Thanks The Eskimo,
I solved this problem by creating a new Provisioning Profile with the type Developer ID Application.
Thanks in advance for your help.
Thanks The Eskimo,
The output is:
% security cms -D -i /test/bin/FamRTServicebig.app/Contents/embedded.provisionprofile <plist version="1.0">
<dict>
<key>AppIDName</key>
<string>for EX</string>
<key>ApplicationIdentifierPrefix</key>
<array>
<string><id></string>
</array>
<key>CreationDate</key>
<date>2020-11-12T04:46:55Z</date>
<key>Platform</key>
<array>
<string>OSX</string>
</array>
<key>IsXcodeManaged</key>
<false/>
<key>DeveloperCertificates</key>
<array>
<data><DeveloperCertificates></data>
</array>
<key>Entitlements</key>
<dict>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>app-proxy-provider</string>
<string>content-filter-provider</string>
<string>packet-tunnel-provider</string>
<string>dns-proxy</string>
<string>dns-settings</string>
</array>
<key>com.apple.application-identifier</key>
<string><identifier></string>
<key>keychain-access-groups</key>
<array>
<string><id>.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string><id></string>
<key>com.apple.developer.aps-environment</key>
<string>development</string>
<key>com.apple.developer.ClassKit-environment</key>
<array>
<string>production</string>
<string>development</string>
</array>
</dict>
<key>ExpirationDate</key>
<date>2021-11-12T04:46:55Z</date>
<key>Name</key>
<string>ESClient</string>
<key>ProvisionedDevices</key>
<array>
<string>94462E57-8752-5BFA-8192-84117C4F7DDB</string>
</array>
<key>TeamIdentifier</key>
<array>
<string><id></string>
</array>
<key>TeamName</key>
<string><team></string>
<key>TimeToLive</key>
<integer>365</integer>
<key>UUID</key>
<string>de4b308b-7378-48ce-9fd8-d8daa8cfcdee</string>
<key>Version</key>
<integer>1</integer>
</dict>
codesign -d --entitlements :- /Library/Application\ Support/test/bin/FamRTServicebig.app/Contents/MacOS/FamRTService_big <plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string><identifier></string>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string><id></string>
<key>com.apple.security.app-sandbox</key>
<false/>
<key>com.apple.security.application-groups</key>
<array>
<string><id></string>
</array>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.get-task-allow</key>
<true/>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/</string>
</array>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array>
<string>/</string>
</array>
</dict>
</plist>
<key>ProvisionedDevices</key>
<array>
<string>94462E57-8752-5BFA-8192-84117C4F7DDB</string>
</array>
94462E57-8752-5BFA-8192-84117C4F7DDB is our Development computer UUID.
Could you let us know if this setting is correct?
Thanks in advance for your help.
Thanks for your help, I will try to have the launchd daemon running as an .app.
Thanks The Eskimo,
FamRTServicebig is a notarized ES client run as daemon, via /Library/LaunchDaemons/FamRTServicebig.plist.
FamRTServicebig daemon is also using a system extension (libES.dylib), but the extension does not appear in System Preferences > Security & Privacy.
MacBookAirnoMacBook-Air:~ macbookair$ sudo less /Library/LaunchDaemons/FamRTServicebig.plist
<plist>
<dict>
<key>EnablePressuredExit</key>
<true/>
<key>CFBundleIdentifier</key>
<string>$(PRODUCTBUNDLEIDENTIFIER)</string>
<key>CFBundleShortVersionString</key>
<string>7.0.0.18</string>
<key>CFBundleVersion</key>
<string>7.0.0.18</string>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>realtime.scan</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/test/bin/FamRTServicebig</string>
<string>-inf1</string>
<string>1</string>
<string>-sus1</string>
<string>1</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/var/log/realtimescan.log</string>
<key>StandardOutPath</key>
<string>/var/log/realtime_scan.log</string>
</dict>
</plist>
Could you let us know if there missing or incorrect settings in our app?
Thanks in advance for your help.
Thanks The Eskimo,
I am planning to deploy my app to customers independently, using Developer ID.
Is there any difference between the two method?