[enhancement]: Add macOS 15 Sequoia support (x64 and ARM64)

[gentledepp]

Add macOS 15 Sequoia support

Since updating to macOs 15.1, our build agent fails to run our pipeline.
It hangs forever... we are using the x64 agent on an m1 mac - so we tried to switch to arm64, but then we get an error

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.DllNotFoundException: Unable to load shared library 'libSystem.Security.Cryptography.Native.Apple' or one of its dependencies.

Brief description of tool
Latest major macOS version released by Apple.

URL for tool's homepage
https://developer.apple.com/documentation/macos-release-notes/macos-15-release-notes

Please add support for macOS 15 x64 and ARM64 agents:
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/osx-agent?view=azure-devops#check-prerequisites

[KonstantinTyukalov]

Hi @gentledepp thank you for the reporting! We are working on higher priority issues now, but we'll get back to this one soon

[gentledepp]

uh.. I see. Can you give me any time estimate? (Days, weeks, months?)

[DaveWhite-BL]

+1 to raise priority for this issue. We are going to have to roll back the OS on at least one of our Mac agent machines to resolve this.

[Korijn]

+1 Same here, after updating to Mac OS 15, our builds just stop progressing and hang forever at random points in the build script.

[DenisNikulin5]

Hi @gentledepp

I tested the arm64 agent on macOS 15 using a simple pipeline but didn't face any issues.
Could you please clarify your steps to reproduce the problem?

[gentledepp]

HI @DenisNikulin5.

So basically, we are running our release builds on a Mac Mini M1, since we are still shipping a Xamarin.iOS (and Xamarin.Forms) based app.

When updating to Mac 15 and the latest XCode, our build started to run forever. (cancelled after 60 Minutes, where the Xamarin.iOS build step usually took about 7 Minutes)

The log of the agent already noted we should install the arm based agent (we were still using the x64 based one) since running the x64 agent can lead to hangs. (as can bee seen in the screenshot above)

##[warning]X64 emulation is known to cause hangs in the Agent process. Please use the native (ARM) Agent.

So we did install the arm based agent, but that caused the error upon install already:

When I'm running the config.sh file, I enter the URL and the PAT but I receive the following error:

Failed to connect.
[2024-11-19 11:19:20Z ERR VisualStudioServices] GET request to https://opti-q.visualstudio.com/_apis/connectionData failed. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.DllNotFoundException: Unable to load shared library 'libSystem.Security.Cryptography.Native.Apple' or one of its dependencies.

So we essentailly were unable to install the arm based agent and are assuming this has something to do with the lack of support for it. Are we wrong?

[DenisNikulin5]

@gentledepp
Most likely it's related to the new security policy which was added by Apple starting with macOS 15

By default, it doesn't allow users to use 3rd party software that was downloaded from untrusted sources. It prevents lib loading as well.

You can change this setting but 'anywhere' option is not visible by default anymore.
To fix this, please follow this guide https://helpcenter.trendmicro.com/en-us/article/tmka-20627

And you need to explicitly approve the use of the libraries in the Privacy&Security section

Could you please check this?

[gentledepp]

That apparently fixed the issue! Thanks!

Could you add some logic to the agent so that it checks if this setting is enabled or not and warn the user?
Or could the agent be signed so we do not have to disable this security restriction?

[DenisNikulin5]

@gentledepp Yes, looks like there is some problem with binary signing. We're already working on it