Mints: a multifunction utility

Mints is a growing collection of tools which provide tailor-made log extracts for investigating problems and exploring macOS, collate various information about a Mac which can be difficult to find elsewhere, perform a set of tests on Spotlight, and provide specialist tools for certain types of data. It’s aimed primarily at the advanced user, system administrator, support folk, and developers, although its tools are simple to use.

Mints is supplied as a Universal App for for Sierra, High Sierra, Mojave, Catalina and Big Sur, and the current version can be downloaded from here.

Known issues:

There are some oddities with the Spotlight/Check Search window which can make multiple windows appear at times. These occur when you perform multiple tests in the same session, and are simple to deal with, by closing the additional windows.

The app’s features are available from buttons on its main window, and commands in the Data… section of its Window menu.

mints1401

The rest of this page provides further information and links to various article which may help you get the most out of its tools.

Log Windows

mintsb105

Each of the buttons to open a log window works in the same way, with identical controls. Simply set the time Period relative to the local time, and click on the Get log button. Mints then uses an appropriate predicate to fetch just entries relevant to that topic. They are then displayed using colour to distinguish the sub-system for each entry.

Mints needs to be run from an admin user account to reliably obtain log extracts. This is a limitation imposed in the log show command in macOS. The latest versions of these apps won’t run when the current user isn’t a member of the admin group (80), but display an explanatory alert and quit.

Many of the most valuable log entries are those classified as Info. These are progressively weeded from the log, so it’s important to obtain log extracts as soon as you can after any test or event. This is explained here.

The predicates used are:

  • subsystem == “com.apple.clouddocs” OR subsystem == “com.apple.cloudkit” OR subsystem == “com.apple.mmcs” OR processImagePath CONTAINS[c] “cloudd” OR processImagePath CONTAINS[c] “bird” OR processID = 0 (for iCloud)
  • subsystem == “com.apple.TCC” OR subsystem == “com.apple.launchservices” OR subsystem == “com.apple.securityd” OR subsystem == “com.apple.sandbox” OR processImagePath CONTAINS[c] “tccd” OR processImagePath CONTAINS[c] “sandboxd” OR processID = 0 (for TCC)
  • subsystem == “com.apple.TimeMachine” OR (subsystem == “com.apple.duetactivityscheduler” AND eventMessage CONTAINS[c] “Rescoring all”) OR (subsystem == “com.apple.xpc.activity” AND eventMessage CONTAINS[c] “com.apple.backupd-auto”) OR eventMessage CONTAINS[c] “backup” OR eventMessage CONTAINS[c] “Time Machine” OR eventMessage CONTAINS[c] “TimeMachine” (for Time Machine)
  • subsystem == “com.apple.duetactivityscheduler” OR subsystem CONTAINS “com.apple.xpc” OR processID = 0 (for DAS scheduling)
  • subsystem == “com.apple.spotlightserver” OR subsystem CONTAINS “com.apple.spotlightindex” OR subsystem CONTAINS “com.apple.DiskArbitration.diskarbitrationd” OR processImagePath CONTAINS[c] “mdworker_shared” OR processImagePath CONTAINS[c] “mds_stores” (for Spotlight)
  • subsystem == “com.apple.AppStore” OR subsystem == “com.apple.AppleMediaServices” OR subsystem == “com.apple.appstored” OR subsystem == “com.apple.JetEngine” OR processID = 0 (for the App Store).

Boot uses the predicate eventMessage CONTAINS[c] "=== system boot"

iCloud

Testing iCloud using Cirrus (this feature is common to Mints and Cirrus)

TCC

Diagnosing privacy protection problems in Catalina (this feature is common to Mints and Taccy)

Here are some key log entries which you’re likely to come across. In each case, they relate to my app xattred, which has been notarized.

[LaunchServ] LaunchedApplication: "/Applications/xattred.app/Contents/MacOS/xattred", psn=[ 0x0/0xd51d51]
The app xattred.app has been launched by LaunchServices, which is the start of all the TCC checks.

