Hi All, Trying to validate some altool credentials, produces this error message. "Failed to get authorization for username '<username/>' and password with errors:( "Error Domain=NSCocoaErrorDomain Code=0 "Status code: 0" UserInfo={NSLocalizedDescription=Status code:0, NSLocalizedFailureReason=The auth server returned a bad status code.}") This is returned when altool is called in the following way. xcrun altool --notarization-history 0 -u <username/> -p <password/> --output-format xml macOS 11.2.3 and Xcode 12.5 Things that have been tried already. Making sure the Apple system status page shows no issues. Different networks. Checked to see if any agreements need to be "activated". Recreated the app-specific password multiple times. Any other suggestions? @Quinn - Hi Quinn, it's Sam Rowlands (again) and this is with another App Wrapper customer experiencing this issue (so not me directly).

I have a really simple profile, the entitlements are as follows. <key>Entitlements</key> <dict> <key>com.apple.application-identifier</key> <string>QXAFMEPH6X.com.ohanaware.aquaSwatch</string> <key>com.apple.developer.team-identifier</key> <string>QXAFMEPH6X</string> <key>keychain-access-groups</key> <array> <string>QXAFMEPH6X.*</string> </array> </dict> However when I add the keychain-access-groups to the code signing entitlements. <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>keychain-access-groups</key> <array> <string>QXAFMEPH6X.com.ohanaware.aquaSwatch</string> </array> The application crashes on launch. Exception Type: EXC_CRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace CODESIGNING, Code 0x1 I think I may have misunderstood Quinn's excellent article on Provision Profiles, because I assumed that the wildcard in the Profile, allowed me to use any identifier as long as the team id was correct. https://developer.apple.com/forums/thread/685723 Thank you for any asssitance Sam Rowlands

Because the receipt file doesn't exist at the following path, my application exits with error code 173. /Applications/Notched Up.app/Contents/_MASReceipt/receipt However unlike in the past where it then re-launches and works, I'm now getting the error message that this application is damaged and must be re-downloaded from the App Store. In the console I see the following messages. error 12:35:02.553477+0800 Notched Up (com.apple.libsqlite3) cannot open file at line 45340 of [d24547a13b] error 12:35:02.553498+0800 Notched Up (com.apple.libsqlite3) os_unix.c:45340: (2) open(/var/db/DetachedSignatures) - No such file or directory default 12:35:04.481080+0800 storeuid (com.apple.commerce) Fetching missing receipt for sandbox app /Applications/Notched Up.app default 12:35:04.707374+0800 storelegacy (com.apple.commerce) StoreLegacy: Failed to perform in-line receipt renewal for application at path /Applications/Notched Up.app : 'Error Domain=com.apple.commerce.client Code=500 "(null)"' My gut is telling me that something internal related to the App Store isn't working correctly as this code was functional a couple of weeks ago and while the first two lines show sql, this app doesn't use sqlite. App is signed with "Apple Distribution". Have tested app with "Apple Development". Have removed entitlements that need a profile and the provisioning profile. The App Store application shows the correct "Sandbox" tester account (in the preferences). I've logged the test account out and back in. I've verified that tester account is the same store locale as my main account. I've rebooted this i9 16" MBP running macOS 12.0.1, even thought it rebooted itself last night, because ???? Any advice, can you spot something I've done wrong?

