I can use /usr/bin/security to install a root CA, and to delete it (based on the file)... but how do I check to see if it's installed already? Surely there is a way to do this, other than security find-certificate -a | fgrep my.ca.name? Ideally from the shell level, but if I have to write a program I can (in which case I believe it'd be a relatively easy, albeit annoying because I hate writing certificate code, task)...

Is it better to Create an NSXPCConnection, keep it around, and create proxies using that as needed, or Create an NSXPCConnection, create a proxy off of it, and then close the connection when done?

We want to have a login window stay in front and key, until the user signs in. We want it to stay in front even if switching away from it. Now, this does seem possible, since zoom just did it to me while I was getting into a call to discuss this, but I can't figure out how. In this particular case, I am instantiating an NSViewController subclass, and then creating an NSWindow for it to use. I have tried setting the NSWindow.level to all sorts of values, and they don't seem to work. help?

I don't know how to go forward on this one: we have a test engineer who can, reliably, cause networking to simply stop working. Our app has 3 major components -- a proxy daemon, a containing UI app, and a network extension. Because I am lousy at using debuggers, the extension logs every single new flow it gets (to .debug), as well as a bunch more. When our engineer gets this problem, the proxy may crash a couple of times, but is still running; the extension is also still running, but no longer gets new flows. Networking outside the machine no longer works. But doing echo foo | nc 127.0.0.1 88 succeeds (or, at least, doesn't print any error -- and also doesn't get any log messages from the extension). I've got a sysdiagnose from it, as well as a bunch of logs, and all I can really see is that the proxy app restarted, and when it came back, it said there was no networking available. And that the extension stopped logging new flows at about the same time. I have not been able to reproduce this -- even though our engineer is using the same script I wrote to try to reproduce it, and he can, within an hour. (As opposed to my systems, which have been running for almost a day on both an M1 and Intel system.) Any ideas of things I should try looking for in the sysdiagnose?

I'm trying to write a libcurl wrapper using the NSURL* interfaces. (Why? Because we're running into some problems with libcurl and I'd rather not rewrite all of the C++ code, so I thought I'd try wrapping a subset around NSURLSession et al.) One of the things we want to get is the IP address of the remote side (for both GET and POST). I can possibly live without this, but it's very useful for debug and performance information.

Why doesn't it have a way to see what the request was? You can see what extension it was for (the identifier property), but you can't tell whether it was for an installation, uninstallation, or properties request. Why is that?

To begin with: I know it's my code, because if I go back to our main branch and try it, I don't get this crash. But I can't figure out what it's unhappy about, so I'm not sure what changes I have to look for. (Also, this is macOS.) The daemon tries to communicate with a Network Extension over XPC. I have a class, with a shared instance, and I have a cached NSXPCConnection connection instance variable. So my code is something like id connection = [[ExtensionCommunication shared] connection], which is created by [[NSXPCConnection alloc] initWithMachServiceName:self.redirectorMachServiceName options:0]. With my changes (whatever they are), when it does [_connection resume], it crashes:   * frame #0: 0x00007ff8191ab20e libxpc.dylib`_xpc_api_misuse + 117     frame #1: 0x00007ff8191963a1 libxpc.dylib`xpc_connection_resume + 54 This happens whether the network extension is activated or not. The crash happens the second time this is called. (Hm, one thing I need to figure out then is why my cached connection object is being set to nil. It shouldn't be. hm.) Anyway! Any suggestions on how I can try to debug this?

If I use NWConnection for a UDP connection, is there a way to get the peer name? Since it's not a stream, data can theoretically come from anywhere; at the C level, I'd use recvfrom which would tell me the remote address. I'm likely to be missing something obvious to everyone but me, I do have a tendency to look at problems as C problems. 😄

I can get the security path "easily" enough, but for bundles, that gives me the top director, whereas I am trying to get the name of the executable. (I would have used kern.proc.pathname.$pid on FreeBSD, but that's not there for macOS, and kern.procname only gives the current process' name. I also found eskimo's post about getting process arguments, and I could use that to get all the arguments and only care about argv[0], but since the kernel does have p->p_name it'd be nice if there were a nicer way to get just that...) This is in the context of a network extension. Endpoint Security is much nicer in that regard. 😄

I've got @Environment(\.managedObjectContext) var context private var home: Home private var predicate: NSPredicate @State var sortBy: SortDescriptor<Room> @FetchRequest private var rooms: FetchedResults<Room> init(home: Home) { self.home = home _sortBy = State(initialValue: SortDescriptor<Room>(\.name)) self.predicate = NSPredicate(format: "%K = %@", "home", self.home) _rooms = FetchRequest<Room>( sortDescriptors: [self.sortBy], predicate: self.predicate) } But it won't compile -- it says Variable 'self.rooms' used before being initialized. But... how?

