If GateKeeper prevents you from running modified versions of your chosen app, temporarily disable GateKeeper in Terminal with sudo spctl --master-disable.
To learn more about how Retroactive works, take a technical deep dive. Skip to content. Star 1. Branches Tags. Could not load branches. Could not load tags. Latest commit. Resolves an issue where Aperture fails launch under Rosetta 2.
Git stats 71 commits. Failed to load latest commit information. Nov 22, Improved localization with updated genstrings. Apr 26, Update screenshots and image assets for macOS Big Sur. Sep 7, Add git ignore. Oct 27, Add a note about the Apple Pro Video Formats update. Nov 15, View code. Opening Retroactive After downloading Retroactive, double click to open it.
When you configure any of the policy settings for an operating system, the collapsed policy view reflects the effective configuration:. You can optionally use Duo's Operating Systems policy to restrict other device types from accessing the application. Duo automatically collects information from devices when the Device Health application is installed and running with no need for you to configure a policy to do so.
Start your rollout by deploying the Device Health app to managed devices , or inviting your end users to install the app by emailing them installation links and instructions. Once the application is installed and running, Duo collects Device Health information every time a user encounters the Duo prompt. You can monitor your authentication logs in Duo to see how enforcing Device Health policy settings would affect your organization.
When you're ready to begin requiring the presence of the Device Health app during authentication, create a new policy targeting a test group of users and a pilot application to start, with the Duo Device Health policy configured to require installation of the Device Health application but not to block access based on security posture.
This continues collecting information about access devices to see how deployment of both the application and policy affects a sample population of your overall user base, while requiring that the targeted users accessing Duo-protected applications install Device Health if they have not already done so.
After deployment, you can review the states of devices accessing Duo-protected applications in the Admin Panel and then make assessments to identify the policy that will protect all your users. Navigate to the details page of the application you'll use to pilot the Device Health Application policy. This must be an application that features the inline Duo Prompt. Click the Apply a policy to groups of users link to assign the new Device Health Application policy to just the pilot group.
Click the Or, create a new Policy link instead of selecting a policy to apply from the drop-down list. Enter a descriptive Policy Name at the top of the left column, and then click the Device Health Application policy item on the left. Change the selected option for either macOS or Windows or both to Require users to have the app to require that the app is installed and running before permitting authentication for those configured operating systems. To prevent authentication based on an endpoint's security posture, select any or all of the "Block access" options for an operating system in the policy editor.
Duo Beyond customers see additional options in the policy editor. To prevent authentication using the agent verification check, select the Block access if an endpoint security agent is not running option and select the required agent s from the list.
If you select multiple agents, a device will pass the policy if it has any one of the required selected agents installed. After you select which security agents to allow, you can enter the remediation instructions that end users will see in the Device Health application client if they attempt to authenticate without the required security agent.
Click the Create Policy button to save the settings and return to the "Apply a Policy" prompt, with the new Device Health Application policy selected. Start typing in the pilot group's name in the Groups field and select it from the suggested names. Click the Apply Policy button. The application page shows the new group policy assignment. For more information about creating and applying group policies, see the Policy documentation.
You can combine a Device Health Application policy in combination with most other existing Duo policies including Browsers , Plugins and Operating Systems policies. In that case, enforce the first three conditions with the Device Health Application policy's "Block access if system password is not set. Enforce the fourth condition in the same custom policy by checking all browsers except Chrome in the Browser policy's "Always block" option.
In order to enforce access based on operating system OS version, you can use the existing OS policy in combination with the Device Health application policy. The Duo Device Health application will be the preferred source of information about an endpoint when evaluating OS policy. This means that we will trust information provided by the installed Duo Device Health application more than the browser user agent provided by the web requests to Duo.
The Duo Device Health application provides information that is more trustworthy than the user agent reported by a browser or embedded web view. As of macOS 11, up-to-date versions of major browsers Safari, Chrome, Firefox, and Edge have frozen the OS version reported via the browser user agent string as Duo recommends using the Device Health app on macOS 11 or newer clients to enable accurate checking and reporting, especially if you choose to apply a Duo operating systems policy with the "If less than the latest" option selected, or pick a static version of A browser user agent provides a limited amount of information about the Windows version.
