Apple File System is the default file system for iOS 10.3 and later, and for macOS High Sierra and later.

Posts under APFS tag

50 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

obtaining file creation & modified time & size failing 5-10% of time within .onOpenURL when file shared with app
When users share a file with my app I am having trouble 5-10% of the time obtaining the file meta data, specifically creation and modified time and size. Using SwiftUI with the code below.. .onOpenURL { url in var fileSize: Int64 = 0 var creationTime: Date = Date(timeIntervalSince1970: 0) var modificationTime: Date = Date(timeIntervalSince1970: 0) do { let fileAttributes = try FileManager.default.attributesOfItem(atPath: url.path) fileSize = fileAttributes[FileAttributeKey.size] as? Int64 ?? 0 creationTime = fileAttributes[FileAttributeKey.creationDate] as? Date ?? Date(timeIntervalSince1970: 0) modificationTime = fileAttributes[FileAttributeKey.modificationDate] as? Date ?? Date(timeIntervalSince1970: 0) <SNIPPED CODE no other tries though and not involving above variables> } catch { // quite confident I am ending up here because variables after the above code aren’t being set and there are no other try blocks, // so FileManager.default.attributesOfItem(atPath: url.path) must be throwing…. } <SNIPPED CODE> To attempt to resolve this, I added in a 0.5 second wait cycle if creationTime == 0 and modificationTime == 0 , so if obtaining both metadata fails, wait 0.5 seconds and try again, try this a max of 3 times and then give up. I don’t know how often I am entering this code (didn’t instrument the app for it), but am still getting times when metadata comes back blank which means this code wasn’t successful after 3 tries. I assume the file would only become visible and sharable with my app after it has completed being written by the original app/process. Perhaps it hasn’t finalized yet? Is there a way to detect this so I can tell the user in my share screen to wait and try again? I am assuming that the file has finished writing though since when I read the data from the file contents, it’s good data and complete even when metadata failed. I will be instrumenting the above code in my next app version, just hoping to fix it right now since users are emailing saying my app is broken. Thanks!
3
0
356
Sep ’24
What explains the APFS sibling volumes architecture ( / & Data )
As a system & security administrator I started to install a lot of Unixes, 20 years ago with a dual volume for security purpose, inside critical infrastructures: volume mount options ------------------------------------------------ / ro /var rw, nosuid, nodev Everything which could be end user or admin modifiable and to be referenced from / was defined through simple symbolic links: /tmp --> /var/tmp /home --> /var/home /local --> /var/local /opt --> /var/opt /private --> /var/private And through many tests, and real attacks pressure of every day, with such a configuration, even as root, it was impossible to damage the system. Many attacks struck us ( ~ 20 / day )… none succeeded ( at least as I was aware of, and as I wasn't fired ). Why did Apple chose a rather more complex way similar architectures with the 2 volumes: volume mount options ------------------------------------------------ / ro /System/Volumes/Data rw, nosuid, nodev with a new concept of firmlinks which is not compatible with any other Unix FS, which brought Apple to put fundamental components of their new APFS outside of the FS internals ( in plain old files ) and which is rather very tricky to understand and to manage for system and security administrator? To give just one example of an highly deceiving point: it isn't now possible to make a quick carbon copy of a volume with tools as simple as cp or rsync because of new extended attributes. Real life teach us everyday that complexity is one of the biggest enemy of performance and security. What are the advantages of this sibling volumes architecture? ( I am not talking here of the real internal advantages of APFS versus HFS and traditionnal Unix UFS or ZFS, which I much easily grasped and verified in real life. ).
3
0
430
Aug ’24
What is the forum to use to discuss of system administration?