Continuing my standard weekend project of just playing with things, and I have a little inventory app. Basically something like @Model final class Room { var id: UUID var name: String @Relationship(deleteRule: .cascade, inverse: \Item.room) var items: [Item] } @Model final class Item { var id: UUID var name: String @Relationship(deleteRule: .nullify) room: Room } Then in a SwiftUI view for each Room, I use another ItemsView that constructs a query predicate based on the room ID that is passed in. And then on that, I've got a sheet to edit it, which is passed in @Bindable var item: Item, and has a form to edit it, and cancel & save buttons. Standard stuff. But if I edit the fields in the Item, they get reflected immediately, which, ok, that's actually what I wanted so yay. But the "Save" button calls context.save() while the "Cancel" button doesn't -- it calls context.rollback() (and I have auto-save off). And the problem I've got is: when I do that, the ItemsView updates, in real time, but when I cancel, it doesn't update; I have to quit and relaunch the app to get that properly in sync. The easiest change I can make, I presume, is to simply not use the passed in Item, but simply copy its values around to a new instance, but that won't update the item, so I'd have to delete it and re-insert it, or copy the fields back in the completion handler, or any number of things. So my question really is: assuming what I just described makes sense, what's the proper way to deal with it?

Only I do: .sheet(isPresented: self.$showMoveItemSheet) { MoveItemsView(items: Array(self.selectedItems), from: self.room) .modelContext(self.context) } .modelContext(self.context) and then in the MoveItemsView I have @Environment(\.modelContext) var context Hm, I'm setting the Query programmatically during init, would that be the cause? 'cause it does seem to work...

I added a Home concept to my simple test program, which made the chain be Home has Rooms which have Items. But when I tried using something like let homeID = self.room.home?.id ?? UUID() _items = Query(#Predicate { ($0.room?.home?.id == homeID) == true }) it complained about an illegal ternary. Fine, it's picky so I changed the Item model to have a computed property: var home: Home? { return self.room?.home?.id } but with that, it crashes at runtime, because it can't find the keypath to .home. Is this all expected?

As mentioned before, we have to network extensions for our app -- a transparent proxy provider, and a packet filter. We just started testing with multiple users, and I'm seeing what seem to me to be very strange results, but they get less strange if the states aren't system-wide. Easiest case: I install while I'm logged in, we install the agents and daemons, start everything up, and the app then goes to activate both extensions. This starts with an OSSystemExtensionRequest for each, and when the completion delegate is invoked, I go to "connect" them, which is where the does the load/save preferences. Barring the apparent timing issue I filed a feedback on, this works. If i then fast-user-switch to a second user, the agent once again starts, and goes through the same process -- it creates an OSSystemExtensionRequest to load them both, the delegate gets invoked, and then it does the connection functions for each. The behaviour might change slightly if the second user is already logged in, but I lost my notes there. At the end of this, I am left with things in a weird-to-me state: For the second user (not an admin), I see three entries in prefs/settings > Network -- one packet filter, and two TPPs. The two TPPs either appear 100% identical, in that they both have the same connection time, or one is connected and the other isn't. For the first user (an admin), I sometimes see 1, 2, or 3 entries -- and the VPNs are not always shown as connected. This is new behaviour for us, so either it's something I'm doing in the connection code, or something in the OS changed. The latter seems unlikely since the machine in question is still running macOS 12.6, but I don't test multiple users very often. If the packet filter is global, and the TPP network connection is per user, this kinda makes sense (but why did we not notice it before?).

I ran it (Leaks) on a process for about 2 hours. It collected 68gytes of data. It cannot open the folder -- can't find a file (which is there as a .zip archive) or if I expand it, just an error about missing an index. Filing a bug about this is difficult, since it's 68gbyets of data.