https://developer.apple.com/documentation/bundleresources/information_property_list/lsminimumsystemversionbyarchitecture?language=objc Shows the values for PPC, PPC64, i386 & x84_64. But there's no values for ARM. Can someone from Apple please provide what the values should be. I'd hate to use the wrong value, i.e. "arm64" when it should be "arm64e" or vice versa. Maybe it's not even arm64 and it's something else?

Trying to upload an application for Notarization, fails with the following error message. Any ideas? 2021-04-22 12:32:29.127 altool[71379:2755143] Error: Error: Could not find or load main class Drive.Moved Caused by: java.lang.ClassNotFoundException: Drive.Moved 2021-04-22 12:32:29.138 altool[71379:2755143] Out: ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "urlsNotAllowedInSupportForums" plist version="1.0" dict keyos-version/key string11.2.3/string keyproduct-errors/key array dict keycode/key integer-18000/integer keymessage/key stringCould not find or load main class Drive.Moved/string keyuserInfo/key dict keyNSLocalizedDescription/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedFailureReason/key stringCould not find or load main class Drive.Moved/string keyNSLocalizedRecoverySuggestion/key stringCould not find or load main class Drive.Moved/string /dict /dict /array keytool-path/key string/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/string keytool-version/key string4.029.1194/string /dict /plist

Hi All, Trying to validate some altool credentials, produces this error message. "Failed to get authorization for username '<username/>' and password with errors:( "Error Domain=NSCocoaErrorDomain Code=0 "Status code: 0" UserInfo={NSLocalizedDescription=Status code:0, NSLocalizedFailureReason=The auth server returned a bad status code.}") This is returned when altool is called in the following way. xcrun altool --notarization-history 0 -u <username/> -p <password/> --output-format xml macOS 11.2.3 and Xcode 12.5 Things that have been tried already. Making sure the Apple system status page shows no issues. Different networks. Checked to see if any agreements need to be "activated". Recreated the app-specific password multiple times. Any other suggestions? @Quinn - Hi Quinn, it's Sam Rowlands (again) and this is with another App Wrapper customer experiencing this issue (so not me directly).

Was under the impression that all executable components needed to be signed with the same certificate as the bundle. However I've just encountered a recently Notarized application where that isn't the case. These components are in the "/Contents/Resources/" folder of the main bundle. While I can suggest the developer to sign these with the same identity and move them to a more suitable location. It would appear that codesign, GateKeeper and Notarization has accepted these. Or are these restrictions for the Mac App Store only?

The framework layout doesn't meet Apple's Bundle Guidelines. Everything is in the root of the bundle, with no "Versions" folder. I suspect it works because the main executable and the "Resources" folder are in the root. However Code sign doesn't complain about it either, unlike some other incorrectly formatted bundles. I ask because the documentation for bundle structures hasn't been updated since 2017 (https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW1) and I am wondering if there is newer documentation or perhaps Framework bundles no longer need to organized according to that documentation.

Hi Quinn and others, I'm trying to add a Provision Profile for an existing Mac App Store application (without using Xcode) and I'm having some troubles. I've determined that the Entitlements in the Profile must match the entitlements used when signing the application. Question 1 I do not seem able to add any "App Sandbox" entitlements to the identifier via the online system. https://developer.apple.com/account/resources/identifiers/bundleId/edit/PK866636VQ Can someone please point me in the right direction or explain what I am missing? Question 2 Now that I am able to read provision profiles, I assume that if I reverse the process I can create them (and thus ensure the entitlements matches my application). However I of course can't create a signed profile using Apple's certificates only my developer certificates that I rent from Apple. I assume that the profile must be signed by "Mac OS X Provisioning Profile Signing", in order to be accepted by the Mac App Store (and various code signing services). Question 3 Is there an API I can use to submit my application's entitlements to the Apple service and then download a provision profile?

I have a really simple profile, the entitlements are as follows. <key>Entitlements</key> <dict> <key>com.apple.application-identifier</key> <string>QXAFMEPH6X.com.ohanaware.aquaSwatch</string> <key>com.apple.developer.team-identifier</key> <string>QXAFMEPH6X</string> <key>keychain-access-groups</key> <array> <string>QXAFMEPH6X.*</string> </array> </dict> However when I add the keychain-access-groups to the code signing entitlements. <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>keychain-access-groups</key> <array> <string>QXAFMEPH6X.com.ohanaware.aquaSwatch</string> </array> The application crashes on launch. Exception Type: EXC_CRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace CODESIGNING, Code 0x1 I think I may have misunderstood Quinn's excellent article on Provision Profiles, because I assumed that the wildcard in the Profile, allowed me to use any identifier as long as the team id was correct. https://developer.apple.com/forums/thread/685723 Thank you for any asssitance Sam Rowlands

Is there a replacement for "SecKeychainItemGetUniqueRecordID"? I'm getting certificates from two different places and I would like a safe way to confirm if these two item are referencing the exact same object in the entire keychain. p.s. Why is "Keychain" or "SecKeychainItem" not a tag?

