When submitting a request for System extension activation, the delegate receive a OSSystemExtensionRequestResult result code. The enum contains two values: OSSystemExtensionRequestCompleted OSSystemExtensionRequestWillCompleteAfterReboot When I upgrade my system extension, I always receive OSSystemExtensionRequestCompleted. Is there anyway I could specify that I want the new system extension to be activated only after a reboot? Thanks

Hi, I am testing the behavior of my app if I change it's app bundle content. I created an app with a script within it's Resources folder. I signed the app and verify that the code sign is accepted with the spctl command. Then I modify the script within the app bundle and spctl gives me a sealed resource is missing or invalid which was expected. However I thought that I wouldn't be able to launch the app bundle now that it is compromised but I was able to execute it. Do I need to make it go through GateKeeper by first downloading the app from a server? In that case if I download an non-modified app, launch it successfully then modify it, would subsequent launch fail or not? The app will be delivered through MDM and I think that GateKeeper does not verify MDM-delivered apps. Is it possible to make the app non-launchable if the files within its Resources folder have been modify/compromised? Edit: The app won't be installed to /Applications/ but to a specific folder Thank you in advance!

Hi, We are creating a Installer package which will be distributed to user through MDM with the InstallApp command. Our distribution package use the Distribution.xml file and InstallerJS to check each flat package version and select the package for install only if there is no receipt or if the already installed package version is older. The package is working fine when using the GUI Installer or through the command line installer. When trying to install the package through MDM, all package which use InstallerJS javascript to decide if it will be install or not will not be selected and thus will not be installed. Is this the expected behaviour? Looking at the install log, I can see that the package selection seems to be done by appstored when installing through MDM. Is appstored not able to understand the InstallerJS script? The documentation specifies that InstallerJS is for the Installer application. https://developer.apple.com/documentation/installer_js If that's the case is there a way to select specific flat package for install when distributing through MDM? Thanks in advance!

Hello, I am making a LaunchAgent that shows a NSAlert modal when the user makes a specific action. I need this NSAlert to be active when appearing on the user screen (i.e. all other windows need to be in a non-active state). However, the NSAlert does not get active and the window just under it stays active. When the NSAlert is shown from a basic Storyboard based app, the NSAlert gets active. So I use eskimo's tutorial to transfer my LaunchAgent to an app bundle and now the NSAlert becomes active when appearing! Moving the binary from Contents/MacOS and launching it outside of the bundle make the NSAlert inactive again. Now my question is, is this behavior documented somewhere? Why do we need the binary to be in a app bundle for it to be able to have active window? Thank you!

I have a kernel extension for SCSIPeripheral devices using IOKitPersonalities.Pluging in a matching device on a booted Mac always load the kext. However, on some configurations (especially with macOS 10.15.4) if the device is already plugged in when booting up the Mac, the kext will not be loaded. The phenomenon always happen on a Mac presenting the issue. However on other Mac even with OS version 10.15.4 the phenomenon never appears. I am not sure where the issue reside, I am presuming that it is a timing issue with the device being matched before my kext is loaded (maybe on Mac with a lot of kext being loaded?).If someone have pointers on how to resolve this issue, I would be glad to hear about it. Thank you !