Trying to upload an application for Notarization, fails with the following error message. Any ideas? 2021-04-22 12:32:29.127 altool[71379:2755143] Error: Error: Could not find or load main class Drive.Moved Caused by: java.lang.ClassNotFoundException: Drive.Moved 2021-04-22 12:32:29.138 altool[71379:2755143] Out: ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "urlsNotAllowedInSupportForums" plist version="1.0" dict keyos-version/key string11.2.3/string keyproduct-errors/key array dict keycode/key integer-18000/integer keymessage/key stringCould not find or load main class Drive.Moved/string keyuserInfo/key dict keyNSLocalizedDescription/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedFailureReason/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedRecoverySuggestion/key stringCould not find or load main class Drive.Moved/string /dict /dict /array keytool-path/key string/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/string keytool-version/key string4.029.1194/string /dict /plist

I only need to call a couple of lines of code with privilege escalation, I think I understand the reasoning behind creating a separate 'helper' application to perform these tasks. Is there a way to get AuthorizationCreate to display the authentication dialog with TouchID? I see localAuthentation can display a TouchID dialog. Is there (apart from AppleScript) a non-deprecated way to simply request authorization, launch a helper with privileges and arguments, then easily obtain the results from it? I get the impression that with SMJobBless (a non-deprecated API, but a ton of work), the helper will then permanently have escalated privileges, surely this is less secure? Also with SMJobBless, it appears that I need to use an installer package to install the helper in the correct place, is this correct? Is there a replacement for SMJobSubmit in the works? What am I missing, or misunderstanding?

Hi Quinn and others, I'm trying to add a Provision Profile for an existing Mac App Store application (without using Xcode) and I'm having some troubles. I've determined that the Entitlements in the Profile must match the entitlements used when signing the application. Question 1 I do not seem able to add any "App Sandbox" entitlements to the identifier via the online system. https://developer.apple.com/account/resources/identifiers/bundleId/edit/PK866636VQ Can someone please point me in the right direction or explain what I am missing? Question 2 Now that I am able to read provision profiles, I assume that if I reverse the process I can create them (and thus ensure the entitlements matches my application). However I of course can't create a signed profile using Apple's certificates only my developer certificates that I rent from Apple. I assume that the profile must be signed by "Mac OS X Provisioning Profile Signing", in order to be accepted by the Mac App Store (and various code signing services). Question 3 Is there an API I can use to submit my application's entitlements to the Apple service and then download a provision profile?

Is there a replacement for "SecKeychainItemGetUniqueRecordID"? I'm getting certificates from two different places and I would like a safe way to confirm if these two item are referencing the exact same object in the entire keychain. p.s. Why is "Keychain" or "SecKeychainItem" not a tag?

@Quinn, The application which is not made with Xcode, has a provision profile, but App Store Connect says "Not Available for Testing". My Googlefu appears weak as I can't seem to figure out why this is, except that it mentions you need to be using Xcode 13 or newer. Am guessing Xcode is adding some meta data to the Info.plist file which TestFlight requires. Is it possible to know which keys and values are required to satisfy TestFlight? If it's not plist keys, is there something else that's needed, that can be shared? We can do this privately if desired.

To help with debugging on a customers machine, this terminal command records log entries for my app and writes 'em to disk. log stream --predicate 'process=="Sleep Aid"' --style compact > ~/Desktop/Sleep\ Aid.log In my app I have a function that does something similar to the above with a NSTask, and then I ask the customer to repeat the action that causes the problem. However for one customer, the file is created, but apart from it saying it's being filter by process, nothing else is written. Is there some new security setting that can prevent an app from getting its own logging data, or in this case even prevent the customer from using terminal and the above command to get the log data? This is similar also. https://forums.developer.apple.com/forums/thread/743803 Or should I be filing a radar about a potential bug?

Was under the impression that all executable components needed to be signed with the same certificate as the bundle. However I've just encountered a recently Notarized application where that isn't the case. These components are in the "/Contents/Resources/" folder of the main bundle. While I can suggest the developer to sign these with the same identity and move them to a more suitable location. It would appear that codesign, GateKeeper and Notarization has accepted these. Or are these restrictions for the Mac App Store only?

The framework layout doesn't meet Apple's Bundle Guidelines. Everything is in the root of the bundle, with no "Versions" folder. I suspect it works because the main executable and the "Resources" folder are in the root. However Code sign doesn't complain about it either, unlike some other incorrectly formatted bundles. I ask because the documentation for bundle structures hasn't been updated since 2017 (https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW1) and I am wondering if there is newer documentation or perhaps Framework bundles no longer need to organized according to that documentation.

