Post

Replies

Boosts

Views

Activity

Unable to use XCode Auto-sign for a project with network + system extension
Hi, We are developing software that configures a network extension via a system extension on MacOS. The host application (run as service) enables network extension and system extension capabilities. It registers the network extension. The network extension has network extension capabilities and configures an app-group to be bundled into the service. What we have built is already working, i.e. we build, sign, notarize and ship the code (it's already running on hundreds of SIP enabled customer devices in production). But, we are currently falling back to manual profile management (i.e. download and import the profile) so that Xcode accepts the entitlements suffixed with -systemextention. Recently we are testing deployment on iOS devices. For iOS profiles we cannot overcome the issues with setting the profile manually, XCode complains about mismatching networkextension entitlements even when manually importing the profile. So I thought I get to the bottom of why automated signing is not working and hopefully overcome the issues with iOS. Upon configuring automatic signing we ran into the following problem: For a network extension that is installed via a system extension the network extension capabilities are expected to be defined with a -systemextension suffix, i.e.: <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> <string>relay</string> When using automated signing the profile in our development account reflects these settings, i.e. the profile is correctly generated with the values above. However, XCode complains that the network extension capabilities don't match. I went as far as to configuring a new application-ID so that XCode would generate a new profile in the development account. I then downloaded and decoded the generated profile. The capabilities of the development portal profile were created as expected (as above), but somehow, the locally generated profile that is generated by XCode auto-sign expects: <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> What XCode auto-sign expects is not reflected in the development account profile (!). I tried to overcome this by changing the entitlements of the project to omit the -systemextension suffix. XCode auto-sign seemingly works then, but once the application is actually signed by CodeSign the signing fails because the capabilities don't match with the development account profile. I tried profile re-generation by clearing Library/Developer/Xcode/UserData/Provisioning Profiles, but it always results in the same problem - either XCode is happy and the code signing fails when building, or the other way round. Bottom Line: I think that somehow XCode evaluates the profile validity differently from CodeSign; somehow when using automatic signing XCode does not take the network extension + system extension into account, but only expects the capabilities of the network extension. If anybody know how to overcome this problem please help :)
1
0
61
16h
xcodebuid failed at signing step although there is no issue building and distributing from Xcode GUI
Hi all, I have a host application to register and start network system extension. I created 2 provisional profiles that grant SystemExtension and NetworkExtension capabilities for the host app, and NetworkExtension for the network system extension. I'm able to archive and distribute (direct distribution) the app from XCode GUI. However, when I use xcodebuild command to build the project, it gave me this error: error: No profile for team 'TEAMID' matching 'Host APP Distribution Profile' found: Xcode couldn't find any provisioning profiles matching 'TEAMID/Host APP Distribution Profile'. Install the profile (by dragging and dropping it onto Xcode's dock item) or select a different one in the Signing & Capabilities tab of the target editor. error: No profile for team 'TEAMID' matching 'My NetworkExt Distribution Profile' found: Xcode couldn't find any provisioning profiles matching 'TEAMID/My NetworkExt Distribution Profile'. Install the profile (by dragging and dropping it onto Xcode's dock item) or select a different one in the Signing & Capabilities tab of the target editor. I already installed those 2 provisioning profiles assign them to my targets in XCode. There is no error from Xcode when building and distributing it. Does anyone have the same issue? How could you solve it. Thanks! An
0
0
143
Dec ’24