The Duo Device Health application is able to retrieve the Windows build version and the security patch version for a device. This allows you to make policy decisions on specific Windows versions to keep users up to date. When you select these options, additional information appears on the right side of the policy screen containing the details of activating an Operating Systems policy with this setting. Major browsers will not accurately report the OS version in the browser user agent string on Windows 11, so the detection of and policy enforcement against Windows 11 will require the Duo Device Health app.
The Duo Device Health application displays the same help message text configured in the Help Desk global setting. The application shows this information in the "Need Help? Information reported from the Duo Device Health application is shown in the Admin Panel along with existing Endpoint information.
The Authentication Log report , Endpoints page list and endpoint details , and endpoint information shown for Users will be augmented with details from the Duo Device Health application. With the Device Health Application app installed, authentication log events show checks related to the Duo Device Health application in the "Access Device" information.
Operating system version information includes the build version for macOS and the build and revision versions for Windows. The Endpoints list receives additional filters that allow you to search for devices that have a particular state or OS version and build as reported by the Duo Device Health application.
The device warning information for a given device now includes Device Health reasons, if present. You may also be able to install Xcode 3. Ensure that those of the following options that are available in the installer for your version of Xcode are selected:. However, if you wish to install multiple copies of MacPorts or install MacPorts on another OS platform, you must install MacPorts from the source code.
The macOS package installer automatically installs MacPorts, sets the shell environment , and runs a selfupdate operation to update the ports tree and MacPorts base with the latest release. Download the latest MacPorts Here are direct links for the latest versions of macOS:.
After this step you are done already, MacPorts is now installed and your shell environment was set up automatically by the installer. To confirm the installation is working as expected, now try using port in a new terminal window. Otherwise, please skip the remainder of this chapter and continue with Chapter 3, Using MacPorts in this guide.
If you installed MacPorts using the package installer, skip this section. To install MacPorts from the source code, follow the steps below. Download and extract the MacPorts 2. Either do so using your browser and the Finder, or use the given commands in a terminal window. Afterwards, perform the commands shown in the terminal window. Please continue with Section 2. There are times when some may want to run MacPorts from a version newer than the current stable release.
Maybe there's a new feature that you'd like to use, or it fixes an issue you've encountered, or you just like to be on the cutting edge. These steps explain how to setup MacPorts for developers, using only Git to keep MacPorts up to date.
Though a distinction is made between pre-release and release versions of MacPorts base, the ports collection supports no such distinction or versioning. The selfupdate command installs the latest ports tree, and updates MacPorts base to the latest released version.
Pick a location to store a working copy of the MacPorts code. MacPorts uses autoconf and makefiles for installation. You can add --prefix to. The last line should look like this:. Now MacPorts will look for portfiles in the working copy and use Git instead of rsync to update your ports tree. Occasionally a MacPorts developer may wish to install more than one MacPorts instance on the same host. The first command temporarily removes the standard MacPorts binary paths because they must not be present while installing a second instance.
MacPorts base upgrades are performed automatically when a newer release is available during a selfupdate operation. To upgrade a copy of MacPorts that was installed from source to the newer release of the source code, simply repeat the source install with the newer version of the MacPorts source code. Uninstalling MacPorts is a drastic step and, depending on the issue you are experiencing, you may not need to do so.
If you are unsure, ask on the macports-users mailing list first. If you are sure you want to uninstall, read on. If you want to uninstall MacPorts and the port command is functioning, first uninstall all the installed ports by running this command in the Terminal:.
All that will be left in your installation prefix now will be files that were not registered to any port. This includes configuration files, databases, any files which MacPorts renamed in order to allow a forced installation or upgrade, and the base MacPorts software itself. If the port command is not functioning, you can proceed on to the next steps, but if you had installed any ports that install files to nonstandard locations, those files might not be removed.
When MacPorts is installed, a macports macOS user and group are created for privilege separation. If you want to remove them, you can use these commands from an account that has admin privileges:.
