Hi,
I am writing a "Network Extension" (NEPacketTunnelProvider) app for macos. I am using "Developer ID" signing for my Macos app. But it crashes after I start it on my mac. I have already gone through the notarization.
Thanks
Time Awake Since Boot: 13000 seconds
Time Since Wake: 11000 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXCCRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXCCORPSENOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
kernel messages:
VM Regions Near 0 (cr2):
Thread 0 Crashed:
0 @Z 0x000000010ddb9000 dyld_start + 0
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000
rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ffeeb155b70
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000
r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000
rip: 0x000000010ddb9000 rfl: 0x0000000000000200 cr2: 0x0000000000000000
Logical CPU: 0
Error Code: 0x00000000
Trap Number: 0
I am writing a "Network Extension" (NEPacketTunnelProvider) app for macos. I am using "Developer ID" signing for my Macos app. But it crashes after I start it on my mac. I have already gone through the notarization.
Thanks
Time Awake Since Boot: 13000 seconds
Time Since Wake: 11000 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXCCRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXCCORPSENOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
kernel messages:
VM Regions Near 0 (cr2):
->
Thread 0 Crashed:
0 @Z 0x000000010ddb9000 dyld_start + 0
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000
rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ffeeb155b70
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000
r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000
rip: 0x000000010ddb9000 rfl: 0x0000000000000200 cr2: 0x0000000000000000
Logical CPU: 0
Error Code: 0x00000000
Trap Number: 0
Crashing like this usually indicates an entitlement problem, that is, your code was signed with some entitlements that are not in the allowlist in your provisioning profile. You should dump these two things and check that every entitlement you use is either allowed universally (things like com.apple.security.app-sandbox) or is in your profile’s allowlist:
IMPORTANT When you distribute via Developer ID your NE provider must be a sysex rather than an appex. That means you must use the -systemextension variants of the Network Extension entitlement.
ps You can use triple backticks to format text as a code block, which makes it much easier to read.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Code Block % codesign -d --entitlements :- MyContainerApp.app/Contents/Library/SystemExtensions/com.example.MyPacketTunnelProvider.systemextension … % security cms -D -i MyContainerApp.app/Contents/Library/SystemExtensions/comcom.example.MyPacketTunnelProvider.systemextension/Contents/embedded.provisionprofile …
IMPORTANT When you distribute via Developer ID your NE provider must be a sysex rather than an appex. That means you must use the -systemextension variants of the Network Extension entitlement.
ps You can use triple backticks to format text as a code block, which makes it much easier to read.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"