I need to make distribute my mac VPN app through Developer ID.
As I understand, to do so I need to convert my app NE to a system. Is there any guide to do so?
I created a new system NE target, importer all files from old target, but looks like it's not enough. It doesn't work, in console when I'm trying to establish a connection I found these errors:
neagent: 			 NEAgentSession: failed to create the delegate
nesessionmanager: 	 Tearing down XPC connection due to setup error: Error Domain=NEAgentErrorDomain Code=2 "(null)"
New plist contains NEMachServiceName, probably I need to use it to esatablish connection?
Post
Replies
Boosts
Views
Activity
I'm developing a VPN app. It's already in AppStore - https://apps.apple.com/ua/app/bubble-securitycloud/id1513609900?mt=12.
After updating to Big Sur on my developing mac I started getting an error when hit download button:
Unable to Download App.
"Bubble SecurityCloud" could not be installed. Please try again later.
On an other mac it downloads and works fine.
I tried removing defaults; also tried removing network extension using pluginkit, which I usually need to do in order to switch between development and AppStore versions.
Is there any system files that can be cleared to fix the problem?
I need to distribute macOS app for beta testing using Developer ID signing.
I followed the guide from this post: https://developer.apple.com/forums/thread/125508?answerId=402187022#402187022. You can check out my progress in this repo: https://github.com/PhilipDukhov/wireguard-apple
Step 1. First of all I converted network extension to system one
I had to use the following code to determine path of the extension:
let extensionPath = Bundle.main.bundleURL
.appendingPathComponent("Contents")
.appendingPathComponent("Library")
.appendingPathComponent("SystemExtensions")
.appendingPathComponent("WireGuardNetworkExtension.systemextension")
.path
In order to create a tunnel I use SecAccessCreate with the results of both app and extension SecTrustedApplicationCreateFromPath. There’s no constant for "SystemExtensions" folder, also SecTrustedApplicationCreateFromPath is deprecated, does it mean there’s a new way to do so?
Yet it works on this step, which you can check out on commit 07df864a8d27948b3aa0c33cf4276835e58eeeee
Step 2. Then I created all needed provision profiles, changed signing settings and updated both .entitlements with packet-tunnel-provider-systemextension. The project builds and runs, and tunnel gets successfully created, but when I try to connect and run the extension, it fails. Console has following errors:
[NWPrivilegedHelper startXPCListener]_block_invoke client pid 123 does not have any known entitlement
NEVPNTunnelPlugin(com.bubble.bubble-vpn[6191]): Validation of the extension failed
WireGuardNetworkExtension: SIOCGIFMTU failed: Device not configured
I tried both disabling SIP and notarizing the app. The result code is on this commit: 357059234935ab1442bb6be0324809920355bfc9
Tunnel created in Step 1 works on step 2, so create a new one to test it out. If you need a test config file let me know: philip.dukhov@gmail.com.