Hi, I get a weird deadlock in my swiftUI based application where com.apple.libtrace.state.block-list is waiting on com.apple.main-thread any idea what can lead to this deadlock ? also, what is com.apple.libtrace.state.block-list used for ? When deadlock occurs, the main thread it stucks on publishing property change that triggers callback function. for example : # definition @Published var event: eventType = .evtTypeWhatever ... # setting that may linked to the deadlock : self.handler.event = eventType.evtSomething; # callback definition .onReceive(cbhandler.$event, perform: eventReceived) # implementation : private func eventReceived(_ type:eventType) { switch type { case .evtSomething: # do something Here's the relevant callstack. We can see that It even didn’t get to the callback. The deadlock is probably in publishing mechanism itself 2480 Thread_87233850 DispatchQueue_1: com.apple.main-thread (serial) + 2480 start (in dyld) + 6076 [0x197c92b98] + 2480 __debug_main_executable_dylib_entry_point (in myAgent.debug.dylib) + 12 [0x10402fc38] myApp.swift:0 + 2480 static networkWrapperAppApp.$main() (in myAgent.debug.dylib) + 40 [0x10402fbf8] /<compiler-generated>:0 + 2480 static App.main() (in SwiftUI) + 224 [0x1c8b2a5c0] + 2480 runApp<A>(_:) (in SwiftUI) + 108 [0x1c87c9658] + 2480 specialized runApp(_:) (in SwiftUI) + 160 [0x1c836b878] + 2480 NSApplicationMain (in AppKit) + 880 [0x19c00d35c] + 2480 -[NSApplication run] (in AppKit) + 480 [0x19c036c64] + 2480 -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (in AppKit) + 688 [0x19c9e25b0] + 2480 _DPSNextEvent (in AppKit) + 684 [0x19c043ab4] + 2480 _BlockUntilNextEventMatchingListInModeWithFilter (in HIToolbox) + 76 [0x1a3d3e484] + 2480 ReceiveNextEventCommon (in HIToolbox) + 676 [0x1a3bb34e8] + 2480 RunCurrentEventLoopInMode (in HIToolbox) + 324 [0x1a3bb027c] + 2480 CFRunLoopRunSpecific (in CoreFoundation) + 572 [0x19811bc58] + 2480 __CFRunLoopRun (in CoreFoundation) + 1980 [0x19811ca9c] + 2480 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ (in CoreFoundation) + 16 [0x19815bda4] + 2480 _dispatch_main_queue_callback_4CF (in libdispatch.dylib) + 44 [0x197e89cec] + 2480 _dispatch_main_queue_drain (in libdispatch.dylib) + 180 [0x197e89db0] + 2480 _dispatch_main_queue_drain.cold.5 (in libdispatch.dylib) + 812 [0x197eb1b58] + 2480 _dispatch_client_callout (in libdispatch.dylib) + 16 [0x197e9485c] + 2480 _dispatch_call_block_and_release (in libdispatch.dylib) + 32 [0x197e7ab2c] + 2480 thunk for @escaping @callee_guaranteed () -> () (in myAgent.debug.dylib) + 48 [0x103f44a3c] /<compiler-generated>:0 + 2480 closure #1 in closure #9 in AppDelegate.applicationDidFinishLaunching(_:) (in myAgent.debug.dylib) + 24508 [0x10401625c] /<compiler-generated>:0 + 2480 callbackHandler.currPage.modify (in myAgent.debug.dylib) + 44 [0x103ff84ec] /<compiler-generated>:0 + 2480 callbackHandler.currPage.setter (in myAgent.debug.dylib) + 204 [0x103ff8470] myApp.swift:81 + 2480 callbackHandler.currentPage.setter (in myAgent.debug.dylib) + 120 [0x103ff7850] myApp.swift:0 + 2480 static Published.subscript.setter (in Combine) + 84 [0x1abbe3500] + 2480 specialized static Published.subscript.setter (in Combine) + 60 [0x1abbe4648] + 2480 specialized static Published.withMutation<A>(of:keyPath:storage:apply:) (in Combine) + 556 [0x1abbe45b0] + 2480 closure #1 in static Published.subscript.setter (in Combine) + 428 [0x1abbe3724] + 2480 PublishedSubject.send(_:) (in Combine) + 192 [0x1abbbc558] + 2480 ObservableObjectPublisher.send() (in Combine) + 636 [0x1abbd18fc] + 2480 ObservableObjectPublisher.Inner.send() (in Combine) + 176 [0x1abbd2244] + 2480 _os_unfair_lock_lock_slow (in libsystem_platform.dylib) + 176 [0x19806a324] + 2480 __ulock_wait2 (in libsystem_kernel.dylib) + 8 [0x197ffea54] 2480 Thread_87263447 DispatchQueue_22: com.apple.libtrace.state.block-list (serial) + 2480 start_wqthread (in libsystem_pthread.dylib) + 8 [0x19802db74] + 2480 _pthread_wqthread (in libsystem_pthread.dylib) + 292 [0x19802ee64] + 2480 _dispatch_workloop_worker_thread (in libdispatch.dylib) + 540 [0x197e8dae8] + 2480 _dispatch_root_queue_drain_deferred_wlh (in libdispatch.dylib) + 292 [0x197e8e264] + 2480 _dispatch_lane_invoke (in libdispatch.dylib) + 440 [0x197e83e60] + 2480 _dispatch_lane_serial_drain (in libdispatch.dylib) + 740 [0x197e83350] + 2480 _dispatch_client_callout (in libdispatch.dylib) + 16 [0x197e9485c] + 2480 _dispatch_call_block_and_release (in libdispatch.dylib) + 32 [0x197e7ab2c] + 2480 ___os_state_request_for_self_block_invoke (in libsystem_trace.dylib) + 372 [0x197d827a8] + 2480 _dispatch_sync_f_slow (in libdispatch.dylib) + 148 [0x197e8a640] + 2480 __DISPATCH_WAIT_FOR_QUEUE__ (in libdispatch.dylib) + 368 [0x197e8aa88] + 2480 _dispatch_thread_event_wait_slow (in libdispatch.dylib) + 56 [0x197e7cadc] + 2480 _dlock_wait (in libdispatch.dylib) + 56 [0x197e7ccbc] + 2480 __ulock_wait (in libsystem_kernel.dylib) + 8 [0x197ff29b8]

