Mac Mountain Lion Error - "isn't in fPermittedFrontASNs" - osx-mountain-lion

I have a python script that has been converted to a bundled application using py2app. When invoked manually, it runs fine. However, under Mountain Lion, when I try to invoke it using launchd, I get the following error in the system log:
Aug 8 07:15:02 StraylightPro.local Irrigate[79689]: Irrigate Error
Aug 8 07:15:02 StraylightPro.local coreservicesd[77]: Application
App:"Irrigate" [ 0x0/0x697596f] # 0x0x7fe77240cec0 tried to be
brought forward, but isn't in fPermittedFrontASNs ( (
ASN:0x0-0x1cb2cb1:) ), so denying.
It seems pretty clear that this is the result of the new security features in Mountain Lion, but searching through Apple's Developer docs and Googling around on the web for the term "fPermittedFrontASNs" hasn't turned up anything.
It would be really nice if I could add an extended attribute to the application bundle or add a line to the launchd plist file that would solve this.

If you are sure that it is a Security Restriction posed by Gatekeeper, you can deactivate Gatekeeper for testing purposes with:
spctl --master-disable
If it works, you can add an appropriate rule with the spctl command. Look at 'man spctl' for instructions.

Is the application signed?
According to https://apple.stackexchange.com/questions/62707/how-to-get-installers-not-to-hang-on-waiting-for-other-installations-to-complet, which refers to a page on Apple's support site, applications signed with an Developer ID won't launch when the application bundle is changed.
Applications created with the current version of py2app can change after first launch because some files aren't byte-compiled when creating the app bundle and will be compiled at first launch. That's a bug that I'll fix in a future update.

Related

Xcode: Failed to launch macOS command-line program due to permission issue

Environment
macOS Catalina 10.15.7
Xcode 12.3
Problem
My macOS command-line application, written in C++, runs ok inside Xcode or as a standalone program in Terminal. But fails to launch when run as a child process from other programs.
The error message looks like this
Efforts
I've looked through my project's provisioning settings.
My team profile is only one-day past its life span. And the project still builds so I doubt that is the issue. I then switched to another certificate that is still healthy but saw the same problem with the child process failure.
I've also checked security settings and there are no permission blocks or anything like that. I've built this program many times and sorted out all the permission issues before. There used to be no problem running it as a child process.
Question
What am I missing?
Found the solution myself.
I had to remove the code signature using
codesign --remove-signature
Then sign it normally through Xcode.
It is most probably caused by our team switching signing identity and deprecating the old one.
Another related fix:
This error also happens when I run any script that launches child processes of executables built myself inside an IDE.
The solution is to add the IDE to
System Preferences > Security & Privacy > Privacy > Developer Tools

Stuck at “Authenticating with the App Store...” when publishing my app [duplicate]