[TCC] AttributionChain: ACC:{ID: co.eclecticlight.xattred, PID[28287], auid: 501, euid: 501, binary path: '/Applications/xattred.app/Contents/MacOS/xattred'}, REQ:{ID: com.apple.WindowServer, PID[200], auid: 88, euid: 88, binary path: '/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer'}
TCC has established an Attribution Chain for the request. This gives the process which is making the request, here WindowServer, and the app which is responsible for satisfying TCC’s requirements, xattred.app. This is particularly important with command tools and other processes which have no GUI to interact with the user.

[tccd] SecTrustEvaluateIfNecessary
This marks a call to evaluate security certificates if required, in this case initiated by tccd.

[securityd] asynchronously fetching CRL (http://crl.apple.com/root.crl) for client (tccd[310]/0#-1 LF=0)
The security certificate is being checked by securityd.

[TCC] /Applications/xattred.app/Contents/MacOS/xattred (offset 0) linked against SDK version 0xa0e00
TCC has checked the app, and discovered that it was built against macOS 10.14 SDK. It therefore applies the latest and most stringent privacy rules.

[TCC] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: co.eclecticlight.xattred, PID[28287], auid: 501, euid: 501, binary path: '/Applications/xattred.app/Contents/MacOS/xattred'}, REQ:{ID: com.apple.appleeventsd, PID[68], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
As a notarized app, the runtime is ‘hardened’. This requires it to have an entitlement in order to access AppleEvents automation services. The app doesn’t have that entitlement, so cannot use those services.

[TCC] matchesCodeRequirementData: SecStaticCodeCheckValidity() static code (0x7fae018388d0) from co.eclecticlight.xattred : anchor apple generic and identifier "co.eclecticlight.xattred" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = QWY4LRW926); result: 0
TCC has checked the code requirement for the app, and it has passed those checks.

[TCC] Handling access request to kTCCServiceSystemPolicyAllFiles, from co.eclecticlight.xattred, default_allow: 0, allowed: 0, prompt_count:0, update_access: 0, preflight: no
TCC is here checking whether the app has Full Disk Access.

[TCC] Handling access request to kTCCServiceCalendar, from co.eclecticlight.xattred, default_allow: 0, allowed: 1, prompt_count:1, update_access: 0, preflight: no
This test included opening a protected file with the user’s Calendars folder. This is the access request to TCC to permit that.

[TCC] Received synchronous reply <dictionary: 0x7fefe3e12530> { count = 1, transaction: 0, voucher = 0x0, contents = "result" => <bool: 0x7fffa7a20be8>: true}
This is a typical successful reply from TCC to a request to access protected folders or services.

[sandbox] kTCCServiceCalendar granted by TCC for xattred
Apps which run in a sandbox (App Store), or in this case are hardened, will also record the granting of requests to access protected folders or services.

Time Machine

Reading a normal backup in Catalina using Mints
Time Machine to APFS: How processes have changed
Time Machine to APFS: Initiating an auto backup
Time Machine to APFS: Backing up

You may also wish to use T2M2.

App Store

How to get the best out of the App Store
Inside the App Store: how it delivers your apps

DAS Scheduling

How macOS schedules and dispatches background tasks using CTS 1
How macOS schedules and dispatches background tasks using CTS 2
How macOS schedules and dispatches background tasks using CTS 3
What happens when background scheduling fails
Time Machine to APFS: Initiating an auto backup

Boot

Mints 1.5 reports recent boots and solves normalization

Spotlight log extracts and testing

Spotlight on search: How to diagnose and fix problems
How to restore Spotlight search of Rich Text files
Full release of Mints 1.0 is now available, and diagnoses Big Sur’s Spotlight bug
Diagnosing a Spotlight bug in Big Sur: failure to index RTF content
How to test Spotlight out in 30 seconds with Mints 1.0b11

Environment

Controlling processes and environments
sudo vulnerability check

Mach Absolute Time

Inside M1 Macs: Time and logs
Mints now tells you the (Mach absolute) time

Miscellaneous info

Mints can now reveal your Mac’s logic board ID

Universal Binary Checker

mintsb402
Magic, lipo and testing for Universal binaries

Data: Doubles

Can you trust floating-point arithmetic on Apple Silicon?

Data: Normalizer

Mints 1.5 reports recent boots and solves normalization
Apfelstrudel and unorml
28 years after Unicode, we still can’t handle accents: PDF + macOS + URL = chaos