I need to distribute macOS app for beta testing using Developer ID signing.
I followed the guide from this post: https://developer.apple.com/forums/thread/125508?answerId=402187022#402187022. You can check out my progress in this repo: https://github.com/PhilipDukhov/wireguard-apple
Step 1. First of all I converted network extension to system one
I had to use the following code to determine path of the extension:
In order to create a tunnel I use SecAccessCreate with the results of both app and extension SecTrustedApplicationCreateFromPath. There’s no constant for "SystemExtensions" folder, also SecTrustedApplicationCreateFromPath is deprecated, does it mean there’s a new way to do so?
Yet it works on this step, which you can check out on commit 07df864a8d27948b3aa0c33cf4276835e58eeeee
Step 2. Then I created all needed provision profiles, changed signing settings and updated both .entitlements with packet-tunnel-provider-systemextension. The project builds and runs, and tunnel gets successfully created, but when I try to connect and run the extension, it fails. Console has following errors:
I tried both disabling SIP and notarizing the app. The result code is on this commit: 357059234935ab1442bb6be0324809920355bfc9
Tunnel created in Step 1 works on step 2, so create a new one to test it out. If you need a test config file let me know: philip.dukhov@gmail.com.
I followed the guide from this post: https://developer.apple.com/forums/thread/125508?answerId=402187022#402187022. You can check out my progress in this repo: https://github.com/PhilipDukhov/wireguard-apple
Step 1. First of all I converted network extension to system one
I had to use the following code to determine path of the extension:
Code Block let extensionPath = Bundle.main.bundleURL .appendingPathComponent("Contents") .appendingPathComponent("Library") .appendingPathComponent("SystemExtensions") .appendingPathComponent("WireGuardNetworkExtension.systemextension") .path
In order to create a tunnel I use SecAccessCreate with the results of both app and extension SecTrustedApplicationCreateFromPath. There’s no constant for "SystemExtensions" folder, also SecTrustedApplicationCreateFromPath is deprecated, does it mean there’s a new way to do so?
Yet it works on this step, which you can check out on commit 07df864a8d27948b3aa0c33cf4276835e58eeeee
Step 2. Then I created all needed provision profiles, changed signing settings and updated both .entitlements with packet-tunnel-provider-systemextension. The project builds and runs, and tunnel gets successfully created, but when I try to connect and run the extension, it fails. Console has following errors:
Code Block -[NWPrivilegedHelper startXPCListener]_block_invoke client pid 123 does not have any known entitlement NEVPNTunnelPlugin(com.bubble.bubble-vpn[6191]): Validation of the extension failed WireGuardNetworkExtension: SIOCGIFMTU failed: Device not configured
I tried both disabling SIP and notarizing the app. The result code is on this commit: 357059234935ab1442bb6be0324809920355bfc9
Tunnel created in Step 1 works on step 2, so create a new one to test it out. If you need a test config file let me know: philip.dukhov@gmail.com.