We have been trying to submit an app to the iTunes store using Application Loader for three days and keep getting stuck at the "Authenticating with the iTunes store" step.
We have read many forums (including stackoverflow) and tried what was suggested:
making a new provisioning profile
using different or multiple versions of Application Loader
changing proxy settings
rebooting the Mac
uploading at a different time of the day, etc.
We have even left it running overnight and have not had success with getting past this step. Unfortunately, no feedback is given about what the issue may be, and we have not gotten any error messages. We have submitted multiple apps without any difficulty in the past but are completely stuck this time!
How were you able to solve it?
This only started happening to me today (May 2017) and no answers in this thread solved my issue. The resolution for me was from here;
https://forums.developer.apple.com/thread/76803
Open Terminal. Change to home directory,
cd ~
Move the current transporter directory,
mv .itmstransporter/ .old_itmstransporter/
Invoke the following file to let Transporter update itself.
"/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter"
Wait till it updates, then open Xcode and attempt upload.
You have to agree to a new sign up in Application Loader. Select "Application Loader" under the "Xcode -> Open Developer Tool" menu (the first menu to the right of the Apple in the menu bar). Once you open Application Loader there will be a prompt to agree to new terms and then to login again into your iTunes account. After this any upload method will work.
Just wait. In a few minutes all will be ok.
Dec 10th 2019, Xcode Version 11.2.1, MacOS X 10.15.1
I was facing exactly same issue yesterday and I thought it might be network issues, at least it looks like so. But this morning I had tried couple different networks and several VPN connections, none of them is working!
The highest voted answer here asks me to reset a cache folder named .itmstransporter under my home dir, the run a program iTMSTransporter under a specific folder, but I can't find both of them.
But soon I figured that it is the cache folder for the people who uses the legacy uploader program: Application Loader, which is deprecated by Apple and can be no longer found in Xcode 11. Then I found that the latest Xcode has located iTMSTransporter here:
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/itms/bin/iTMSTransporter
And its cache folder is here:
/Users/your_user_name/Library/Caches/com.apple.amp.itmstransporter/
I removed my existed cache folder, and run iTMSTransporter without any parameter, it soon started to output logs and download a bunch of files, and finished in 2 or 3 minutes. Then I tried again to upload my ipa file, it works!!!
CONCLUTION:
Either the old Application Loader, or the latest Xcode, uses a Java program iTMSTransporter to process the ipa file uploading.
To function correctly, iTMSTransporter requires a set of jar files downloaded from Internet and cached in your local folder.
If your cache is somehow broken, or doesn't exist at all, directly invoking iTMSTransporter with functional parameters such as --upload-app in our case, iTMSTransporter DOES NOT WARN YOU, NOR FIX CACHE BY ITSELF, it just gets stuck there, SAYS NOTHING AT ALL! (Whoever wrote this iTMSTransporter, you seriously need to improve your programming sense).
Invoking iTMSTransporter without any parameter fixes the cache.
A functional cache is about 65MB, at Dec 10th 2019 with Xcode Version 11.2.1 (11B500)
I was stuck at "Authenticating with the iTunes Store" today. I had used the same version and build number as a previous submission. After I updated the build number, the upload went fine. I don't know if it's related, or if it was a coincidence.
I had the same issue for months, I just removed hotspot shield and private tunnel applications from my computer and tried to upload my app and everything worked just fine. so I suggest if you have installed any VPN application on your computer, remove the application and then try uploading your app from either application loader or xcode's organizer.
Try answer mentioned in this Reference Link, it really worked for me and for others as well.
Mentioning answer here as well.
Open Terminal and run:
cd ~
mv .itmstransporter/ .old_itmstransporter/
"/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter"
iTMSTransporter will then update itself, then you can try uploading in XCode again or via application loader.
There is no magic fix. Itunes is just working bad. Lately is having more and more issues and it takes more and more to update and send an ipa to the store.
I had this issue with AppLoader and Xcode organiser too and after trying multiple times it just went through.
Changing network connection helped.
Turned off wifi on my phone
Enabled 3G
Created HotSpot
Connected my mac to the hotspot and got through the authetication issue
In my case, I hadn't agreed to the newest Developer Agreement. Just run Application Loader once, click on [Accept] to agree, then quit the Application Loader and the Upload to App Store should work fine.
Following worked for me.
Open another instance of Application Loader.
( Select "Application Loader" under the "Xcode -> Open Developer Tool" menu)
"Agree" to the terms.
After completing Step 2. First instance of Application Loader proceeded to the next step and build got submitted.
I have also encounter the same issue. One possible solution is to go to Xcode -> Preferences -> Accounts and from the left menu select on App ID then click on the View Details and tap on the refresh button. while reloading you will get following error
The selected team's agent, 'ADMIN NAME' must agree to the latest
Program License Agreement.
If you will not get above error, Following solution will not work.