Hello, I have many problems to manage the new structure of the volumes introduced with High Sierra and Big Sur around the use and configuration of the APFS. Where could I find a technical documentation about this APFS organisation? By technical documentation I don't mean a theoretical nice PowerPoint for the boss. I mean a real technical documentation which will permit me for example: • to understand how is built and organized the complete set of different APFS volumes to install a new macOS, • to build an installer on an USB key which will be usabel for a highly secured environment where an Internet connection is not allowed and not possible, • to build a script to check that an actual APFS set of volumes doesn't present any major discrepency, a kind of meta-fsck, not the Disk Utility way, but the engineer way, essentially running through command line, and fully compatible with the traditionnal system, network and security administration. Sorry, I am a very special case of developper. I only develop tools from shell scripts to make system, network and security administration. And to build more scripts withm them. My answer to Select a Subtopic could have been: system administration, technical documentation
1
0
323
Aug ’24
/System/Library/Frameworks dylibs are ... not quite there
While playing with this app I found something odd: let dylib1 = dlopen("/System/Library/Frameworks/CreateMLComponents.framework/CreateMLComponents", O_RDONLY)! let s1 = dlsym(dylib1, "CreateMLComponentsVersionString")! var info1 = Dl_info() let success1 = dladdr(s1, &info1) precondition(success1 != 0) print(String(cString: info1.dli_sname!)) // CreateMLComponentsVersionString let path1 = String(cString: info1.dli_fname!) print(path1) // /System/Library/Frameworks/CreateMLComponents.framework/Versions/A/CreateMLComponents let exists1 = FileManager.default.fileExists(atPath: path1) print(exists1) // true let dylib2 = dlopen("/System/Library/Frameworks/Foundation.framework/Foundation", O_RDONLY)! let s2 = dlsym(dylib2, "NSAllocateMemoryPages")! // var info2 = Dl_info() let success2 = dladdr(s2, &info2) precondition(success2 != 0) print(String(cString: info2.dli_sname!)) // NSAllocateMemoryPages let path2 = String(cString: info2.dli_fname!) print(path2) // /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation let exists2 = FileManager.default.fileExists(atPath: path2) print(exists2) // false The app runs fine and prints true for exists1 and false for exists2. That means that while both dlsym calls succeed and both dladdr calls return paths (within CreateMLComponents.framework and Foundation.framework correspondingly) the first file exists while the second file doesn't exist. This raises quite a few questions: Why some of the dylib files (in fact – most dylibs inside /System/Library/Frameworks hirerarchy) don't exist at the expected locations? Why do we have symbolic link files (like Foundation.framework/Foundation) that point to those non-existent locations? What is the purpose of those symbols links? Where are those missing dylib files in fact? They must be somewhere, no?! I guess to figure out the answer I could search the whole disk raw bytes for a particular byte pattern to know the answer but hope there's an easier way to know the truth! Why do we have some exceptional cases like "CreateMLComponents.framework" and a couple of others that don't follow the rules established by the rest? Thanks!
4
0
435
Aug ’24
Live Activity is starting app in the background while device is locked
Our team has recently added support to our app for Live Activities where the source of the data is driven from the app itself (not push notifications). We've noticed a crash happening in our core data code caused by the following error thrown by the addPersistentStore function where it would attempt to recover and eventually crash. Here's an error we created to help us debug that contains the error details: Domain: CoreData Code: 1 NSLocalizedDescription: Error performing migration for databaseName=mydb.sqlite. Error details=The file couldn’t be saved because you don’t have permission. - userinfo: ["reason": No permissions to create file; code = 1] After some trouble shooting, we managed to reproduce the issue by doing a hard reboot while we're running a live activity. It appears that when the device starts back up, the Live Activity starts which triggers the app to hit didFinishLaunchingWithOptions which is where we get our Core Data store initialized. The problem is that our app uses Data Protection using NSFileProtectionCompleteUntilFirstUserAuthentication and we'd prefer to keep it that way. The Core Data db is present in the app sandbox and we're also seeing logs to suggest a failure trying to access NSUserDefaults as well. Is there an accepted solution for this? Is it expected that a Live Activity would cause an application to launch prior to the device being unlocked for the first time? Is there a way to change that?
5
1
570
1w
account type , Cant change to business from personal
This is the worse service, Developer support do not respond its been 2 months and I cant even put the app live and am losing a lot of business, I can’t go live with this problem. We have been trying to change this account type from individual to business. This is frustrating, What kind of support that do not respond to their customers, Android fixed this long time, I can’t go live with this , I am even struggling to get the DNS number. What does one has to do here to get help, Honestly . So disappointed on apple support Sindi
1
0
385
Jul ’24
How to Install a Binary in SIP-Protected Locations in macOS without Recovery Mode
I'm looking for a solution to install a binary on a macOS system where System Integrity Protection (SIP) is enabled, and the target installation location is protected by SIP. I need to achieve this without booting into recovery mode to disable SIP. Is there any method to achieve this, such as by creating separate packages that can handle SIP-protected locations, developing or using installer applications capable of navigating SIP constraints, leveraging specific entitlements or permissions to facilitate the installation, or utilising Mobile Device Management (MDM) solutions for deployment? If anyone has experience or insights on any reliable ways to accomplish this, please share any detailed steps, tools, or best practices that could be useful.
3
0
643
Jun ’24
where is macOS APIs including user space file system support?
Hi there, From "Platforms State of the Union" Video macOS section I know macOS has new API of user space file system and iPhone mirroring, and delivers new APIs including user space file system support and major improvements to MapKit. But I lookup the API diff, I don't find any added API. Where can I find the user space file system API ? I really want to develop an APP which need user space file system API. Platforms State of the Union Video corresponding timeline detail: https://youtu.be/YJZ5YcMsgD4?t=3153
7
1
667
Jun ’24
FileDescriptor writing to an unexpected file
I'm using a file descriptor to write into a file. I've encountered a problem where if the underlying file is removed or recreated, the file descriptor becomes unstable. I have no reliable way to confirm if it's writing on the expected file. let url = URL(fileURLWithPath: "/path/") try FileManager.default.removeItem(at: url) FileManager.default.createFile(atPath: url.path, contents: .empty) let filePath = FilePath(url.path) var fileDescriptor = try FileDescriptor.open(filePath, .readWrite) // The file is recreated - may be done from a different process. try FileManager.default.removeItem(at: url) // L9 FileManager.default.createFile(atPath: url.path, contents: .empty) // L10 let dataToWrite = Data([1,1,1,1]) try fileDescriptor.writeAll(dataToWrite) // L13 let dataWritten = try Data(contentsOf: url) print(dataToWrite == dataWritten) // false I would expect L13 to result in an error. Given it doesn't: Is there a way to determine where fileDescriptor is writing? Is there a way to ensure that fileDescriptor is writing the content in the expected filePath?
