Why my network extension on macOS suddenly require Developer ID?

App & System Services Networking
holly.lee OP
Created Mar ’21
Replies 4
Boosts 0
Views 983
Participants 2
I have implemented a Packet Tunnel network extension and it was already put on Mac App Store. It works on macOS 10 and 11 without problem.

In my local computer, I run this network extension through Xcode. It also worked until I upgraded to 11.2.3 yesterday. After upgraded, the network extension suddenly refused to load. I checked system log from Console utility and found that line of error message:

neagent Provider is not signed with a Developer ID certificate.

Why? My network extension is distributed through App Store and I just use Xcode to do debugging stuffs locally. It was signed by a "Apple Developer" certificate (I remembered it was caledl "Mac Developer" before). Why this time the system requires a Developer ID certificate?

Here is my entitlement of the network extension:

Code Block 
<plist version="1.0">
<dict>
	<key>com.apple.developer.networking.networkextension</key>
	<array>
		<string>packet-tunnel-provider</string>
	</array>
	<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.network.client</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>$(AppIdentifierPrefix)mobi.time2change.mvapp.mv-tunnel</string>
	</array>
</dict>
</plist>


Anyone has the experience on this strange issue?

Thanks,

Replies  4
Boosts  0
Views  983
Participants  2
Systems Engineer OP
Apple
Mar ’21

Why this time the system requires a Developer ID certificate?

Do you still have the machine that you are building and running from locally registered on in the Developer Portal? Make sure nothing has changed in terms of local Development signing between upgrades. If you want to run your built app on a machine that is not registered, say a test machine, signing with Developer ID is the process you will need to take.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
holly.lee OP
Mar ’21
It is the same machine, and nothing changed between the upgrade.

I did another test. I setup a VM running Big Sur in VMware Fusion. Installed Xcode, checked out the source codes to this VM, and added this VM to provision profile (Indeed Xcode did it for me, but I can find it either inside Xcode or through Developer Portal. ). I still use "Apple Developer" certificate to sign the extension. Same result. I still got "Provider is not signed with a Developer ID certificate." message from system log. :-(

BTW, If I remove all those local built binaries and install the version I published in Mac App Store, it works well.
0
Systems Engineer OP
Apple
Mar ’21

BTW, If I remove all those local built binaries and install the version I published in Mac App Store, it works well.

Okay, try this; build from Xcode, right click on the .app in the Products group. Click show in Finder. Then in Finder, drag your built app into the /Applications folder. Run your built app from the /Applications folder. Does this change your result?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
holly.lee OP
Mar ’21

Okay, try this; build from Xcode, right click on the .app in the Products group. Click show in Finder. Then in Finder, drag your built app into the /Applications folder. Run your built app from the /Applications folder. Does this change your result?

No luck. Still got same error.
0
Why my network extension on macOS suddenly require Developer ID?
First post date Last post date
 
 
Q