We have been employed in managing a VPN connection with the open source project wireguard recently. What confused us is the provisioning file. In the wireguard project, they use network extension. However, when we apply for a Developer ID provisioning file, the related functions like packet tunnel are suffixed with systemextension, which doesn't apply to the project. What we wonder is whether macOS development can only use systemextension rather than network extension? If so, how the wireguard project works is confusing.
macOS development with network extension
macOS supports two ‘flavours’ of NE providers:
-
App extension (appex)
-
System extension (appex)
Appexes use the entitlements without the -systemextension suffix and can only be distributed via the Mac App Store.
Sysexes use the entitlements with the -systemextension suffix. These can be distributed via the Mac App Store but also support independent distribution using Developer ID signing.
Sysex support was added in macOS 10.15.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Oh, one more thing. The runtime environment is quite different in appex and sysex NE providers. If you’re using code that was designed to run as an appex, I encourage you to first get it running as an appex, using Apple Development signing, and then convert it to a sysex.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Got it. Thank you very much~
you mean we need to modify the proect setting and code to suit system extension, right?
Yes. This isn’t super hard, but it’s not trivial either.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"