In our macOS daemon process, we are trying to validate a leaf certificate by anchoring intermediate CA cert and evaluating it using SecTrustEvaluateWithError. The leaf certificate contains couple of non-critical MS extensions (1.3.6.1.4.1.311.21.10 and 1.3.6.1.4.1.311.21.7). The macOS API fails to parse these extensions and does not evaluate the cert chain. Below is the error returned:
{
NSLocalizedDescription = "\U201abc\U201d certificate is not standards compliant";
NSUnderlyingError = "Error Domain=NSOSStatusErrorDomain Code=-67618 \"Certificate 0 \U201abc\U201d has errors: Unable to parse known extension;\" UserInfo={NSLocalizedDescription=Certificate 0 \U201abc\U201d has errors: Unable to parse known extension;}";
}
As per RFC2459, a non-critical extension can be ignored by the system:
A certificate using system MUST reject the certificate if it encounters a critical extension it does not recognize; however, a non-critical extension may be ignored if it is not recognized.
So, why does macOS not ignore these non-critical extension and returns a failure? OS version is 14.4.1.
Posts under macOS tag
200 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
At my current company we have an app that has a lot of third party dependencies. Recently vendors started providing code signed XCFrameworks and we would like to use the code signed frameworks without any modification in our released app (don't tamper with the signature, don't remove it, don't resign it).
We have a problem, that upon downloading the XCFrameworks from an internal artifact server or upon moving the XCFrameworks on disk during the build process, macOS starts producing temporary files, like .DS_Store, ._* files (for every file X, there is additional ._X file created). Files like this are sometimes called "turdfiles", like here.
The files are produced inside of XCFrameworks and inside of the _CodeSignature folder, making
codesign --verify --verbose=4 Example.xcframework
fail and XCode to complain and fail the build process.
I wrote a script that cleans up the _CodeSignature folder from all known turdfiles and then inspects the output of codesign to indentify all surplus files and removes them - this has to be 2 steps, because codesign goes crazy if you tamper with _CodeSignature directory.
We run the script in random places of the build system where it seemed to help.
Is there any system solution to fix this? Isn't everyone having this problem now, with the introduction of codesigned XCFrameworks? There were tens of people in the company having this issue before we hacked it together using the cleanup script.
I have used functionality of changing user's password programmatically using the OpenDirectory framework. Once the password is updated successfully, can be use this password for Login sessions and authentication wherever required. But the same password is failing authenticate with Local Authentication Framework that is with LAContext and prefers always older password. Even restarting machine won't work.
Changing current user's password using below method -
do {
let node = try ODNode(session: ODSession.default(), type: ODNodeType(kODNodeTypeLocalNodes))
let user = try node.record(withRecordType: kODRecordTypeUsers, name: NSUserName(), attributes: nil)
try user.changePassword(currentPassword, toPassword: newPassword)
print("Password changed successfully")
} catch var error {
print(error)
}
Once password is updated, then trying to authenticate password with LAContext using,
let context = LAContext()
context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "AuthenticationMessage".localized()) { success, error in
DispatchQueue.main.async {
completion(success, error)
}
print("authentication error = (String(describing: error?.localizedDescription))")
}
It won't accept the updated password. Any idea how to solve this problem?
Hi,
For the very same plugin dlopen() sometimes fails. The library is present but sometimes it returns NULL and sometimes a valid plugin handle.
Here is the code:
char *filename;
void *plugin_so;
filename = "/Applications/com.example.MyApp/Contents/Plugins/myplugin.dylib";
plugin_so = dlopen(filename,
RTLD_NOW);
I have debugged using lldb checked filename and it is present.
The myplugin.dylib file supports 2 architectures, arm64 and x86_64.
regards, Joël
sudo ifconfig en0 ether [MAC address]
Now results in
ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address
Hello.
Is there a legal way to block iOS devices from being mounted on macOS?
I noticed, that when an iOS device is connected, it pretends to be like a storage device but it is not. It not even going through diskArbitration. It seems that some fileProvider is taking place there.
I know that it is possible to do via the MDM profile:
<key>PayloadContent</key>
<dict>
<key>.GlobalPreferences</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>ignore-devices</key> <true/>
</dict>
</dict>
</array>
</dict>
</dict>
But is there some programmatic solution?
If I use EndpointSecurity and block file operations for the usbmuxd process on /var folder, it prevents iOS devices from being mounted. But wouldn't be there any negative side effects from such a solution?
I am developing a File Provider on Mac. I am marking some items within the domain as 'shared' via the NSFileProviderItemProtocol. However, the text 'Folder shared on iCloud by me' appears in Finder when these items are marked as shared.
Is this correct? My provider has nothing to do with iCloud, which is, of course, the cloud developed by Apple. Is there a way to change this text or remove it?
