I've followed all the advice on these forums regarding developing network extensions. I'm working on a FilterDataProvider using the SimpleFirewall example project as a starting point. The issue I run into is that the copy of the extension binary that the system manages does not get updated by the system when I copy a new application into the /Applications directory. Here's my workflow:
- Build and run the application from Xcode. I've added a pre-run action that copies the extension into a
/Applications/SysExtDevfolder so I don't have to disable SIP. - Test & make changes to code
- Disable & remove the extension in
Settings > Network > Filters & Proxies - Build and run the application from Xcode.
- New app binary loads, but the old extension binary loads.
I also notice that the app will report that the extension is already registered even when it's not present in the UI in System Settings. And when I enable the extension in the newly launched app, I don't see the full flow of confirmation dialogs, only one indicating that the app wants to filter network content.
If I run:
❯ diff /Applications/SysExtDev/SimpleFirewall.app/Contents/Library/SystemExtensions/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension /Library/SystemExtensions/44022C0D-8BBA-4783-8314-83195A516DB5/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension
Binary files ... and ... differ
it indicates that the binaries are not the same.
In order to resolve this issue I usually have to wait around for awhile and/or reboot the machine. I can't find any rhyme or reason to it. I've tried removing the old app from /Applications before building the new copy but that doesn't seem to help either. The way I know things are going to work is, if when I launch and enable the extension, I see the full onboarding flow asking me to open settings and allow under privacy and security.
I have tried running
$ systemextensionsctl uninstall 2U6G6353D3 com.example.apple-samplecode.SimpleFirewall2U6G6353D3.SimpleFirewallExtension
but that requires SIP to be disabled. I'm really close to just throwing in the towel and developing with SIP disabled. However, I feel like I must be missing something. Do I need to bump the version every time? Do I need to kill the extension process with launchctl so it can be cleaned up? Do I have to tickle the launch services or sfl db? What am I missing?
I describe the workflow I use in Debugging a Network Extension Provider. It’s worked well for me on macOS 13 and 14 (I’ve not tried it on the macOS 15 beta).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
