Cannot Debug Photos Extension under Ventura

Hi,

since Upgrading to Ventura I cannot Debug my Photos Extension any more. But I urgently need to as we have a new bug that makes our app crash only on Ventura. (it's ONLY extensions that cannot be debugged, anything else works.)

Trying to Debug shows: Could not attach to pid : “38699”

Details: attach failed (Not allowed to attach to process.  Look in the console messages (Console.app), near the debugserver entries, when the attach failed.  The subsystem that denied the attach permission will likely have logged an informative message about why it was denied.)

Console: "macOSTaskPolicy: (com.apple.debugserver) may not get the task control port of (friedmann print ) (pid: 35508): (friedmann print ) is hardened, (friedmann print ) doesn't have get-task-allow, (com.apple.debugserver) is a declared debugger(com.apple.debugserver) is not a declared read-only debugger"

Is there ANYTHING I can do? Or do I have to wait for the next Ventura or XCode update???

All the best Christoph

Up vote post of ChristophV Down vote post of ChristophV
1.2k views
Posted by
ChristophV
Reply
Add a Comment

Replies

That message is telling you that:

  • Your program has the hardened runtime enabled. By default this prevents the debugger from attaching.

  • Your program does not have the com.apple.security.get-task-allow entitlement to override that default.

The second point is weird because Xcode applies this entitlement by default to Development signed builds.

What does this return:

% codesign -d -vvv --entitlements - /path/to/your.appex

Make sure to point codesign at the app extension that you’re actually trying to debug; I would expect this to be within your container app.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Having the same issue. In my case, I'm debugging a share extension.

    codesign did show the com.apple.security.get-task-allow entitlement on my .appex (note: my regular Entitlements.plist doesn't contain it).

    I think what's going on here is the processes get confused resolving the bundle ID to a path. I gave the target a temporary new bundle ID suffix -debug, the extension showed twice in the host app, and debugging worked again.

    chucker23n
Add a Comment

I am having the same problem on Ventura with Xcode 14.1.

I tried the command listed by Quinn, but codesign just reports a usage message instead. I added a colon which apparently is deprecated, but it does produce some output (I am using the path to extension stored in the container app as built by Xcode).

I see com.apple.security.get-task-allow. What can I do to get debugging to work?

% codesign -d -v --entitlements :- (path to extension inside container app)

Format=bundle with Mach-O thin (arm64)

CodeDirectory v=20500 size=93466 flags=0x10000(runtime) hashes=2909+7 location=embedded

Signature size=4790

Signed Time=Nov 27, 2022 at 5:30:25 PM

Info.plist entries=24

Runtime Version=13.0.0

Sealed Resources version=2 rules=13 files=401

Internal requirements count=1 size=208

Warning: Specifying ':' in the path is deprecated and will not work in a future release

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.application-groups</key><array><string>6MR872QP3J.group.com.gentlemencoders.RAWPower</string></array><key>com.apple.security.files.user-selected.read-write</key><true/><key>com.apple.security.get-task-allow</key><true/><key>com.apple.security.network.client</key><true/></dict></plist>
Posted by
Nik Bhatt
Up vote reply of Nik Bhatt Down vote reply of Nik Bhatt
Add a Comment

I made a clean install of Ventura + Xcode 14.1 on another machine (intel based) and it builds / debugs fine. So it's not a problem with the way the project is set up.

Posted by
Nik Bhatt
Up vote reply of Nik Bhatt Down vote reply of Nik Bhatt

  • Try giving the .appex a temporary bundle ID (e.g., with a -debug) suffix. I think this is a disambiguation problem — you have your container app installed elsewhere on the machine as well, and it resolves the extension to that path.

    chucker23n
Add a Comment

You could have another copy of your app (and thus, extension) installed that is not built for debugging. The Photos app could have loaded that one instead of the one made by Xcode.

In this case, you could temporarily move all other copies of your app to the Trash and re-launch Photos in Xcode to debug your app extension.

Posted by
adib
Up vote reply of adib Down vote reply of adib
Add a Comment