I've attached an image that shows the problem.
Incident Identifier: 8C757080-1227-4FF8-9563-D4AAFE0587BE
CrashReporter Key: ACD5C28C-DD36-0D52-56E8-477D2887C6A8
Hardware Model: MacBookAir9,1
Process: Runner [52298]
Path: /Users/USER/Library/Developer/CoreSimulator/Devices/E4009C5D-4435-4F7F-BD7E-140632A9CF45/data/Containers/Bundle/Application/88AF44ED-BA26-420D-B011-BA09712D1A56/Runner.app/Runner
Identifier: com.test.AppName
Version: 1.0.0 (1)
Code Type: X86-64 (Native)
Role: Foreground
Parent Process: launchd_sim [45746]
Coalition: com.apple.CoreSimulator.SimDevice.E4009C5D-4435-4F7F-BD7E-140632A9CF45 [25888]
Responsible Process: SimulatorTrampoline [45605]
Date/Time: 2024-05-21 18:03:39.1450 +0530
Launch Time: 2024-05-21 17:55:53.3837 +0530
OS Version: macOS 14.5 (23F79)
Release Type: User
Report Version: 104
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: SIGNAL 6 Abort trap: 6
Terminating Process: Runner [52298]
Triggered by Thread: 0
Last Exception Backtrace:
0 CoreFoundation 0x7ff8004cd561 __exceptionPreprocess + 226
1 libobjc.A.dylib 0x7ff8000837e8 objc_exception_throw + 48
2 CoreFoundation 0x7ff8004cd44f -[NSException initWithCoder:] + 0
3 Runner 0x1043430ed -[GIDSignIn signInWithOptions:] + 173 (GIDSignIn.m:513)
4 Runner 0x104341ee0 -[GIDSignIn signInWithPresentingViewController:hint:additionalScopes:completion:] + 208 (GIDSignIn.m:264)
5 Runner 0x104ed66e8 -[FLTGoogleSignInPlugin signInWithHint:additionalScopes:completion:] + 184 (FLTGoogleSignInPlugin.m:252)
6 Runner 0x104ed54b5 -[FLTGoogleSignInPlugin signInWithCompletion:] + 901 (FLTGoogleSignInPlugin.m:152)
7 Runner 0x104edaf58 __FSIGoogleSignInApiSetup_block_invoke.175 + 168 (messages.g.m:266)
8 Flutter 0x10e0643df __48-[FlutterBasicMessageChannel setMessageHandler:]_block_invoke + 171
9 Flutter 0x10da1d0e1 invocation function for block in flutter::PlatformMessageHandlerIos::HandlePlatformMessage(std::_fl::unique_ptr<flutter::PlatformMessage, std::_fl::default_deleteflutter::PlatformMessage>) + 94
10 libdispatch.dylib 0x7ff8001783ec _dispatch_call_block_and_release + 12
11 libdispatch.dylib 0x7ff8001796d8 _dispatch_client_callout + 8
12 libdispatch.dylib 0x7ff80018848c _dispatch_main_queue_drain + 1420
13 libdispatch.dylib 0x7ff800187ef2 _dispatch_main_queue_callback_4CF + 31
14 CoreFoundation 0x7ff800429b34 CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE + 9
15 CoreFoundation 0x7ff80042446f __CFRunLoopRun + 2463
16 CoreFoundation 0x7ff8004236ed CFRunLoopRunSpecific + 557
17 GraphicsServices 0x7ff8103ba08f GSEventRunModal + 137
18 UIKitCore 0x7ff805cdf6ee -[UIApplication _run] + 972
19 UIKitCore 0x7ff805ce416e UIApplicationMain + 123
20 Runner 0x1041cb10f main + 63 (AppDelegate.swift:5)
21 dyld_sim 0x107d023e0 start_sim + 10
22 dyld 0x10d902366 start + 1942
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x107e4914a __pthread_kill + 10
1 libsystem_pthread.dylib 0x107eaaebd pthread_kill + 262
2 libsystem_c.dylib 0x7ff80016dd1c abort + 133
3 libc++abi.dylib 0x7ff8002c6d12 abort_message + 241
4 libc++abi.dylib 0x7ff8002b951a demangling_terminate_handler() + 266
5 libobjc.A.dylib 0x7ff800061fba _objc_terminate() + 96
6 libc++abi.dylib 0x7ff8002c616b std::__terminate(void (*)()) + 6
7 libc++abi.dylib 0x7ff8002c6126 std::terminate() + 54
8 libdispatch.dylib 0x7ff8001796ec _dispatch_client_callout + 28
9 libdispatch.dylib 0x7ff80018848c _dispatch_main_queue_drain + 1420
10 libdispatch.dylib 0x7ff800187ef2 _dispatch_main_queue_callback_4CF + 31
11 CoreFoundation 0x7ff800429b34 CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE + 9
12 CoreFoundation 0x7ff80042446f __CFRunLoopRun + 2463
13 CoreFoundation 0x7ff8004236ed CFRunLoopRunSpecific + 557
14 GraphicsServices 0x7ff8103ba08f GSEventRunModal + 137
15 UIKitCore 0x7ff805cdf6ee -[UIApplication _run] + 972
16 UIKitCore 0x7ff805ce416e UIApplicationMain + 123
17 Runner 0x1041cb10f main + 63 (AppDelegate.swift:5)