Because the receipt file doesn't exist at the following path, my application exits with error code 173. /Applications/Notched Up.app/Contents/_MASReceipt/receipt However unlike in the past where it then re-launches and works, I'm now getting the error message that this application is damaged and must be re-downloaded from the App Store. In the console I see the following messages. error 12:35:02.553477+0800 Notched Up (com.apple.libsqlite3) cannot open file at line 45340 of [d24547a13b] error 12:35:02.553498+0800 Notched Up (com.apple.libsqlite3) os_unix.c:45340: (2) open(/var/db/DetachedSignatures) - No such file or directory default 12:35:04.481080+0800 storeuid (com.apple.commerce) Fetching missing receipt for sandbox app /Applications/Notched Up.app default 12:35:04.707374+0800 storelegacy (com.apple.commerce) StoreLegacy: Failed to perform in-line receipt renewal for application at path /Applications/Notched Up.app : 'Error Domain=com.apple.commerce.client Code=500 "(null)"' My gut is telling me that something internal related to the App Store isn't working correctly as this code was functional a couple of weeks ago and while the first two lines show sql, this app doesn't use sqlite. App is signed with "Apple Distribution". Have tested app with "Apple Development". Have removed entitlements that need a profile and the provisioning profile. The App Store application shows the correct "Sandbox" tester account (in the preferences). I've logged the test account out and back in. I've verified that tester account is the same store locale as my main account. I've rebooted this i9 16" MBP running macOS 12.0.1, even thought it rebooted itself last night, because ???? Any advice, can you spot something I've done wrong?

I only need to call a couple of lines of code with privilege escalation, I think I understand the reasoning behind creating a separate 'helper' application to perform these tasks. Is there a way to get AuthorizationCreate to display the authentication dialog with TouchID? I see localAuthentation can display a TouchID dialog. Is there (apart from AppleScript) a non-deprecated way to simply request authorization, launch a helper with privileges and arguments, then easily obtain the results from it? I get the impression that with SMJobBless (a non-deprecated API, but a ton of work), the helper will then permanently have escalated privileges, surely this is less secure? Also with SMJobBless, it appears that I need to use an installer package to install the helper in the correct place, is this correct? Is there a replacement for SMJobSubmit in the works? What am I missing, or misunderstanding?

@Quinn, The application which is not made with Xcode, has a provision profile, but App Store Connect says "Not Available for Testing". My Googlefu appears weak as I can't seem to figure out why this is, except that it mentions you need to be using Xcode 13 or newer. Am guessing Xcode is adding some meta data to the Info.plist file which TestFlight requires. Is it possible to know which keys and values are required to satisfy TestFlight? If it's not plist keys, is there something else that's needed, that can be shared? We can do this privately if desired.

I would like to know how to disable adaptive wake, without disabling PowerNap. 2022-03-10 08:49:48.620 Df powerd[107:779c9e] [powerd:assertions] Process powerd.107 Summary MaintenanceWake "Prevent sleep for expected user activity" age:00:00:53 id:55834613872 [System: SRPrevSleep kCPU] I dislike the fact that the computer will wake up before I come to it and will STAY awake, for hours. During the blackout of Taiwan last week, the battery was completely drained when I went to use the laptop and with no power, I was forced to wait until the power came back before I could access the laptop.

I'd like to know how to detect if an application is playing music (I guess audio) and pause it while my app does something and then resume it once it's done. It seems like I should be able to do that with "Now Playing" or "Media Player", but these appear to be iOS libraries and not fleshed out for the Mac (or I am misunderstanding the documentation). Control Center appears to be unscriptable, while a user can control Media via the Shortcuts app, it seems like a 3rd Party app can't embed and execute a shortcut.

I am using the CFProperty "AppleRawCurrentCapacity" value from IOServiceGetMathcingService( kIOMainPortDefault, IOServiceMatching( "AppleSmartBattery" ) ) to obtain the mAh value of the MacBook's battery. Once when the app receives the NSWorkspace notification of display sleep, and once again when receiving the NSWorkspace notification of display wake. I then calculate how much battery was expended during sleep by deducting the pre value from post value. The results can wildly vary, from it using 16 mAh per hour, to gaining 10 mAh an hour (without being plugged in). Sometimes a 10 hour sleep doesn't use any mAh... Which is clearly wrong. When my app detects the key kIOPMPSInvalidWakeSecondsKey is present, I set a timer for that period + 3 seconds and attempt to read the battery values again. Yet the results can still wildly vary. I see on Intel Macs there is a kIOPMPSMaxErrKey (set to 9 on a 2019 16"), however I don't see this on M1, and don't know how it can help, if it does exist. Can anyone give me any pointers as to what I am doing wrong, or in the direction of obtaining reliable mAh values? I like mAh as it's more precise that the standard integer values of 0 - 100, but I don't have to stick with mAh, I'd just don't like reporting that a 16 hour sleep didn't use any battery, when I know it's not true. Thanks

Using IOHIDManagerCopyDevices to get a list of keyboards and mice attached to Mac, triggers the user facing "Input Monitoring" request. Because I'm NOT monitoring the users input, the result of the user selection makes no difference to the result, but the privacy warning dialog makes my app look suspicious. All it is doing is checking to make sure that the customer has a non-Bluetooth keyboard or mouse, before they click the button to disable Bluetooth. Is there a way a safe way (no private API please) to enumerate HID devices without this warning, or should I file a feedback asking Apple to reconsider what triggers this dialog?