Hello again, it seems like macOS memory protection kicks in and does not allow starting/restarting different executable. Further, I have noticed that app built with xCode 16.4 allows daemon updates via SMAppService with unregister/register. App built with xCode 26.0.1 does not succeed in the same approach. Console output After a while, toggling the System Preferences -> General -> Login items & extensions, it is possible to get the updated daemon running, but it's inconsistent. Here's what I tried: automatic update with SMAppService register/unregister after app update toggle the daemon toggle in System Preferences after app update off/on. manually call unregister command from app, wait a bit register. All of these end up in daemon not starting the first time as in console log provided. What is the correct way, to update the daemon with SMAppService?

Hey, sorry for not the greatest title, initially thought I will be able to edit and polish title and content, but saw in the forums, that it is possible to do that only for a short amount of time. Getting back to the topic: https://github.com/nymtech/nym-vpn-client/blob/develop/nym-vpn-apple/Daemon/net.nymtech.vpn.helper.plist Yes, we are using BundleProgram.

static var keyWindow: UIWindow? { guard let window = UIApplication.shared.connectedScenes .compactMap({ $0 as? UIWindowScene }) .flatMap({ $0.windows }) .first(where: { $0.isKeyWindow }) else { return nil } return window }

That is the idea I am working with so far: var authRef: AuthorizationRef? let status = AuthorizationCreate(nil, nil, [], &authRef) if status != errAuthorizationSuccess { return false } let rightName = kSMRightBlessPrivilegedHelper return rightName.withCString { cStringName -> Bool in var authItem = AuthorizationItem( name: cStringName, valueLength: 0, value: nil, flags: 0 ) return withUnsafeMutablePointer(to: &authItem) { authItemPointer -> Bool in var authRights = AuthorizationRights(count: 1, items: authItemPointer) let authFlags: AuthorizationFlags = [.interactionAllowed, .preAuthorize, .extendRights] let status = AuthorizationCopyRights(authRef!, &authRights, nil, authFlags, nil) if status == errAuthorizationSuccess { // Place to execute your authorized action: var cfError: Unmanaged<CFError>? if !SMJobBless(kSMDomainSystemLaunchd, "myApp.agent" as CFString, authRef!, &cfError) { print("SMJobBless error: \(String(describing: cfError))") return false } return true } return false } } But 'SMJobBless' was deprecated in macOS 13.0: Please use SMAppService instead.

Thanks for such a swift answer. Off topic, you are a forum here and you have helped more than once with your answers in my career. You are my hero.🏅 Thank you 🙏 Hmm, sorry for not such a brief question, let me provide more context. I am developing a vpn app, not sandboxed, which needs a system daemon(grpc with socket) to be running. I have managed to include the daemon in the app, now thinking of the best approach to Bless and Authorize the non sandboxed daemon. I need to run the daemon as root, it does not need to be shut down when app quits. Super good idea to spawn daemon via Sockets as that is what I am listening to on grpc. The documentation regarding daemon - it feels like it is super scarce. There is the introduction of SMAppService and deprecation of SMJobBless. SMAppService too fresh to find proper samples, while SMJobBless quite old to find something. What would be the best approach for a (non sandboxed) vpn app + daemon to be signed outside of the App Store?