Linking to iTunesLibrary requires access every launch?

Hello,

I have a command line application that uses iTunesLibrary to "save" the state of what I have listened to. I have it run every night via a LaunchAgent. You can see the source here: https://github.com/bolsinga/itunes_json

Prior to Sequoia it would run nightly. I'd just have to grant it access to the Music library once, and it would be fine thereafter. However with Sequoia it requires UI interaction to grant it access every time. This makes it no longer run unattended overnight, defeating its purpose.

I have the console logs of when this happens. You can see it in my issue tracking it here: https://github.com/bolsinga/itunes_json/issues/410

One thing that makes me wonder is that it is a command line application, not a bundle. How do I make a command line application get access to MusicKit / iTunesLibrary, and keep it thereafter? I'd like to get my pre-Sequoia behavior back. I've filed FB15592660 too.

I've granted it access to run in the background, as well as access to my Music library (please see attached screenshots).

AMPLibraryAgent	10:48:29.489944-0700	xpc	Connection from framework client invalidated pid:57606 clientname:iTunesLibrary(itunes_json)
AMPLibraryAgent	10:48:29.492763-0700	service	Unloading domains(14) for ClientID:iTunesLibrary(itunes_json)-1229 previous open:15 new open:1
itunes_json	10:48:59.980864-0700	connection	[0x157f05800] activating connection: mach=true listener=false peer=false name=com.apple.amp.library.framework
tccd	10:48:59.982568-0700	access	AUTHREQ_ATTRIBUTION: msgID=1795.214, attribution={accessing={TCCDProcess: identifier=itunes_json, pid=57652, auid=501, euid=501, binary_path=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json}, requesting={TCCDProcess: identifier=com.apple.AMPLibraryAgent, pid=1795, auid=501, euid=501, binary_path=/System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent}, },
tccd	10:48:59.982651-0700	access	requestor: TCCDProcess: identifier=com.apple.AMPLibraryAgent, pid=1795, auid=501, euid=501, binary_path=/System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent is checking access for accessor TCCDProcess: identifier=itunes_json, pid=57652, auid=501, euid=501, binary_path=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json
tccd	10:48:59.995636-0700	access	AUTHREQ_SUBJECT: msgID=1795.214, subject=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json,
tccd	10:48:59.996283-0700	access	-[TCCDAccessIdentity staticCode]: static code for: identifier /Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json, type: 1: 0xc00341b00 at /Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json
tccd	10:49:00.018205-0700	access	Failed to match existing code requirement for subject /Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json and service kTCCServiceMediaLibrary
	cdhash H"6bc380972f4df49b337a2a05308fb7b98fbe6473" or cdhash H"0708bcaabbfbab8770522050f7e2642d4d864f31"
	cdhash H"6bc380972f4df49b337a2a05308fb7b98fbe6473" or cdhash H"0708bcaabbfbab8770522050f7e2642d4d864f31"
tccd	10:49:00.018997-0700	access	AUTHREQ_PROMPTING: msgID=1795.214, service=kTCCServiceMediaLibrary, subject=Sub:{/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json}Resp:{TCCDProcess: identifier=itunes_json, pid=57652, auid=501, euid=501, binary_path=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json},
AMPLibraryAgent	10:49:02.489170-0700	xpc	ampld> register framework ClientName:iTunesLibrary(itunes_json)
tccd	10:49:02.488189-0700	events	Publishing <TCCDEvent: type=Create, service=kTCCServiceMediaLibrary, identifier_type=Path, identifier=/Users/bolsinga/Applications/itunes_json/Products/usr/local/bin/itunes_json> to 4 subscribers: {
    633 = "<TCCDEventSubscriber: token=633, state=Initial, csid=(null)>";
    628 = "<TCCDEventSubscriber: token=628, state=Passed, csid=com.apple.chronod>";
    464 = "<TCCDEventSubscriber: token=464, state=Passed, csid=com.apple.cloudd>";
    513 = "<TCCDEventSubscriber: token=513, state=Passed, csid=com.apple.photolibraryd>";
}
AMPLibraryAgent	10:49:02.490391-0700	xpc	ampld> registered framework ClientName:iTunesLibrary(itunes_json) with clientID:1230
itunes_json	10:49:02.792084-0700	connection	[0x147e04340] activating connection: mach=true listener=false peer=false name=com.apple.amp.artworkd
itunes_json	10:49:02.801482-0700	<Missing Description>	openDatabase 0xe4af30f4493e5ef5 artwork folder Y '<private>'
itunes_json	10:49:02.805087-0700	<Missing Description>	openDatabase 0xf2db6e8d7672edc9 artwork folder Y '<private>'
itunes_json	10:49:02.806736-0700	<Missing Description>	openDatabase 0xfb2acd898c951851 artwork folder Y '<private>'
itunes_json	10:49:02.813286-0700	<Missing Description>	openDatabase 0xf0f4919c5ff0e88 artwork folder Y '<private>'
itunes_json	10:49:09.634928-0700	connection	[0x600002b6a0d0] activating connection: mach=true listener=false peer=false name=com.apple.cfprefsd.daemon
itunes_json	10:49:09.635019-0700	connection	[0x600002b78000] activating connection: mach=true listener=false peer=false name=com.apple.cfprefsd.agent
AMPLibraryAgent	10:49:12.382878-0700	xpc	Connection from framework client invalidated pid:57652 clientname:iTunesLibrary(itunes_json)
AMPLibraryAgent	10:49:12.383474-0700	service	Unloading domains(14) for ClientID:iTunesLibrary(itunes_json)-1230 previous open:15 new open:1

Answered by DTS Engineer in 811547022

I’ve been talking to my colleague about this and we want to suggest a workaround that you can try. You wrote:

One thing that makes me wonder is that it is a command line application

and that’s definitely something worth investigating. If you put your launchd agent into an app-like wrapper, does this problem go away?

See Signing a daemon with a restricted entitlement for general info on how to place a standalone executable into an app-like wrapper. Although note that that your reason for doing this is very different from the reason that drivers that article.

Oh, and when testing this, test it on a ‘fresh’ machine, not one that’s seen your previous product. I generally test this stuff in a VM, so I can restore it to a fresh snapshot between each test.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

moved to original post

moved to original post

Hello @Bolsinga, thank you for your post. I would normally suggest submitting a bug report, but I see that you already have filed FB15592660. Please continue to use Feedback Assistant to track the status of your bug report.

Accepted Answer

I’ve been talking to my colleague about this and we want to suggest a workaround that you can try. You wrote:

One thing that makes me wonder is that it is a command line application

and that’s definitely something worth investigating. If you put your launchd agent into an app-like wrapper, does this problem go away?

See Signing a daemon with a restricted entitlement for general info on how to place a standalone executable into an app-like wrapper. Although note that that your reason for doing this is very different from the reason that drivers that article.

Oh, and when testing this, test it on a ‘fresh’ machine, not one that’s seen your previous product. I generally test this stuff in a VM, so I can restore it to a fresh snapshot between each test.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks @DTS Engineer (Quinn)! I used your suggestion and it worked. I made a wrapping App Bundle that lets it work again and again when loaded by my LaunchAgent.

Yay!

Given that this helps, I have a potentially lower-impact workaround for you:

  1. Grab the Info.plist that Xcode created for your app-like wrapper.

  2. Revert the app-like wrapper change.

  3. Add the Info.plist to your project.

  4. And then embed it into your launchd agent executable using the Create Info.plist Section in Binary build setting.

Does that also fix the problem?

Again, make sure you test this on a ‘clean’ machine.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Linking to iTunesLibrary requires access every launch?
 
 
Q