developing a kernel extension (kext) for the custom file system on macOS.
I opted for a kernel extension due to its potential for higher performance compared to using FileProvider. However, during development, I've noticed a significant performance bottleneck related to synchronous I/O operations within the VFS subsystem.
It appears that all I/O operations in the macOS kernel, such as vnop_read/vnop_write (sock_receive/sock_send), are executed synchronously. (https://forums.swift.org/t/task-safe-way-to-write-a-file-asynchronously/54639/7)
For example, the Linux kernel supports asynchronous I/O operations, which utilize struct file_operations.read_iter/write_iter.
This discrepancy in implementation leads to a considerable performance gap, with macOS performing approximately 8-15 times slower than Linux implementation.
Given this performance difference, I'm reaching out to seek advice and insights from the community.
Are there any known strategies or best practices for improving the performance of kernel extensions related to file systems on macOS?
Any guidance or suggestions on how to optimize the performance of file system operations on macOS kext would be greatly appreciated. Thank you in advance for your assistance!
Post not yet marked as solved
I'm developing a encrypte&decrypt filesystem on Mac. I use MacFuse to realize this filesystem and mount it under a folder.
By doing this I can hook the open file method when user are trying to open the encrypted file(such as A.rtf) under the mounted folder. Then I will decrypt A.rtf and generate a new decrypted file, let's call it as B.rtf. In the hooked open file method, I will return B.rtf file descriptor so that the user can open the decrypted file.
All works fine, until I opend the encrypted file once and copy it. It seems Mac system directly using the decrypted cache data when doing copy, so the decrypted content will be copied.
I tried add fcntl(fd, F_NOCACHE, 1); fcntl(fd, F_NODIRECT, 1) after int fd = open([p UTF8String], mode);, but it not work.
So is there a way to clearly tell the Mac system, do not cache my data when open files?
Post not yet marked as solved
Hi,
I've got swiftUI based application. It seems that on some occasions, when the app starts, I get the following popup window but I don't know which restricted items it attempts to access (passwords,network, etc..) . How can I tell what trigger this elevation message ?
Thanks !
Post not yet marked as solved
Hello,
in my Mac Catalyst app, I have detail view with sections modeled as DisclosureGroups. The label view has a button, that shall trigger a file import view when pushed. The label view is defined as follows:
swift
HStack {
Text(LocalizedStringKey("Documents")).font(.title)
Spacer()
Button {
showFileImporter = false
// fix broken picker sheet
DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
showFileImporter = true
}
} label: {
Image(systemName: "doc.badge.plus")
.padding(.horizontal, 10)
}
.disabled(!expanded)
.fileImporter(
isPresented: $showFileImporter,
allowedContentTypes: [.data],
allowsMultipleSelection: false) { result in
// add fileUrl.startAccessingSecurityScopedResource() before accessing file
NSLog("\(result)")
}
}
Unfortunately the file import view is not showing, when the button is pushed, although the state changes to true.
Does anybody have any hints?
BTW the repo is available at https://github.com/thbonk/repti/tree/ui-refactoring
The view in question is https://github.com/thbonk/repti/blob/ui-refactoring/Repti/Source/UI/Views/IndividualDetails/DocumentsSubview.swift
Thanks & Best regards
Thomas
Hi, so I have this case where I would like the user to pick a folder where they want to create a file/folder using UIDocumentPicker/Browser and I make the file using open() in cpp and use its fd to read/write to the file. Now, the first thing is I have to call startAccessingSecurityScopedResource() on the directory url, then I make the file, get its fd(file descriptor) and I leave this makefile() function.
Every startAccessingSecurityScopedResource() needs to be matched with a stopstartAccessingSecurityScopedResource().
So my question is do I 'have' to call stopAccessingSecurityScopedResource() 'just before' calling close() on the fd.
Or is it fine to call it after I have made the fd i.e., at the end of the makefile() function?
