Do I need to sign a 3rd party network extension while adding it to my project?

As I understand everything which is embedded in my app should be signed with my developer profile.

That’s not entirely true (-: The notary service requires that everything you submit be signed with a valid Developer ID. It does not require that it all use the same Developer ID, or that the Developer ID be associated with the account doing the notarisation.

Having said that, this is unlikely to work for an NE. Before I go into the details, I want to double check one thing. Per TN3134 Network Extension provider deployment, we only support sysex packaging outside of the Mac App Store. So you’ve got a sysex from your vendor, right?

Oh, and while I’m hear, some ancillary comments:

I usually sign 3rd party libraries executing the command:

Yeah, don’t do that. See --deep Considered Harmful.

If you need to manually re-sign, see:

• Creating Distribution-Signed Code for Mac

• Packaging Mac Software for Distribution

And as I understand the network extension's bundle ID should match with bundle id in my profile.

Yes. Well, technically it’s the App ID, but that’s based on the bundle ID. Without this your provisioning profile won’t match your code and there is nothing to authorise your entitlement claims. See TN3125 Inside Code Signing: Provisioning Profiles.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"