If you configured MacPorts to use a different user or group name, then specify that instead of macports. Individual ports may create users and groups as well; you can remove them with the same commands, but replacing macports with the user or group name you wish to delete.
If you want to remove all remaining traces of MacPorts, run the following command in the Terminal. If you are running macOS If you use a shell other than bash perhaps tcsh , you may need to adjust the above to fit your shell's syntax. Depending on which version of MacPorts you have and which ports you have installed, not all of the above paths will exist on your system; this is OK. MacPorts requires that some environment variables be set in the shell.
Those installing MacPorts from source code must modify their environment manually using the rules as a guide. Depending on your shell and which configuration files already exist, the installer may use.
This variable is set by the postflight script to prepend the MacPorts executable paths to the current path as shown. To change the search path for locating system executables rsync, tar, etc. But changing this variable is for advanced users only, and is not generally needed or recommended. To verify that the file containing the MacPorts variables is in effect, type env in the terminal to verify the current environment settings after the file has been created.
Example output for env is shown below. Changes to shell configuration files do not take effect until a new terminal session is opened. You can set an environment variable in order to use your favorite text editor with the port edit command. To keep a command-line text editor as default while using BBEdit with portfiles, add this:. This chapter describes using port , port variants, common tasks and port binaries. It is used to update Portfile s and the MacPorts infrastructure, and install and manage ports.
The help action shows some brief information about the specified action, or if no action is specified, shows basic usage information for port in general. The selfupdate action should be used regularly to update the local ports tree with the global MacPorts ports repository so you will have the latest versions of software packages available.
It also checks for new releases of MacPorts itself, and upgrades it when necessary. If selfupdate detects that a newer version of MacPorts is available, it automatically updates the installed copy of MacPorts base to the latest released version. In that case, you will see this message:. As always, you can use the debug flag -d to enable verbose output. If your selfupdate failed, re-run it with debug output enabled to see all output generated by the build system.
The output may give you an idea why the build failed. The sync action performs a subset of selfupdate.
It synchronizes the ports tree, as does selfupdate , but it does not check for MacPorts upgrades. On macOS, unless there is a special reason not to do so, run selfupdate instead. The diagnose action checks for common issues in the user's environment and reports all issues it finds to the user, along with possible fixes for said problem. The reclaim action attempts to reclaim space by uninstalling inactive ports, and removing unnecessary files that were downloaded during the installation process.
If passed, the reclaim process will not be run. The list action lists the currently available version of the specified ports, or if no ports are specified, displays a list of all available ports. The list of available ports is very long, so use search if you are looking for a specific port. For this reason, port list installed likely produces unexpected output.
In most cases where you would list , using installed or echo is the better choice instead. Both port installed and port echo installed would produce the output you might expect from the command, port list installed will not and, to make matters worse, will be slow. You will hardly need port list at all to work with MacPorts. When searching, port search is the better choice and when trying to list ports, port installed and port echo are much more useful. The search action allows finding ports by partial matches of the name or description.
Other fields can be matched against, and matched in different ways, by using options. We recommend you read up on some of its flags to improve your efficiency when searching for ports. Run port help search for an exhaustive list of possible switches.
You might start with port search php and notice your query produces a lot of output. In fact, at the time of writing this, this search produces matches. By default, port search searches both name and description of a port. While we're looking for PHP, we can reduce the number of hits by using the --name flag.
Furthermore, we can enable compact output by using the --line switch. This causes only a single line to be printed for each match:. Choose one to install. If you know regex and know about the format of the PHP versions, you can further reduce the output of port search :.
Let us look at another example that is less complicated. Assuming you are looking for rrdtool , a popular system to store and graph time-series data, the simple search approach works well:. Treat the given search string as glob search string i. This is the default behavior. Can be specified multiple times to test against multiple fields. The default is --name --description. Search for ports that depend on the port given as search string. Note that only dependencies specified in default variants will be found.
The info action is used to get information about a port: name, version, description, variants, homepage, dependencies, license, and maintainers. The deps action lists the dependencies of a port. Dependencies are the packages are required by a port at runtime library and runtime dependencies or required to install it build, fetch, and extract dependencies. Note that the list of dependencies might depend on the variants you chose.