In the tests I did it seems that once the fd is opened, even if stopAccessingSecurityScopedResource() is called on it(the directory), I can continue to read/write from the fd until I close() the fd?
Post not yet marked as solved
ios app from app store
some day,unable to read, write any file, included SecItemAdd
What is the possible cause?
thank you
Post not yet marked as solved
good day everyone, I'm new to Xcode and I would like to start the first steps with a DB. I have two problems: 1) I have no idea which free practice DB you can use. 2) consequently I am not yet familiar with any use of the DB.
I would be useful for an indication of a free DB that can be used with Xcode and possibly an example of code to be able to write and read it. I thank anyone who wants to help me
Post not yet marked as solved
suddenly
iOS app release
sandbox file
fail to open [/var/mobile/Containers/Data/Application/52B6A7C2-2F2C-400F-8D6B-4B500434F918/Library/com.zhibo8.client81136870/UserDefault/mmkv/cache], 1(Operation not permitted)
some device restart recover
Post not yet marked as solved
Hi~recently I have storage issue as follows:
Go to iOS Settings -> iPhone Storage , it shows available storage is enough
(ex.180.38 GB)
But app will get disk full error when trying to write large file (ex. 26 GB)
Error Domain=NSCocoaErrorDomain Code=640 "The file couldn’t be saved because there isn’t enough space." UserInfo={NSUnderlyingError=0x282db8ae0 {Error Domain=NSPOSIXErrorDomain Code=28 "No space left on device"}}
Then I write the following code to log available space and found it is only 26.95 GB available not 180.38 GB as UI displayed
NSError *error = nil;
NSDictionary *dictionary = [[NSFileManager defaultManager] attributesOfFileSystemForPath:path error: &error];
NSNumber *sizeValue = [dictionary objectForKey:NSFileSystemFreeSize];
uint64_t totalFreeSpace = [sizeValue unsignedLongLongValue];
print(@“ %@ Free space available.", [NSByteCountFormatter stringFromByteCount:totalFreeSpace countStyle:NSByteCountFormatterCountStyleFile]);
Does any one know what reason may cause this strange situation and how can I do to make available space displayed in UI could be reliable?
Any suggestion will be very appreciated!
Post not yet marked as solved
Hello everybody,
I am struggling with accessing files from the Location OneDrive through UIDocumentViewController.
The error says:
Error Domain=NSCocoaErrorDomain Code=260 "Die Datei „Testfile.txt“ konnte nicht geöffnet werden, da sie nicht existiert." UserInfo={NSFilePath=/private/var/mobile/Containers/Shared/AppGroup/11E04153-649E-416F-9860-2EA9C0913A18/File Provider Storage/item|1|18a17c69%2D5d6d%2D4b16%2Db388%2D4a9834e9440b/Testfile.txt, NSUnderlyingError=0x281202310 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}}
The Controller is initialised the following way:
let ctrl = UIDocumentPickerViewController(forOpeningContentTypes: [.image, .audio, .video, .item, .content])
And in the delegate method I do the following:
func documentPicker(_ controller: UIDocumentPickerViewController, didPickDocumentsAt urls: [URL]) {
guard let documentUrl = urls.first else { return }
guard documentUrl.startAccessingSecurityScopedResource() else {
parent.errorText = "Developer Error: Can't access security scoped resource."
return
}
defer {
documentUrl.stopAccessingSecurityScopedResource()
}
do {
let data = try Data(contentsOf: documentUrl)
} catch {
parent.errorText = error.localizedDescription
}
}
Any help is appreciated!
Thanks
Post not yet marked as solved
I was successfully able to get the callback for file reads for the files in my mounted folder. Now we need to implement some read protection on top of that, we need to only allow some specific applications to access the data through the File provider.
for that, we need to get the name or any information regarding the Application that requested the read.
one thing I've seen is the request.requestingExecutable , which is coming nil for all the applications trying to read the files in the mounted folder. But i do get applications name for the things done by finder (drag&drop and Copy paste) .
