On macOS Network Extension Deactivation

App & System Services Networking
JimmyKwak OP
Created 3w
Replies 1
Boosts 0
Views 143
Participants 2

Hello,

I’m developing a macOS application signed with a Developer ID (outside the App Store) that includes a Network Extension. The app has been successfully notarized, and the network filter is registered, but the Network Extension itself remains inactive — it does not install or run properly.

It seems that the issue might be related to the entitlements configuration between the container app and the Network Extension target.

Could you please provide a detailed checklist for:

1.The required entitlements and configurations for the container app, and

2.The required entitlements and configurations for the Network Extension target?

Additionally, are there any specific Xcode settings that are mandatory for the Network Extension to be properly installed and activated on macOS when distributed via Developer ID?

Thank you in advance for your help.

Answered by DTS Engineer in 866104022
I’m developing a macOS application signed with a Developer ID

I recommend that you use Apple Development signing for day-to-day development. That’s true in general — see The Care and Feeding of Developer ID — but it’s especially important for NE sysexen because of the issue discussed in Exporting a Developer ID Network Extension.

1-. The required entitlements and configurations for the container app [and] the Network Extension

Both the container app and the sys must be signed with com.apple.developer.networking.networkextension. This is an array. The values for that array are documented here. Apply these values as follows:

  • For an appex, add the value corresponding to its provider type.
  • A sysex can contain multiple providers; add the corresponding values for each of them.
  • For the container app, union the values for all the embedded appexen and sysexen.

IMPORTANT As highlighted in Exporting a Developer ID Network Extension, the actual values vary depending on whether the distribution channel, and Xcode won’t do the right thing for direct distribution with Developer ID signing.

Beyond that, I have general hints and tips on how to bring up an NE provider in Debugging a Network Extension Provider.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  1
Boosts  0
Views  143
Participants  2
DTS Engineer OP
Apple
3w
Recommended
I’m developing a macOS application signed with a Developer ID

I recommend that you use Apple Development signing for day-to-day development. That’s true in general — see The Care and Feeding of Developer ID — but it’s especially important for NE sysexen because of the issue discussed in Exporting a Developer ID Network Extension.

1-. The required entitlements and configurations for the container app [and] the Network Extension

Both the container app and the sys must be signed with com.apple.developer.networking.networkextension. This is an array. The values for that array are documented here. Apply these values as follows:

  • For an appex, add the value corresponding to its provider type.
  • A sysex can contain multiple providers; add the corresponding values for each of them.
  • For the container app, union the values for all the embedded appexen and sysexen.

IMPORTANT As highlighted in Exporting a Developer ID Network Extension, the actual values vary depending on whether the distribution channel, and Xcode won’t do the right thing for direct distribution with Developer ID signing.

Beyond that, I have general hints and tips on how to bring up an NE provider in Debugging a Network Extension Provider.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
On macOS Network Extension Deactivation
First post date Last post date
 
 
Q