It means that you need to login into the developer account using Admin login and accept that latest agreement.
Then you will be able to upload binary on the app store.
The updated answer for Xcode 11.x.x and Transporter application, open terminal:
rm -rf ~/.itmstransporter/
"/Applications/Transporter.app/Contents/itms/bin/iTMSTransporter"
Wait a while
Problem solved!
I'm running MacOS Mojave 10.14.6, Xcode 11.3.1 and Transporter 1.1.1, and always got stuck at the Authentication with App Store stage, no matter how long I wait, I tried uploading using Xcode, using xcrun altool, Transporter, nada.
Finally I got it working by exporting the ipa file to a new Macbook (10.15.3, Xcode 11.3.1, Transporter 1.1.1), and used the Transporter app to upload it there.
The key difference is the Transporter tool on my new Macbook asked for a 6-digit code as authentication while the old Macbook did not, I suspect the authentication token on my old device expired but the system didn't ask for a new one when trying to upload the app. I had 2-FA enabled.
So I think forcing a manual re-authentication when you upload the app is the answer, the only other difference is the MacOS version, but I didn't test if it'll make a difference.
I solved the problem by removing ~/Library/Caches/com.apple.amp.itmstransporter.
For safety, renaming will be better,
cd ~/Library/Caches
mv com.apple.amp.itmstransporter com.apple.amp.itmstransporter.old
Then, xcrun altool uploaded my ipa successfully.
By the way, I'm using Xcode 11.x & 12.2, macOS Catalina.
In 2020 Dec, the fix did finally worked for me was restarting my mac.
Today I ran into this issue, on Xcode 11.2.1 I solved it by going to Xcode -> Preferences -> Accounts -> Tapped on the '-' next to my Apple ID, then signed in again. This fixed it for me!
In April 21, 2021, I followed #DawnSong's answer, outlined in the image below but I also restarted my Mac and voila it worked.
Spec
Xcode 12.4
macOS Big Sur 11.2.3
You may try to relogin your ITC account via Application Loader.
Just try a different Internet connection. I tried all the solutions above but none worked. However, when I tried using my cellular connection (instead of my DSL connection that stands behind a firewall), it worked immediately.
It might be a network issue. If you are running inside a virtual machine (e.g. VMWare or VirtualBox), try setting the network adapter mode from the default NAT to Bridged.
All i did was duplicate my Application Loader.app in /Applications and
ran both Application loaders at the same time.
this solution is out there, it used to work for me, but today not even that! what I did and worked is that (2 instances) + uploading with XCode (organizer). Had to try a couple of times and it worked.
hope this helps someone, this bug has been there for quite a lot of time now() an apple doesn't seem to care too much
Another reason could be that you have changed the machine from which you're submitting the app. Or the user account on the machine. The new machine may lack the private key and/or certificate for the App Store. Although a certificate with the correct name is displayed in Xcode.
In this case, go to https://developer.apple.com -> certificates, use the plus sign (+) to add a new certificate (distribution), and follow the steps to request a certificate for the private key on your current machine. After installing the certificate, authentication may work.
For me I tried almost all the suggestions given above but the problem still reoccurred after the first success in uploading to App store. Until I found this website. In summary, do the following
Open terminal
Run this command:
rm -rf ~/.itmstransporter/
“/Applications/Xcode.app/Contents/Applications/Application
Loader.app/Contents/itms/bin/iTMSTransporter”
Note: this command(which is different from others above) will delete your ITMSTansporter folder and create a new one and ensure that xcode is quitted before running this command.
3. Start Xcode and all should be well.
Using Xcode 12.3 Distribute App and xcodebuild both got stuck today at this point.
I finally was able to solve this. Peeking around my system I found 3 versions of iTMSTransporter.
Printing the version of each using ./iTMSTransporter -version gives the following results:
/Applications/Transporter.app/Contents/itms/bin/ has version 2.0.0
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/bin/ has version 2.1.0
/usr/local/itms/bin/ has version version 1.9.3
So it looks that old version in /usr/local/itms was used by Xcode. After deleting /usr/local/itms I was able to upload my binary within Xcode 12.2 and using the xcodebuild command line tool.
Check your firewall
Network settings - (Check with network admin, usually they have blocked apple services unknowingly)
Check your system data/time.
I had same sort of issue, I resolved it by getting direct access to internet.
Also check Application Loader logs to see at which point it gets stuck.
I think I followed all the approaches given, but none worked for me.
My own approach that seems to work for me is to go thru the initial steps to upload a binary, then, after selecting the binary, do NOT click Send; instead close the window, and in the new window that will appear, start anew: hopefully it will go thru.
Found the solution:
I was uploading the build, Every activity went well except “Authenticating with the iTunes store”.
I disconnected my LAN cable and Connected my MAC with my mobile hotspot. and authentication problem was solved. If you have a limited internet plan then as soon as you pass authentication stage, again connect your LAN so that it will upload the app from you LAN cable's internet connection.
my upload failed each time when I uncheck the "include bitcode" option when uploading. So I checked the "include bitcode" option and upload went well.
Check your Firewall, If it is "On" then just Off it, then try