What are the ways I can get the reading Application names ?
and what could be done for implementing data leak features working in pair with the File Provider Extension ?
Post not yet marked as solved
Recently I've had a project which always had behaved normally start placing new files in my home folder. I'm not sure what started this, but I've found out that the issue occurs if the project folder or one of its parents have a Finder tag. I don't know if the same happens with the 'old' Finder labels. I'm surprised this hasn't been discussed yet, one would think at least one developer would be using tags in their filesystem.
Xcode 15.1 seems to default to the first parent it can find that doesn't hava a tag. I don't know about earlier versions.
Apparently, the solution is to remove the tag AND clear the build data. An Xcode restart seems not to be needed.
Post not yet marked as solved
Here's how my app used to work:
On one device, generate a text file with a custom extension.
Send it via AirDrop or in Messages to another device.
Open the file in another copy of my app.
The app processes the data correctly the way I want.
Now, when I try to do this, I get this:
Error Domain=NSCocoaErrorDomain Code=257 "The file “Shopping List.sld” couldn’t be opened because you don’t have permission to view it." UserInfo={NSFilePath=/private/var/mobile/Library/Mobile Documents/com~apple~CloudDocs/Downloads/Shopping List.sld, NSUnderlyingError=0x282280a50 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
file:///private/var/mobile/Library/Mobile%20Documents/com~apple~CloudDocs/Downloads/Shopping%20List.sld
I think this broke with the iOS 17 upgrade.
What permissions or capabilities do I need to add to my app to do that, and how do I go about adding them? I am quite new to xCode and iOS developement, but I had this working before.
I like to find a way to identify network volumes, and whether they're run by certain servers, e.g. specifically whether they're on a Synology NAS.
Reason is that Synology, while apparently supporting the Spotlight-over-SMB API, comes with a lot of bugs, requiring me to work around them when searching on those volumes with the macOS Spotlight API.
I could, of course, ask the user to "configure" each mounted volume in my software, but I'd rather do this automagically, if possible, as it's less prone to user mistakes.
So, my question is: Is there a way to learn a bit more about the server of a mounted network volume? E.g., if I could learn its IP address, I could try to connect to it via http protocol and then maybe get a useful response that identifies it as being from Synology.
Or, alternatively, can I tell which SMB volumes are served by a Mac, so that I can at least assume that those handle Spotlight calls correctly, while I assume anything else is buggy (so far, AFAIK, Synology is the only other SMB server that supports Spotlight search).
I've tried to find some data in the IORegistry, but that doesn't seem to store anything about network vols. The statfs function doesn't seem to give me anything for that either, nor do the various fcntl calls as far as I could tell.
I also checked with the DA apis, e.g.:
DASessionRef daSession = DASessionCreate (NULL);
CFURLRef furl = CFURLCreateWithFileSystemPath(NULL, CFSTR("/Volumes/TheNAS"), kCFURLPOSIXPathStyle, true);
DADiskRef daDisk = DADiskCreateFromVolumePath (NULL, daSession, furl);
if (daDisk) {
CFDictionaryRef daInfo = DADiskCopyDescription (daDisk);
NSLog(@"%@", daInfo);
}
However, this only prints basic information:
DAVolumeKind = smbfs;
DAVolumeMountable = 1;
DAVolumeName = TheNAS;
DAVolumeNetwork = 1;
DAVolumePath = "file:///Volumes/TheNAS/";
Where, then, does Finder's "Get Info" get the smb path from, for example?
So, I'm looking into startaccessingsecurityscopedresource() function and from my current understanding this is to get temporary access to files/folders you don't implicitly have access to i.e., that don't belong to your sandbox. I can understand what it means wrt macOS, iOS, iPadOS, but what does it mean in watchOS and tvOS where there isn't any file sharing between different apps? And what is it's relevance wrt using iCloud (if there is any?)