I am developing a daemon-based product that needs a cryptographic, non-spoofable proof of machine identity so a remote management server can grant permissions based on the physical machine. I was thinking to create a signing key in the Secure Enclave and use a certificate signed by that key as the machine identity. The problem is that the Secure Enclave key I can create is only accessible from user context, while my product runs as a system daemon and must not rely on user processes or launchAgents. Could you please advise on the recommended Apple-supported approaches for this use case ? Specifically, Is there a supported way for a system daemon to generate and use an unremovable Secure Enclave key during phases like the pre-logon, that doesn't have non user context (only the my application which created this key/certificate will have permission to use/delete it) If Secure Enclave access from a daemon is not supported, what Apple-recommended alternatives exist for providing a hardware-backed machine identity for system daemons? I'd rather avoid using system keychain, as its contents may be removed or used by root privileged users. The ideal solution would be that each Apple product, would come out with a non removable signing certificate, that represent the machine itself (lets say that the cetificate name use to represent the machine ID), and can be validated by verify that the root signer is "Apple Root CA"

Following previous question here :https://developer.apple.com/forums/thread/801397, I've decided to move my VPN implementation using NEPacketTunnelProvider on a dedicated networkExtension. My extension receives packets using readPacketsWithCompletionHandler and forwards them immediately to a daemon through a shared memory ring buffer with Mach port signaling. The daemon then encapsulates the packets with our VPN protocol and sends them over a UDP socket. I'm seeing significant throughput degradation, much higher than the tunnel overhead itself. On our side, the IPC path supports parallel handling, but I'm not not sure whether the provider has any internal limitation that prevents packets from being processed in parallel. The tunnel protocol requires packet ordering, but preparation can be done in parallel if the provider allows it. Is there any inherent constraint in NEPacketTunnelProvider that prevents concurrent packet handling, or any recommended approach to improve throughput in this model? For comparison, when I create a utun interface manually with ifconfig and route traffic through it, I observe performance that is about four times faster.