8
0
878
Jun ’24
Filevault encryption key on macOS
Hello, It is possible to encrypt a mac's hard-drive with Filevault. All home user folders are encrypted with the same encryption key. (This is the same encryption key for the whole hard-drive). This encryption key is encrypted with user password. But i don't understand how it works when there are multiple user accounts. Maybe there is a table: The same encryption key is stored several times (one per user account) ? Is there a way for a user to read the filevault encryption key ? Thanks
0
0
484
May ’24
Allow full disk access for all users.
Hi, I’m developing a program which requires writing files to a volume mounted on a remote server. I've set up the volume on the server and shared a folder within there using a sharing-only account as a first test. The permissions are set to allow read and write for the sharing-only user in both the parent volume and the shared folder within it. However it will only let me access the directory over the network if I enable “Allow full disk access for all users” within the sharing settings in the server. What does this setting actually do? If I disable this option and then disable file sharing all together and then re-enable, it will switch that setting back on. It seems to tie in with the process smbd getting “full disk access” even though that process runs as root anyway. Allow full disk access for all users doesn't seem to grant my sharing-only user any more access than I’ve defined locally so I‘m really confused as to its use and why I need it for this to work. I’m on macOS Sonoma 14.4 for both systems.
1
0
627
Apr ’24
Duplicate Apps???
I noticed that I have duplicate Apps on my iPhone! I've signed up for the Public Beta program, so this might be a feature/bug in the Beta. What I first noticed was that one of my apps showed up in the Doc (I don't remember putting it there) a few days ago, and in looking around, I still have the same app in a folder on my home screen. I thought this could be a nice feature allowing me quick access to it from the Dock and from my folder, but it wasn't the app that I'd want there. I thought I might be able to move it off the dock and back to the folder, but when I did that, the app showed up twice in the folder! I moved a different app to the dock, and it disappeared from the folder which is what I'd expect. So...if I delete 1 of the duplicates in the folder (or from the dock), will that delete both? Here you can see the Alula app in both the 'Remote Control' folder and the Dock: Here too (although the dock is fuzzy because the folder is open): I moved the app from the dock back to the folder, and now there are two there: Here's the Public Beta that I'm running
1
0
1.2k
Apr ’24
/System/Volumes/Data/home empty
I have an ansible provisioner that is being triggered, but keeps failing because it cannot write a file out under /System/Volumes/Data/home. There are no files in that directory to clean up. When I do a df it shows that filesystem mount size as 0Bi. I ran the disk utility, but that did not resolve it either. Any help would be greatly appreciated. This is blocking my local development.
0
0
458
Apr ’24
Is it possible to develop a Transparent Data Encryption(TDE) system on macOS now?
I'm currently trying to develop a transparent data encryption(TDE) system on MacOS 12.6.8. Our company has its own file encryption format. In order to facilitate safe and convenient file transfer between Windows and Mac platforms, we need to develop a TDE system on the Mac platform (on the Windows platform, we have developed such a system based on the Minifilter framework). I tried to implement this system using a MacFuse based file system and the Endpoint Security system extension, but found that this did not allow complete control of files on the Mac system. For example, when you use Finder to copy an encrypted file, the decrypted data will be copied out. I'm guessing this might be due to Finder or some other system process cache. By referring to the current product introductions of other companies, I learned that the current TDE systems on Mac systems are all based on kernel extension. But I noticed that Apple no longer encourages kernel extension development, and the Mac kernel has fewer and fewer APIs open to development. So I would like to ask is it still feasible to develop a TDE system based on the kernel extension?
1
0
580
Mar ’24
The right way to use start/stop AccessingSecurityScopedResource in swift-cpp interop
Hi, so I have this case where I would like the user to pick a folder where they want to create a file/folder using UIDocumentPicker/Browser and I make the file using open() in cpp and use its fd to read/write to the file. Now, the first thing is I have to call startAccessingSecurityScopedResource() on the directory url, then I make the file, get its fd(file descriptor) and I leave this makefile() function. Every startAccessingSecurityScopedResource() needs to be matched with a stopstartAccessingSecurityScopedResource(). So my question is do I 'have' to call stopAccessingSecurityScopedResource() 'just before' calling close() on the fd. Or is it fine to call it after I have made the fd i.e., at the end of the makefile() function? In the tests I did it seems that once the fd is opened, even if stopAccessingSecurityScopedResource() is called on it(the directory), I can continue to read/write from the fd until I close() the fd?
1
0
645
Mar ’24