Trying to upload an application for Notarization, fails with the following error message. Any ideas? 2021-04-22 12:32:29.127 altool[71379:2755143] Error: Error: Could not find or load main class Drive.Moved Caused by: java.lang.ClassNotFoundException: Drive.Moved 2021-04-22 12:32:29.138 altool[71379:2755143] Out: ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "urlsNotAllowedInSupportForums" plist version="1.0" dict keyos-version/key string11.2.3/string keyproduct-errors/key array dict keycode/key integer-18000/integer keymessage/key stringCould not find or load main class Drive.Moved/string keyuserInfo/key dict keyNSLocalizedDescription/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedFailureReason/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedRecoverySuggestion/key stringCould not find or load main class Drive.Moved/string /dict /dict /array keytool-path/key string/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/string keytool-version/key string4.029.1194/string /dict /plist

Hi Quinn and others, I'm trying to add a Provision Profile for an existing Mac App Store application (without using Xcode) and I'm having some troubles. I've determined that the Entitlements in the Profile must match the entitlements used when signing the application. Question 1 I do not seem able to add any "App Sandbox" entitlements to the identifier via the online system. https://developer.apple.com/account/resources/identifiers/bundleId/edit/PK866636VQ Can someone please point me in the right direction or explain what I am missing? Question 2 Now that I am able to read provision profiles, I assume that if I reverse the process I can create them (and thus ensure the entitlements matches my application). However I of course can't create a signed profile using Apple's certificates only my developer certificates that I rent from Apple. I assume that the profile must be signed by "Mac OS X Provisioning Profile Signing", in order to be accepted by the Mac App Store (and various code signing services). Question 3 Is there an API I can use to submit my application's entitlements to the Apple service and then download a provision profile?

I have a really simple profile, the entitlements are as follows. <key>Entitlements</key> <dict> <key>com.apple.application-identifier</key> <string>QXAFMEPH6X.com.ohanaware.aquaSwatch</string> <key>com.apple.developer.team-identifier</key> <string>QXAFMEPH6X</string> <key>keychain-access-groups</key> <array> <string>QXAFMEPH6X.*</string> </array> </dict> However when I add the keychain-access-groups to the code signing entitlements. <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>keychain-access-groups</key> <array> <string>QXAFMEPH6X.com.ohanaware.aquaSwatch</string> </array> The application crashes on launch. Exception Type: EXC_CRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace CODESIGNING, Code 0x1 I think I may have misunderstood Quinn's excellent article on Provision Profiles, because I assumed that the wildcard in the Profile, allowed me to use any identifier as long as the team id was correct. https://developer.apple.com/forums/thread/685723 Thank you for any asssitance Sam Rowlands

Is there a replacement for "SecKeychainItemGetUniqueRecordID"? I'm getting certificates from two different places and I would like a safe way to confirm if these two item are referencing the exact same object in the entire keychain. p.s. Why is "Keychain" or "SecKeychainItem" not a tag?

I only need to call a couple of lines of code with privilege escalation, I think I understand the reasoning behind creating a separate 'helper' application to perform these tasks. Is there a way to get AuthorizationCreate to display the authentication dialog with TouchID? I see localAuthentation can display a TouchID dialog. Is there (apart from AppleScript) a non-deprecated way to simply request authorization, launch a helper with privileges and arguments, then easily obtain the results from it? I get the impression that with SMJobBless (a non-deprecated API, but a ton of work), the helper will then permanently have escalated privileges, surely this is less secure? Also with SMJobBless, it appears that I need to use an installer package to install the helper in the correct place, is this correct? Is there a replacement for SMJobSubmit in the works? What am I missing, or misunderstanding?

I would like to know how to disable adaptive wake, without disabling PowerNap. 2022-03-10 08:49:48.620 Df powerd[107:779c9e] [powerd:assertions] Process powerd.107 Summary MaintenanceWake "Prevent sleep for expected user activity" age:00:00:53 id:55834613872 [System: SRPrevSleep kCPU] I dislike the fact that the computer will wake up before I come to it and will STAY awake, for hours. During the blackout of Taiwan last week, the battery was completely drained when I went to use the laptop and with no power, I was forced to wait until the power came back before I could access the laptop.

I am using the CFProperty "AppleRawCurrentCapacity" value from IOServiceGetMathcingService( kIOMainPortDefault, IOServiceMatching( "AppleSmartBattery" ) ) to obtain the mAh value of the MacBook's battery. Once when the app receives the NSWorkspace notification of display sleep, and once again when receiving the NSWorkspace notification of display wake. I then calculate how much battery was expended during sleep by deducting the pre value from post value. The results can wildly vary, from it using 16 mAh per hour, to gaining 10 mAh an hour (without being plugged in). Sometimes a 10 hour sleep doesn't use any mAh... Which is clearly wrong. When my app detects the key kIOPMPSInvalidWakeSecondsKey is present, I set a timer for that period + 3 seconds and attempt to read the battery values again. Yet the results can still wildly vary. I see on Intel Macs there is a kIOPMPSMaxErrKey (set to 9 on a 2019 16"), however I don't see this on M1, and don't know how it can help, if it does exist. Can anyone give me any pointers as to what I am doing wrong, or in the direction of obtaining reliable mAh values? I like mAh as it's more precise that the standard integer values of 0 - 100, but I don't have to stick with mAh, I'd just don't like reporting that a 16 hour sleep didn't use any battery, when I know it's not true. Thanks

Using IOHIDManagerCopyDevices to get a list of keyboards and mice attached to Mac, triggers the user facing "Input Monitoring" request. Because I'm NOT monitoring the users input, the result of the user selection makes no difference to the result, but the privacy warning dialog makes my app look suspicious. All it is doing is checking to make sure that the customer has a non-Bluetooth keyboard or mouse, before they click the button to disable Bluetooth. Is there a way a safe way (no private API please) to enumerate HID devices without this warning, or should I file a feedback asking Apple to reconsider what triggers this dialog?