I am using the CFProperty "AppleRawCurrentCapacity" value from IOServiceGetMathcingService( kIOMainPortDefault, IOServiceMatching( "AppleSmartBattery" ) ) to obtain the mAh value of the MacBook's battery. Once when the app receives the NSWorkspace notification of display sleep, and once again when receiving the NSWorkspace notification of display wake. I then calculate how much battery was expended during sleep by deducting the pre value from post value. The results can wildly vary, from it using 16 mAh per hour, to gaining 10 mAh an hour (without being plugged in). Sometimes a 10 hour sleep doesn't use any mAh... Which is clearly wrong. When my app detects the key kIOPMPSInvalidWakeSecondsKey is present, I set a timer for that period + 3 seconds and attempt to read the battery values again. Yet the results can still wildly vary. I see on Intel Macs there is a kIOPMPSMaxErrKey (set to 9 on a 2019 16"), however I don't see this on M1, and don't know how it can help, if it does exist. Can anyone give me any pointers as to what I am doing wrong, or in the direction of obtaining reliable mAh values? I like mAh as it's more precise that the standard integer values of 0 - 100, but I don't have to stick with mAh, I'd just don't like reporting that a 16 hour sleep didn't use any battery, when I know it's not true. Thanks

I'm converting some code that reads a file's ACLs and I'm having a hard time with acl_free crashing. There is clearly something that I am not understanding. // --- Do we have access control lists? let fileSecurity = properties.fileSecurity var accessList: acl_t? if CFFileSecurityCopyAccessControlList( fileSecurity, &accessList ) { print( "We have access control lists" ) acl_free( &accessList ) } The line acl_free( &accessList ) crashes with the following. malloc: *** error for object 0x16d28ac40: pointer being freed was not allocated In the debugger I can see that accessList points to an object. "accessList = acl_t? 0x000000015b00ea00" I notice that the crash report ptr ref is different to what Xcode is showing in the debugger. Also worth noting, is CFFileSecurityCopyAccessControlList takes a "UnsafeMutablePointer<acl_t?>!" While acl_free takes a "void *obj_p" Can anyone please give me a ptr as to what I am doing wrong? 16" MacBook Pro M2 Pro with Ventura 13.5 running Xcode 15.0

I think I'm misunderstanding something here, maybe someone could point me in the right direction. In System Settings, "Correct spelling automatically" is DISABLED, along with all the other options that ruin what you're typing. In TextEdit, it continues to highlight spelling and grammar mistakes, so does Mail, Safari and others. Yet SwiftUI made apps, don't. I can right-click, enable "Check Spelling while typing", but after typing a few characters, words, it becomes disabled again. I've busted through the view hierarchy to get the hosted NSTextView and overridden "isContinuousSpellCheckingEnabled" but something frequently reverts this to false. Is my only option to have a large TextEditor with spell checking (but not auto correction) to create my own version of TextEditor by hosting the NSTextView myself. That's a lot of work for something which seems wrong, when I'm hoping that I'm simply missing something here. Xcode 15.2 on macOS 13.5.

Adding a second "DocumentGroup" to a document based SwiftUI auto converts the "New" menu item into a submenu, with one item "New Document". I'd like to add a second item to that submenu, to create a new instance of my second doc type. Googling around finds one solution, but that doesn't work as I'd expect it to with Ventura 13.6.5 and Xcode 15.2. The solution linked to below, adds a menuitem under the "Open Recent" menu, not in the "New" submenu. https://github.com/Asperi-Demo/4SwiftUI/blob/master/Answers/Handle_different_document_types.md Changing the position to "before", also doesn't add it to the menu, and if you replace ".newItem", you then have to manually handle the Open dialog and the Open Recent menu. So what am I missing?