18 dyld_sim 0x107d023e0 start_sim + 10
19 dyld 0x10d902366 start + 1942
Thread 1:: com.apple.uikit.eventfetch-thread
0 libsystem_kernel.dylib 0x107e423ce mach_msg2_trap + 10
1 libsystem_kernel.dylib 0x107e50c88 mach_msg2_internal + 84
2 libsystem_kernel.dylib 0x107e49510 mach_msg_overwrite + 653
3 libsystem_kernel.dylib 0x107e426bd mach_msg + 19
4 CoreFoundation 0x7ff8004298a3 __CFRunLoopServiceMachPort + 143
5 CoreFoundation 0x7ff80042402b __CFRunLoopRun + 1371
6 CoreFoundation 0x7ff8004236ed CFRunLoopRunSpecific + 557
7 Foundation 0x7ff800ea8c9a -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213
8 Foundation 0x7ff800ea8f18 -[NSRunLoop(NSRunLoop) runUntilDate:] + 72
9 UIKitCore 0x7ff805dbc7aa -[UIEventFetcher threadMain] + 518
10 Foundation 0x7ff800ed34d5 NSThread__start + 1024
11 libsystem_pthread.dylib 0x107eab18b _pthread_start + 99
12 libsystem_pthread.dylib 0x107ea6ae3 thread_start + 15
AirPort:
Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
USB Device: USB31Bus
USB Device: USB31Bus
USB Device: T2Bus
USB Device: Touch Bar Backlight
USB Device: Apple Internal Keyboard / Trackpad
USB Device: Headset
USB Device: Ambient Light Sensor
USB Device: FaceTime HD Camera (Built-in)
USB Device: Apple T2 Controller
Thunderbolt Bus: MacBook Air, Apple Inc., 86.0
My Xcode workspace contains build settings for a macOS, iOS, and tvOS application.
My Sandbox macOS app builds just fine and works great - and is on the App Store.
I am in the process of creating a new build / branch of this app that is not Sandboxed so that I can add IPC (Syphon support) - as I don't think I can use App Groups to enable CFMessage support (which Syphon requires) because Syphon (third party framework) - uses its own naming convention for the ports.
Anyway, sandbox support for a Syphon app is a topic for another day (it's actually quite disappointing that I can't release a Syphon version on the App Store).
The trouble I am having, is that even afer deleting the App Sandbox entitlement from my project, my App still seems to be running in the App Sandbox, and I can't figure out how to remove the App Sandbox entitlement completely.
What I am seeing, is that even after deleting the App Sandbox entitlement (using the project settings and deleting it in the "Signing and Capabilities" tab (and also checking the entitlements file manually to doubly make sure it is gone) - I am still seeing the following error message:
*** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8703, name = 'info.v002.Syphon.332143F7-0916-428A-A88A-59B752F95304'
See /usr/include/servers/bootstrap_defs.h for the error codes.
It is also saving my Application Support data in the ~/Library/Containers folder, and not in ~/Library/ApplicationSupport
What step am I missing?
我委托第三方才帮我们在苹果商店更新过APP,因为图片中含有隐私手机号,因此需要自己再重新上架,/Users/zhangteng/Desktop/WechatIMG24.jpeg。他提示需要构建版本,我已经在涂鸦平台构建了app,好像需要打包,我该如何操作打包上传呢。
When I connect my MacBook to my living room AirPort (older gen wallwart) via Music app, the music output in both rooms is synced.
When I try to setup a Multi-Output Device in AudioMidi setup, I'm not able to get them synced. I'm outputting to the same devices, they're all on the same sample rate, and I've played with the various settings (Primary Clock Source and Drift Sync). What gives? How are these connections different?
Intel MacBook Pro 2018 running Sonoma 14.5
In older versions of macOS, such as those predating Mac OS Sonoma, users had the ability to set the Lock Screen independently from their desktop wallpaper. However, with the introduction of Mac OS Sonoma, this feature seems to have been altered or removed altogether. Currently, there appears to be no option to set the Lock Screen image separately; instead, only changing the desktop wallpaper, changes the Lock Screen image. This change raises questions about whether it is a deliberate alteration in the setting flow or if it could potentially be a bug in the system.