Post not yet marked as solved
I want to store sensitive data, which has to be removed when the application is moved to bin, but not when the application is updated (install newer version of application). When I move application to bin the data still remain on the MacBook so when I install the application again, the sensitive data is loaded. This problem is only on macOS, because iOS and iPadOS clear all data when I uninstall them.
I tried many options of storing. SQLite file stored in applicationSupportDirectory, temporaryDirectory, but nothing worked. I also tried to store this data using UserDefaults, but also unsuccessful.
I expect that I install application and it will store this data somewhere, when I update the application, the data remain, but when I uninstall this application by moving it to BIN, it will remove this data.
Post not yet marked as solved
Hi
So Apple Support sent me here ... (Case: 102237195769 if anyone has access)
My entire file system seems to be tagged with "com.apple.provenance" tags ... they're everywhere
drwxr-xr-x@ 3 jon staff 96 20 Jan 2023 .vs-kubernetes
com.apple.provenance 11
drwxr-xr-x@ 5 jon staff 160 21 Jun 2023 .vscode
com.apple.provenance 11
drwxr-xr-x 12 jon staff 384 28 Feb 00:17 .vscode-server
drwxr-xr-x@ 3 jon staff 96 11 Dec 2022 .warp
com.apple.provenance 11
-rw-r--r--@ 1 jon staff 691 29 Nov 19:14 .wget-hsts
com.apple.provenance 11
-rw-r--r--@ 1 jon staff 361 11 Dec 15:55 .zprofile
com.apple.provenance 11
-rw-r--r--@ 1 jon staff 300 23 Jul 2023 .zprofile.bak
com.apple.provenance 11
-rw-r--r--@ 1 jon staff 136 4 Dec 2022 .zprofile.pysave
com.apple.provenance 11
-rw------- 1 jon staff 16802 27 Feb 22:20 .zsh_history
drwx------@ 7 jon staff 224 21 Feb 14:28 .zsh_sessions
com.apple.provenance 11
-rw-r--r--@ 1 jon staff 1681 24 Feb 18:24 .zshrc
Now I don't know if this is related to the CrossOver (aka Wine) problem we're experiencing, or if it's a coincidence .. however I'd like to understand why every file that gets created ends up with this tag.
When installing a Bottle in CO none of the shortcuts appear within the CO App .. which is where we started all of this.
jon@ziggy ~ % cd Library/Application\ Support
jon@ziggy Application Support % ls -lad@ CrossOver
drwxr-xr-x 7 jon staff 224 28 Feb 02:02 CrossOver
jon@ziggy Application Support % cd CrossOver
jon@ziggy CrossOver % ls -la@
total 784
drwxr-xr-x 7 jon staff 224 28 Feb 02:02 .
drwx------+ 184 jon staff 5888 28 Feb 08:56 ..
drwxr-xr-x 3 jon staff 96 28 Feb 01:59 Bottles
-rw-------@ 1 jon staff 239584 28 Feb 01:59 cxfixes.xml
com.apple.provenance 11
-rw-------@ 1 jon staff 256 28 Feb 01:59 cxfixes.xml.sha256
com.apple.provenance 11
-rw-------@ 1 jon staff 155031 28 Feb 02:02 gstreamer-1.0-registry.x86_64.bin
com.apple.provenance 11
drwxr-xr-x 5 jon staff 160 28 Feb 01:59 tie
Problem Summary
The Desktop shortcut keeps randomly vanishing from the Finder Favourites section
Every file is tagged as com.apple.provenance and despite trying to clear the tags (which does work) they re-appear moments later.
At this stage .. I've run out of ideas, Codeweavers support has gone silent and Apple Support said "try developer.apple.com" ... sigh
Last night I flattened my M1 MBP and reinstalled. All looked good until Migration Assistant got involved and then it migrated across whatever is doing this as the problem persists.
Post not yet marked as solved
Anyone have any experience, started to get permission and failed to stat error for apple script which has shell do rysnc to backup files after moving files to new drive.