Hi,
We are currently working on porting our PacketTunnelProvider app extension to run as a system extension. Things are mostly working great, but we're now testing upgrades from the existing app extension to a system extension.
We have an existing configuration that gets created and runs perfectly fine with the app extension. Then, when we go and upgrade to the system extension, and attempt to connect using the same existing configuration.
We see this error in the nesessionmanager logs:
10:00:57.717694-0700 nesessionmanager Signature check failed: code failed to satisfy specified code requirement(s) error
10:00:57.717914-0700 nesessionmanager Rejecting agent com.agentBundleID.bundleID because it does not satisfy the code signature requirements error
10:00:57.717937-0700 nesessionmanager Failed to launch com.agentBundleID.bundleID
If we create a new configuration profile in our upgraded app w/system extension it works fine. The problem only occurs with existing profiles.
Our app doesn't even get any notification about this error,
startVPNTunnelWithOptions:andReturnError: doesn't return any error that we can work with.
My gut tells me this has to do with the ProviderDesignatedRequirement not being correct, but I really have no way to confirm this at all. The NETunnelProviderProtocol has no way to specify that in its API. Our providerBundleIdentifier was unchanged between the two extensions.
Is there anything that we can do here? Or are we stuck re-creating the configuration profile after an upgrade?