Do not read the Portfile to determine dependencies. Instead, rely on the information cached in the port index. Note that despite specifying them , this option will ignore any effects of variants. It is, however, much faster. Exclude dependencies only required at build time, i. The variants action allows you to check what variations of a port are available before you install it.
Variants are a way for port authors to provide options you can use to customize your build at install time. See Invoking Port Variants below to install ports that have variants. This output lists all variants followed by their description. If a variant depends on or conflicts with other variants, a line detailing that follows.
Any [] are derived from the Portfile. While are derived from the variants. See Section 6. The action install is used to install a port. Once you determined the name of a port you want possibly using port search , you can install it using this command. See Section 3. For example,. If the installation of a port fails, you can enable verbose or debug output by giving the -v or -d flag to port:.
All debug information is also kept in main. Its path will be printed automatically if the installation fails.
You can manually get the path using port logfile portname. Note that logfiles will automatically be deleted on successful installation. To do that, re-run the installation with the -t flag, i. If the port still fails to install after you have followed these steps, please file a ticket and attach the main.
The installation of a single port consists of multiple phases. These phases are fetch, extract, patch, configure, build, destroot, archive, and finally install. You may break up a port's installation into smaller steps for troubleshooting by using the name of one of these phases as action rather than install. For example. See Section 5. By default, a binary sanity check called rev-upgrade is run automatically after each successful installation. Pass this flag, if you want to avoid running this step, for example if you want to run it explicitly later after a number of installations using sudo port rev-upgrade , or if you know it will detect problems but want to defer dealing with them.
If you want MacPorts to treat a port you installed manually as if it was automatically installed as a dependency e. The notes action is used to display any notes that a port's author included. These can contain anything, but by convention are brief, and typically contain quick start steps for configuring and using the port, pitfalls to watch out for, or other information that users should be aware of.
These same notes are also displayed after installing a port. Many ports have no notes. More extensive documentation can often be found at a port's homepage, or in its installed files.
The action clean deletes intermediate files created by MacPorts while installing a port. A port clean is often necessary when builds fail and should be the first thing to try after a failed installation attempt. Remove the work directory, i. This removes all traces of an attempted build and is the default operation. The uninstall action will remove an installed port. It is one of the actions you will use fairly often in MacPorts.
You can recursively uninstall all ports that depend on the given port before uninstalling the port itself to work around this. To do that, use the --follow-dependents flag. You can also override this safety check using the -f force flag. Since this will obviously break the dependents you shouldn't do this unless you know what you are doing.
Uninstalling a port will not uninstall ports that have been automatically installed as dependencies of the uninstalled port and are otherwise unused. You can trigger this behavior by passing the --follow-dependencies flag. Ports that were manually installed i.
You can manually uninstall the unneeded ports later using the leaves pseudo-port, e. Recursively uninstall ports that depend on the specified port before uninstalling the port itself.
See also the textual description above. Also uninstall ports that were automatically installed as dependencies of the removed port and are no longer needed. The contents action displays a list of all files that have been installed by a given port. You can only use contents for ports you installed.
Common uses for contents are finding the location of a port's executable after installing it. The following line is usually helpful in this case:. The -q quiet flag suppresses the header line in this case, but is not strictly necessary. Used in conjunction with --size to choose the unit of the file size. Valid parameters for UNIT are. The installed action displays the installed versions and variants of the specified ports, or if no ports are specified, all installed ports.
Use -v to also display the platform and CPU architecture s for which the ports were built, and any variants which were explicitly negated. The outdated action checks your installed ports against the current ports tree to see they have been updated since you installed them. Note that you will only get new versions by updating your ports tree using selfupdate or sync. In most cases, this will be an increase in the version number.
If it isn't, more details will be given. The upgrade action upgrades installed ports and their dependencies to the latest version available in MacPorts. In most cases, you will run. You can, however, selectively upgrade ports if you want to delay other upgrades until later. This is not recommended unless you know what you are doing, since you might experience software errors for the ports that have not yet been upgraded.
