OSSystemExtensionRequest didFailWithError code 8

while activating Network Extension with OSSystemExtensionRequest getting into didFailWithError with error code 8 .

hitting the same error with even SIP disabled. anyone knows what this error code is and how to correct?

It’s hard interpret error code without knowing the error domain. If the error domain is

OSSystemExtensionErrorDomain
, then 8 corresponds to
OSSystemExtensionErrorCodeSignatureInvalid
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

thank you eskimo . the domain is indeed OSSystemExtensionErrorDomain.

so i presume that since my extension is not signed i get the error OSSystemExtensionErrorCodeSignatureInvalid .


but i also tried with SIP disabled (i.e. csrutil disable). but i get the same error . what's the issue then?


can i not activate system extension without signature on SIP disabled system ?

You really need to sign all of your code, regardless of whether SIP is enabled or not. SIP relaxes certain security checks, true, but there’s a bunch of subsystem within the OS that rely on code being signed.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

i ask this only for internal development and testing . reckon there needs to be some way without the sign during this phase. or even for internal development cycles need to be signed. i guess not. hence the provision through SIP disablement. is it right?

You should sign your code in all circumstances. If you’re haven’t paid to join the developer programme, you can use any Apple ID to set up a Personal Team that will work for code signing (just log in with that Apple ID in Xcode > Preferences > Accounts).

As I mentioned, there are various subsystems that expect your code to be signed. Running unsigned code puts you far off the beaten path, whereupon you will encounter various pitfalls.

Again, this isn’t just about the NetworkExtension and SystemExtensions subsystems. These pitfalls are scattered far’n’wide across the OS. For example, I regularly see folks complaining that the keychain puts up unnecessary access alerts, and the most common cause is that their code is unsigned (or ad hoc signed) which means that the keychain can’t tell that build N+1 of their app is the same as app as build N.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you . i added the account. it now says "Your development team, "XXXXX", does not support the Network Extensions capability."


is this capability associated with the team?


also is Apple Devleoper account manadatory or just Apple ID work?

it now says "Your development team, "XXXXX", does not support the Network Extensions capability."

Indeed. I have misled you here, and I apologise for that. Personal Teams are great in general but it seems that they don’t support NE development )-: To fix this you’ll need an Apple ID that’s a member of the Apple Developer Program, either its own right (an Individual team) or a member of an Organization team.

ps You can find a list of what is and isn’t supported for each sort of team in the Developer Account Help. Clearly I need to study that in more detail )-:

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"
OSSystemExtensionRequest didFailWithError code 8
 
 
Q