Hi, I've created persistent task from type launchDaemon based on bash script that should run one time upon first load. These are the contents of the plist file : &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;Label&lt;/key&gt; &lt;string&gt;com.blabla.task&lt;/string&gt; &lt;key&gt;RunAtLoad&lt;/key&gt; &lt;true/&gt; &lt;key&gt;LaunchOnlyOnce&lt;/key&gt; &lt;true/&gt; &lt;key&gt;Program&lt;/key&gt; &lt;string&gt;/Library/Application\ Support/myComp /script.sh&lt;/string&gt; &lt;/dict&gt; &lt;/plist&gt; However, when i load the plist using launchCtl, nothing happens and no meaningful log appears... However, when the Program location changes to /tmp/script.sh then everything is working great So i conclude that there's permission issue to access Library/Application\ Support, although the file permission is allow for all -rwxrwxrwx. But when I give back full disk access in privacy setting, it's working from the /Library.. path. My question is why does bash launchd task that runs with privileges, also requires this privacy acknowledge in order to run the script?

Hi, I'd like to establish connection between my application and a remote server. Ideally it would be using webSocket since the communication is bi-directional and asynchronous. However, In case the webSocket isn't established properly or failing sometime after it was created (due to firewall, proxy servers, network switching or any other reason), than I'd like to switch to using periodical simple HTTPS POST requests (keep alive messages) where the server-to-client data transferred on the responses. The server should also support both communication methods. The following code should reflect my approach. Please advise if this could work or perhaps there are built-in solutions in the framework. NSURL * reqUrl = [NSURL URLWithString:@"wss://mydomain.com"]; NSURLSession* session = [NSURLSession sessionWithConfiguration: [NSURLSessionConfiguration defaultSessionConfiguration]]; NSMutableURLRequest *req = [NSMutableURLRequest requestWithURL:reqUrl]; webSocketTaskWithURL * socketConnection = [URLSession webSocketTaskWithURL:url]; socketConnection.resume() [socketConnection sendMessage:message completionHandler: ^(NSError * e) { if (e != nil) { // fallback to https [req setHTTPBody:[message dataUsingEncoding:NSUTF8StringEncoding]] NSURLSessionDataTask *data_task_http = [session dataTaskWithRequest:req]; completionHandler: ^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) { /*blabla*/}]; [data_task resume]; }

I've got the following code that I use to communicate with a remote server. However, when the response contain a large enough file, the callback block never called, the only thing that trigger the callback, is when I explicitly invoke the cancel method after some timeout from the NSURLSession task (_dataTask). notice that using tcpdump I did observe that the response was properly received on the client side. NSURLSessionConfiguration* config = [NSURLSessionConfiguration defaultSessionConfiguration]; NSOperationQueue *queue = [[NSOperationQueue alloc] init]; queue.maxConcurrentOperationCount = 1; NSURLSession* session = [NSURLSession sessionWithConfiguration:config delegate:nil delegateQueue:queue]; _dataTask = [session dataTaskWithRequest:req completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) { if ([error code] == NSURLErrorCancelled) { writeLog(LOG_ERROR, "NSURLErrorCancelled"); } else { <my completion callback> } }]; [_dataTask resume] I'd like to know if using dataTask has response size limit (because it's working for small files on response body) and if there is such a limit, so which other method should I use in order to overcome it. I saw that there's an alternative method in NSUrlsession dedicated for downloading files called downloadTaskWithRequest but it doesn't have an async completion block.

Hi, I've set the C++ language dialect in my project to c++2a. Than it failed on compiling .mm file which has the following line @import AppKit; But if replace it with the following line and link with framework from project build phases, than it works. #import <AppKit/AppKit.h> My .mm file is including for adapter swift header file (*-Swift.h) which is auto generated and has this @import directive. is it a known issue, should I file a bug ?

I've got an mach-o executable that runs from launchDaemon plist file, and is communicating with other processes using unix domain socket. The file that backs this socket created in /tmp. However, this cause the executable to fail reading the file unless given full disk access. I'd like to find a location for the socket file, which is shared to all processes and doesn't require full disk access. the executable reside in /Library/Application Support/myProj/bin/exec_file is there such location ? Perhaps can i use the same location of the executable itself ?