Users may wonder if this adjustment is intended to streamline the interface or if there are plans to reintroduce the ability to customize the Lock Screen image independently of the wallpaper in future updates.
I have a virtual machine using apple's sample code on their developer page but i have no audio.
How do i create and setup an audio device for the vm?
Good afternoon,
After a long time of using of Macbook security popups with requesting access from apps start appearing
For example today I opened vscode to work with nuxtjs and 3 popups appeared:
vscode requests access to photos, calendar, contacts, desktop, icloud etc
The same happens with PHPStorm.
If I open terminal, the same things happen with terminal
I haven't installed anything and haven't updated anything
Then I decided to update the latest MacOS, thought that it may help, but it didn't help
My questions are:
How to fix that? All applications even terminal should not have such permission requests
Is it a bug and it will be fixed in a patch?
Why do these popups always appearing if I clicked Don't allow?
OS: MacOs Sonoma 14.5
Mac book Pro 2019
I have an executable in macOS that I m launching as a User Agent. The same executable can be launched in multiple ways like either user can directly click the exe to launch it, or user can launch it from the terminal using ./ etc. One similar way is when the user launches the exe as a User Agent(i.e daemon in user session).
In this scenarios, I want to identify in my exe If my user has launched it as agent to perform certain task.
I wanted to know how can I accurately determine this?
I have tried figuring out If there is some unique session that agents operate in, but I could not find anything. Can someone help here? Is this even possible?
i made a virtual machine with the help of the tutorial on the apple developer website running macos on my m2 macbook pro. I am wondering how I can integrate my mouse in the virtual machine instead of it being on top of the app.
I'm working on an Angular application that retrieves static data (JSON, MP3, and images) from a backend server, with a cache control response header set to Cache-Control: public, max-age=2592000. I expect these files to be served from either disk or memory cache after the initial request. However, in Safari, the browser sometimes fetches the data from the cache and other times makes a network call. This inconsistent behavior is particularly noticeable with MP3 files, whereas JSON and image files are consistently served from the cache as expected.
I've tested this on multiple Safari versions and observed the same issue:
Version 17.2 (19617.1.17.11.9)
Version 17.1 (19616.2.9.11.7)
Version 17.3 (19617.2.4.11.8)
I confirmed that the "Disable Cache" option is not enabled in the developer tools, so the MP3 files should be cached. This functionality works correctly in Chrome and Firefox without any issues.
I am trying to bring my iOS App to native macOS. I am using exactly the same TimelineProvider and widgets (the ones not supported on macOS surrounded by #if(os)). Running the whole app or just the WidgetExtension on iOS works perfectly fine. Running the mac app works perfectly fine apart from missing Widgets.
When running the WidgetExtension on My Mac, the WidgetKit Simulator opens and only presents Failed to load widget. The operation couldn't be completed. (WidgetKit_Simulator.WidgetDocument.Error error 4.) The code compiles fine without any warnings, only a file path is printed into the console. file:///Users/myName/Library/Developer/Xcode/DerivedData/MyAppName-dfsiuexplidieybwvbkqofchxirp/Build/Products/Debug/MyApp.app/Contents/PlugIns/MyAppNameWidgetExtensionExtension.appex/
Shortly after I get a log entry Logging Error: Failed to initialize logging system. Log messages may be missing. If this issue persists, try setting IDEPreferLogStreaming=YES in the active scheme actions environment variables.
I am not sure which further Informationen I can give to solve my problem. Destinations on main App and Widget Extension is both set to Mac (no suffix). The mac is running 14.4.1 and Xcode 15.3.
I am really thankful for any assistance you can give me to fix this problem. Thanks
I tried to read an Object :
-(NSMutableDictionary*) readMyObject:(NSData*)data;
{
NSError * error;
Class class = [NSMutableDictionary class];
NSMutableDictionary * dict;
dict = [NSKeyedUnarchiver unarchivedObjectOfClass:class
fromData:data error:&error];
return dict;
the result was nil.
I searched by Developer for a solution and found one :
{
// NSKeyedUnarchiver * unarchiver = [[NSKeyedUnarchiver alloc] init];
[unarchiver decodeObjectOfClasses:
[[NSSet alloc]initWithArray:
@[[NSDictionary class],
[NSMutableDictionary class],
[NSArray class],
[NSMutableArray class],
[NSString class], [NSNumber class]]]
forKey:NSKeyedArchiveRootObjectKey];
[unarchiver finishDecoding];
}
The first line was from me and it crashed the project.
I assume there is an easy answer, not for me.🥲
Uwe
I have a .search field in the toolbar of my swiftui macOS app. it only "drops down" to show a couple items if the window is zoomed to full screen.
The first screencap is with window zoomed full screen (incorrect behavior). second screencap is window unzoomed (correct). Any advice?