How to run a macOS app as root and use system calls?

I'm trying to run the setpriority command from my macOS app (objective-c). It never works and I'm assuming it is because the app is not being run as the root user.
I'm logged in to the admin account on my computer
I've tried opening the app with sudo
I've tried using chmod on the app
I've tried adding the app to the Accessibility list under Security and Privacy
Xcode version 9.2 (9C40b)
I would appreciate any help, thanks!
You want to run as root, or you want to run with sudo? There's a difference. Running as root is definitely not recommended, you will get strange behaviour from the system.
You wrote:
I've tried opening the app with sudo
That should work. How have you tried? You need to call the binary within the .app bundle. Running open against the bundle won't work.
e.g.
sudo ./Xcode.app/Contents/MacOS/Xcode
It's not recommended to run GUI apps on macOS as root. Instead, you should factor out the part of your application which needs root access into a separate helper tool, launch that tool as root using the SMJobBless() function, and then communicate with the tool using XPC.
Apple provides the EvenBetterAuthorizationSample example code to give a pretty good basic framework to work from.
EDIT: I decided to make my own authorization sample project a while ago that should be a little easier to use than the venerable EvenBetterAuthorizationSample. You can check it out at CSAuthSample.

How to code sign macOS binary to stop firewall permissions requests?

Bowtie app is here: http://bowtieapp.com. The binary but not the source is available.
It has the problem on macOS Sierra 10.12.5 Beta that an active firewall causes it to request firewall permissions on every boot. I suspect this can only be resolved via codesigning.
There is an old fix which no longer seems to work:
https://ivadrenaline.wordpress.com/2015/07/07/do-you-want-the-application-to-accept-incoming-network-connections/
You can sign the frameworks, but then when you sign the whole app you get:
/Applications/Bowtie.app/: resource fork, Finder information, or similar detritus not allowed
Googling that error leads to: https://developer.apple.com/library/content/qa/qa1940/_index.html
But while running xattr -cr on the app causes the signing to proceed without error, it still does not prevent the firewall dialog permissions request from appearing.
I have also tried deep versions of the signing process which did not work.
I think Bowtie has the app itself and a helper application, so it may have more than one executable, and be related to this item: Application with multiple executables appears signed but triggers firewall warning
Also:
Why is OSX continually asking for firewall permission for my app which is signed?
This promising answer also did not work:
https://stackoverflow.com/a/40067738/365478
What is the fix for this?
Manually adding the application to the firewall exclusions list via the macOS System Preferences UI worked. The .app was fine, it wasn't necessary to find the executable. I didn't isolate these changes, so it may also be necessary to codesign the app with the failing methods and/or to manually set firewall exclusions via the terminal, as another answer on the following thread suggests.
https://stackoverflow.com/a/10011819/365478
If someone shows how to codesign it properly I'll remark that best answer.

OSX Gatekeeper stopping my application

My application was working good before I added one library and a sub-project(both created by me). All are code signed with same value.
If I create a local DMG (using build-script) then it is getting installed on my system, also in other system. But the build taken from Anthill pro fails to pass the OSX Gatekeeper and shows "Un-Identified developer" issue.
What could be the issue that makes the same DMG to behave differently?
I recently dealt with an issue with using a build server to sign an application. It signed fine, but then when we distributed it through our website, our users were asked to "Move to Trash" by OSX. My scenario was a little different, as I was using Jenkins, but perhaps the problem is the same.
I solved the issue by elevating our jenkins user up to an admin, and then running codesign with sudo.
I think this has something to do with signing as a developer vs. signing for distribution. If you download a signed package and your application was signed without distribution privileges, the extended attribute "com.apple.quarantine" gets places on the app package (check it by opening terminal and typing 'xattr [path-to-package]')

Resources