User Profile

Hi, I've recently successfully signed and notarized my application. My application is written in Python so I am unable to to use the Xcode workflow and instead use Pyinstaller to package followed by the codesign command: codesign --deep --force --options=runtime --entitlements entitlements.plist --sign developer-id-hash --timestamp network_visualizer.app Everything works using this entitlements file when signing according to Pyinstallers specifications: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> </dict> </plist> Now, an issue occurs (even though I can sign, notarize, and distribute my application) I am losing a critical function which is opening up a network interface for sniffing traffic (pcapy open_live function). It works on my M1 Macbook when downloaded from the Internet, but not on a friends Intel Macbook -- same MacOS Monterey. I figure it has something to do with requiring elevated permissions so I assume that I should add additional entitlements when code signing. After some investigation I decide to try to add these additional entitlements: <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> </array> Before I can even test this, my app fails execution with Termination Reason: CODESIGNING. I then proceed to create a provisional profile through the developer.apple.com website. I successfully download and install this provisioning profile and include a copy in the app directory: network_visualizer.app/Content/embedded.provisionprofile The provisoning profile has the networkextension enabled and is correctly recognized using a dummy app built in Xcode. How do I get codesign to recognize the provisioning profiile when signing?