Why my network extension on macOS suddenly require Developer ID?

I have implemented a Packet Tunnel network extension and it was already put on Mac App Store. It works on macOS 10 and 11 without problem.

In my local computer, I run this network extension through Xcode. It also worked until I upgraded to 11.2.3 yesterday. After upgraded, the network extension suddenly refused to load. I checked system log from Console utility and found that line of error message:

neagent Provider is not signed with a Developer ID certificate.

Why? My network extension is distributed through App Store and I just use Xcode to do debugging stuffs locally. It was signed by a "Apple Developer" certificate (I remembered it was caledl "Mac Developer" before). Why this time the system requires a Developer ID certificate?

Here is my entitlement of the network extension:

Code Block 
<plist version="1.0">
<dict>
	<key>com.apple.developer.networking.networkextension</key>
	<array>
		<string>packet-tunnel-provider</string>
	</array>
	<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.network.client</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>$(AppIdentifierPrefix)mobi.time2change.mvapp.mv-tunnel</string>
	</array>
</dict>
</plist>


Anyone has the experience on this strange issue?

Thanks,

Up vote post of holly.lee Down vote post of holly.lee
200 views
Asked by
holly.lee
Answer this Question
Add a Comment

Answers

Why this time the system requires a Developer ID certificate?

Do you still have the machine that you are building and running from locally registered on in the Developer Portal? Make sure nothing has changed in terms of local Development signing between upgrades. If you want to run your built app on a machine that is not registered, say a test machine, signing with Developer ID is the process you will need to take.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment
It is the same machine, and nothing changed between the upgrade.

I did another test. I setup a VM running Big Sur in VMware Fusion. Installed Xcode, checked out the source codes to this VM, and added this VM to provision profile (Indeed Xcode did it for me, but I can find it either inside Xcode or through Developer Portal. ). I still use "Apple Developer" certificate to sign the extension. Same result. I still got "Provider is not signed with a Developer ID certificate." message from system log. :-(

BTW, If I remove all those local built binaries and install the version I published in Mac App Store, it works well.
Posted by
holly.lee
Up vote reply of holly.lee Down vote reply of holly.lee
Add a Comment

BTW, If I remove all those local built binaries and install the version I published in Mac App Store, it works well.

Okay, try this; build from Xcode, right click on the .app in the Products group. Click show in Finder. Then in Finder, drag your built app into the /Applications folder. Run your built app from the /Applications folder. Does this change your result?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

Okay, try this; build from Xcode, right click on the .app in the Products group. Click show in Finder. Then in Finder, drag your built app into the /Applications folder. Run your built app from the /Applications folder. Does this change your result?

No luck. Still got same error.
Posted by
holly.lee
Up vote reply of holly.lee Down vote reply of holly.lee
Add a Comment