Branching from a previous post titled "Privileged daemon using SMAppService in macOS Sequoia," I have a privileged daemon using SMAppSerice that works in Sonoma and Ventura. In the previous OS versions, privilege is applied in System Settings: Login Items, Allow in the Background.
Under macOS sequoia, the daemon appears by its bundle id instead of the parent app, and underneath it reads "Item from unidentified developer" and does not run, even when enabled.
I'm wondering if additional steps are needed in the new OS to sign privileged daemons properly?
Just to confirm, you’re installing the daemon using SMAppService
, right?
If so, that should be sufficient for the system to track the ‘responsible code’ relationship between your daemon and your app. Hmmm, assuming the daemon embedded in your app is signed the same way as the app itself.
As before, I’m going to recommend that you retry this on a ‘clean’ machine. If the problem appears there:
-
Dump the code signature of your app:
% codesign -d -vvv /Applications/MyApp.app
-
Dump the code signature of the daemon embedded in the app:
% codesign -d -vvv /Applications/MyApp.app/Contents/MacOS/MyDaemon
-
Check that they’re signed the same way.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"