To upgrade individual ports, specify the name s of the port s to upgrade:. Note that MacPorts may decide to upgrade other dependent ports before upgrading the port you requested to be updated. Do not attempt to prevent this, since it will very likely lead to problems later.
Instead, it deactivates it, i. This allows you to go back to the older version if there happens to be a problem with the updated one. To do that, run. If you do not want to keep the old versions around while upgrading, you can pass -u when upgrading:. If the installed variants do not match those requested, upgrade and change variants even if the port is not outdated. You can use this to switch the variant selection on an installed port, e.
Note that --enforce-variants will also enforce your variant selection in all dependencies. If you know this is not necessary, you can avoid processing dependencies using the global -n flag:. Do not automatically install replacement ports for a port that you have installed, but was replaced with a different one. The dependents action reports what ports depend upon a given installed port, if any.
Note that dependents does not work for ports that are not installed on your system. If you want to find out, which ports depend on a port that you have not installed, you can use. This command will, however, not cover dependencies that are only present in non-default variants. The livecheck action checks to see if the application corresponding to a given port has been updated at the developer's download site.
This action is mostly useful for port maintainers to determine whether their port needs to be updated, but other may also wish to see if a port packages the latest available version. If livecheck finds no higher version at the port's download site, it prints nothing. The option -d debug may be used for detailed livecheck processing information.
The lint action checks if the Portfile conforms to the MacPorts standards specified in Portfile Development. You should use this if you modified a Portfile before submitting patches back to MacPorts. Variants are a way for port authors to provide options for a port that may be chosen at installation. Typically, variants are optional features that can be enabled, but are not necessarily useful for all users and are thus not enabled by default.
To display the available variants for a port, if any, use this command:. If a variant depends on or conflicts with other variants, a line with the details on that follows. A variant can only be selected when a port is installed. After you have determined what variants a given port has, if any, you may install a port using a variant by specifying its name preceded by a plus sign on the command line, for example. Note that you will not see any confirmation of successful variant selection and MacPorts will not warn you if you misspelled a variant's name.
If your installation is successful, but the chosen feature still seems to be missing, check for possible typos. You can use port installed to verify that the port has been installed with the chosen variant. This happens because MacPorts will also use the specified variants for any dependencies.
MacPorts will remember the variants that were used when installing a port. If you upgrade a port later, the same variants will be used, unless you manually specify different variants. A Portfile can specify a default set of variants that will be used when you do not manually override it.
Not all ports specify default variants — if there are no default variants, no variants are chosen by default. If you wish to disable a variant that has been enabled by default, either by the Portfile , or by your configuration in variants. This section lists common operations you may want to perform when managing a MacPorts installation.
These are the workflows you will need most while using MacPorts. We recommend you read at least this section as a primer into how to use MacPorts. More details about the usage can be found in Section 3. The local ports tree is a collection of files that contain information on which packages are available through MacPorts and how they can be installed.
You should regularly update your ports tree to get access to updated versions of software and bug fixes. To do that, use selfupdate :. To see what's new after running selfupdate , you can use port outdated to generate a list of ports that have newer versions available. This can help in estimating the time required for sudo port upgrade outdated , even though this depends on further factors such as binary package availability and a port's build time.
Note that MacPorts will upgrade any dependencies of a port first before updating the port itself. So even if you request the update of a single port only, other ports may be upgraded first because they are in the dependency tree. Do not try to avoid this, as it will very likely lead to problems later on — the new version of the port you want to upgrade might require the newer dependency, or it might only have been upgraded at all to be rebuilt against the updated dependency, in which case avoiding the update of the dependency defeats the purpose of the reinstallation.
By default, upgrading ports in MacPorts does not remove the older versions. This is a safety measure to ensure you can go back to a working and tested version in case an update goes wrong.
To save disk space, you should periodically uninstall any old versions you no longer need. Of course you could also select only a specific inactive port, but that requires to specify the exact version:.