I'm converting some code that reads a file's ACLs and I'm having a hard time with acl_free crashing. There is clearly something that I am not understanding. // --- Do we have access control lists? let fileSecurity = properties.fileSecurity var accessList: acl_t? if CFFileSecurityCopyAccessControlList( fileSecurity, &accessList ) { print( "We have access control lists" ) acl_free( &accessList ) } The line acl_free( &accessList ) crashes with the following. malloc: *** error for object 0x16d28ac40: pointer being freed was not allocated In the debugger I can see that accessList points to an object. "accessList = acl_t? 0x000000015b00ea00" I notice that the crash report ptr ref is different to what Xcode is showing in the debugger. Also worth noting, is CFFileSecurityCopyAccessControlList takes a "UnsafeMutablePointer<acl_t?>!" While acl_free takes a "void *obj_p" Can anyone please give me a ptr as to what I am doing wrong? 16" MacBook Pro M2 Pro with Ventura 13.5 running Xcode 15.0

SwiftUI on macOS does so many things in way that I really love it, but it feels like I've run into an area that no-one at Apple seems to care about. Text Editing In order to get a TextEditor that could use the built-in Spelling & Grammar checking (without enabling Autocorrect), I had to host a NSTextView, which was an interesting experience for someone with only a few months of SwiftUI experience. The default menu items "TextEditingCommands()" don't reflect the fields settings. The menu items do change the settings, but consistently show all the options as being unsellected. I'd like to know if there's a secret sauce I'm missing that would enable these menuitems to reflect the settings of the focused field, or if like the TextEditor, these items need to be recreated and replaced to work as expected. I understand that saving and reloading the settings per field is up to the individual developer, but it would be great if there is an over writable template that could handle this by default.

Was under the impression that all executable components needed to be signed with the same certificate as the bundle. However I've just encountered a recently Notarized application where that isn't the case. These components are in the "/Contents/Resources/" folder of the main bundle. While I can suggest the developer to sign these with the same identity and move them to a more suitable location. It would appear that codesign, GateKeeper and Notarization has accepted these. Or are these restrictions for the Mac App Store only?

The framework layout doesn't meet Apple's Bundle Guidelines. Everything is in the root of the bundle, with no "Versions" folder. I suspect it works because the main executable and the "Resources" folder are in the root. However Code sign doesn't complain about it either, unlike some other incorrectly formatted bundles. I ask because the documentation for bundle structures hasn't been updated since 2017 (https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW1) and I am wondering if there is newer documentation or perhaps Framework bundles no longer need to organized according to that documentation.

@Quinn, The application which is not made with Xcode, has a provision profile, but App Store Connect says "Not Available for Testing". My Googlefu appears weak as I can't seem to figure out why this is, except that it mentions you need to be using Xcode 13 or newer. Am guessing Xcode is adding some meta data to the Info.plist file which TestFlight requires. Is it possible to know which keys and values are required to satisfy TestFlight? If it's not plist keys, is there something else that's needed, that can be shared? We can do this privately if desired.

To help with debugging on a customers machine, this terminal command records log entries for my app and writes 'em to disk. log stream --predicate 'process=="Sleep Aid"' --style compact > ~/Desktop/Sleep\ Aid.log In my app I have a function that does something similar to the above with a NSTask, and then I ask the customer to repeat the action that causes the problem. However for one customer, the file is created, but apart from it saying it's being filter by process, nothing else is written. Is there some new security setting that can prevent an app from getting its own logging data, or in this case even prevent the customer from using terminal and the above command to get the log data? This is similar also. https://forums.developer.apple.com/forums/thread/743803 Or should I be filing a radar about a potential bug?

Hi All, Trying to validate some altool credentials, produces this error message. "Failed to get authorization for username '<username/>' and password with errors:( "Error Domain=NSCocoaErrorDomain Code=0 "Status code: 0" UserInfo={NSLocalizedDescription=Status code:0, NSLocalizedFailureReason=The auth server returned a bad status code.}") This is returned when altool is called in the following way. xcrun altool --notarization-history 0 -u <username/> -p <password/> --output-format xml macOS 11.2.3 and Xcode 12.5 Things that have been tried already. Making sure the Apple system status page shows no issues. Different networks. Checked to see if any agreements need to be "activated". Recreated the app-specific password multiple times. Any other suggestions? @Quinn - Hi Quinn, it's Sam Rowlands (again) and this is with another App Wrapper customer experiencing this issue (so not me directly).