I'd like to add a short script that runs clang-format upon trying to save a file in Xcode project. the script will do the following command : #!/bin/zsh /usr/local/bin/clang-format -i <saved_file> Does Xcode support this feature (in visual studio it's called format-on-save :  https://code.visualstudio.com/updates/v1_6#_format-on-save

Hi, I was wondering if there's any limitation for the context where I initialize my xpc service. This is the code that initialize my xpc service : listener_ = [[NSXPCListener alloc] initWithMachServiceName:@"com.bla.bla"]; xpcService *delegate = [xpcService new]; listener_.delegate = delegate; [listener_ resume];  [[NSRunLoop mainRunLoop] run]; Doing it from the main method and everything works just fine. However, when calling it from different method(main)/thread(main thread)... It doesn't accept remote calls although it seems like the listener was properly initialized. I even tried to wrap this code to run on the main thread using the following wrapper dispatch_sync(dispatch_get_main_queue(), ^{ listener_ = [[NSXPCListener alloc] initWithMachServiceName:@"com.bla.bla"]; xpcService *delegate = [xpcService new]; listener_.delegate = delegate; [listener_ resume]; } where the [[NSRunLoop mainRunLoop] run]; is called from the main method... So my question is what are the requirements to make the XPC work.. is it mandatory to call it from the main method ?

I've got an array of strings that I want to present using swiftUI Picker widget. Each string is composed of multiple words delimited by spaces. I'd like to get the Picker showing the full string of each item in the list, while the selection variable should only get the first word (the selected item is stored in arg) This was my attempt to do so. notice that the object that hold the items called myHandler, and it's shared to the swiftUI view, and can be modified by external swift closure: class myHandler: ObservableObject { @Published var items = [String]() } struct ContentView: View { @State var arg: String = "" @ObservedObject var handler : myHandler ... VStack { Picker("items", selection: $arg) { Text("AAA").tag("xxx") Text("BBB").tag("yyy") Text("CCC").tag("zzz") ForEach(handler.items , id: \.self, content: { Text($0).tag($0.components(separatedBy: " ")[0]) }) } } .frame() TextField("firstword", text: $arg).frame() For the options outside the ForEach statement, I can see that arg get the value written in the tag. However, for all options that derived from the ForEach, I see that arg equals to the iterable item ($0) which is the multi work string, and not to the first word as expected. Any idea how to fix those items that are generated from the ForEach, so that selection of such item, will set the arg to the string value of the first word in the iterator ?

Hi, I was wondering if there's any option to run xcodebuild to compile the project and skip the code signing phase, even though, a signing account is set in the project under signing and capabilities. The motivation for that, is that on some occasions, my project get built using GitLab CI/CD pipeline, which have machine pool that doesn't have Xcode with account. So I'd like to build only and check that nothing got broken. thanks

Hi, I've like to calculate the path mtu between one of the local interfaces and a remote address. Perhaps there's such option using native networking framework like nsurlconnection ? Should I need to set the DF (don't fragment) bit and send to each hop in the path, or can I acquire this value from some cached storage per connection ? thanks

I'm trying to understand where do I get the dns server configuration from. As I understand, if the file /etc/resolve.conf contain no servers, than it fallback to servers that are defined by the physical connection (Wi-Fi) However, once I removed all dns servers from /etc/resolve.conf, I got that my DNS is configured to the loopback address (127.0.0.1) instead of what the connection provides. nslookup > server Default server: 127.0.0.1 Address: 127.0.0.1#53 Default server: ::1 Address: ::1#53 and Here's the the default dns servers from the Wi-Fi connection: Here's what's configured by the interface : Perhaps anyone can tell me why doesn't the default DNS server is selected to 10.196.X.X as provided by the connection (instead I get the loopback address)

After macOS minor upgrade of Monterey I've noticed that a directory of mine that lies under /Library/Application Support/myCompany/myProj/myFolder has been mysteriously deleted. Is there a way to check in retrospect which process deleted my directory ? I know of fs_usage, but it's used to record ongoing file activities... the question is how to get file auditing event from the past. Thanks