If you are only interested in the dependent ports that you actually have installed, you can use the quicker and more accurate dependents :. MacPorts also has a recursive version of the dependents action called rdependents :. Finally, to find out which port you manually installed caused the automatic installation of a dependency, use the following expression:.
After a while of using MacPorts, installing and uninstalling ports, packages that have been automatically installed as dependencies for other ports are left behind, even though they are no longer necessary. These leaves may be wanted, but are in most cases unneeded.
You can uninstall all leaves using. Note that the uninstallation can cause new ports to become leaves. To uninstall all leaves, you can use the rleaves pseudo-port instead. After installation, run it with. Well, before we come to the procedure of defining your requested ports, let's have a look at a typical scenario where you want to understand what is actually installed and what is on the other hand truly necessary for your system.
Say checking leaves of your MacPorts installation gives this output:. Now it is up to the user to decide what's needed and what is not. We've noticed pkgconfig is needed to build many ports, and while it is strictly not needed after installation, we'd like to keep it around to avoid installing it over and over again.
Since they are all distributable, MacPorts will use pre-built binaries for their installation anyway, so re-installing them wouldn't take long anyway. We don't really know why the rest of the leaves were installed, so we're just going to remove them for now.
When you've step-by-step figured out which ports you want to keep on your system and have set them as requested, you'll have a list of unnecessary ports, which you can get rid of using. Note that uninstalling leaves may mark new ports as leaves, so you will have to repeat the process. It allows you to interactively decide whether to keep or uninstall a port. Run it as. You should also periodically check the list of your requested ports and mark any ports you no longer need as unrequested using.
Then check for new leaves to cut down the number of installed ports and the size of your MacPorts installation. MacPorts can pre-compile ports into binaries so applications need not be compiled when installing on a target system. MacPorts supports two types of binaries: archives and packages. Binary archives can only be used on a target system running MacPorts.
Use Location services in your app only when it is directly relevant to the features and services provided by the app. Ensure that you notify and obtain consent before collecting, transmitting, or using location data. If your app uses location services, be sure to explain the purpose in your app; refer to the Human Interface Guidelines for best practices for doing so. Make sure your app only includes content that you created or that you have a license to use.
If you believe your intellectual property has been infringed by another developer on the App Store, submit a claim via our web form. Laws differ in different countries, but at the very least, make sure to avoid the following common errors:.
Gaming, gambling, and lotteries can be tricky to manage and tend to be one of the most regulated offerings on the App Store. Some things to keep in mind:. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service.
Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.
Such apps may only be offered by commercial enterprises, educational institutions, or government agencies, and in limited cases, companies using MDM for parental control services or device security.
MDM apps must not violate any applicable laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Apps offering configuration profiles must also adhere to these requirements.
Please treat everyone with respect, whether in your responses to App Store reviews, customer support requests, or when communicating with Apple, including your responses in Resolution Center.
Repeated manipulative or misleading behavior or other fraudulent conduct will lead to your removal from the Apple Developer Program. Apps should never prey on users or attempt to rip off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.
Your Developer Program account will be terminated if you engage in activities or actions that are not in accordance with the Developer Code of Conduct. To restore your account, you may provide a written statement detailing the improvements you plan to make. If your plan is approved by Apple and we confirm the changes have been made, your account may be restored.
App Store customer reviews can be an integral part of the app experience, so you should treat customers with respect when responding to their comments. Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts.
Providing verifiable information to Apple and customers is critical to customer trust. Your representation of yourself, your business, and your offerings on the App Store must be accurate. The information you provide must be truthful, relevant, and up-to-date so that Apple and customers understand who they are engaging with and can contact you regarding any issues. Participating in the App Store requires integrity and a commitment to building and maintaining customer trust.
Manipulating any element of the App Store customer experience such as charts, search reviews, or referrals to your app erodes customer trust and is not permitted. Customers expect the highest quality from the App Store, and maintaining high quality content, services, and experiences promotes customer trust.
Indications that this expectation is not being met include excessive customer reports about concerns with your app, such as negative customer reviews, and excessive refund requests. Inability to maintain high quality may be a factor in deciding whether a developer is abiding by the Developer Code of Conduct.
0コメント