Hi, I need to import a trusted certificate to the system keychain without prompting the user. I’m importing the certificate with this command line: sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" <certificate> that running from the post install script of my PKG. I'm running the PKG from my daemon service. The certificate is imported to the keychain but it's not trusted. This is the error that i'm getting: sectrustsettingssettrustsettings: the authorization was denied since no user interaction was possible. What is the right why for doing it? Thanks

Hi, I'm using network extension on my VPN app. I'm override the sleep method and send some data to my server when the method call. I noticed that the server requests are succeeded when I'm connecting with a WiFi networks and failed when I'm connecting with cellular networks. Does the OS blocks immediately the connectivity when I'm on the cellular networks and the device enter to sleep?

Hi, I have Packet tunnel provider app and when I'm setting the network settings with two DNS server, one is supported DNSSEC and the other doesn't support it, the OS automatically force to use the supported server. Because of it some URLs failed to be resolved. How can I disabled this behavior? I didn't find any API for that. Thanks

Hi, I'm using network system extension and implement packet tunnel provider. I want to create a DTLS connection with UDP session but I didn’t see any support on the API createUDPSession(to:from:). I know that I can create TLS connection with the API createTCPSession(to:enableTLS:tlsParameters:delegate:) but I need to use DTLS. Does NWUDPSession support DTLS? or there is a different way for doing it?

Hi, I'm trying to do DTLS handshake and I need to add custom extension to the connection parameters. I didn't find any API for doing it. This is possible with network framework? Thanks

Hi, I have some dylib files that I embedded into my project (a macOS app) and selected the 'Embed without signing' option. After I run xcodebuild -exportArchive command, I saw that the signature of those file change to my certificate. I'm using developer-id method and the dylib files are embedded in my system extension. How can I remove the force codesign for those files from the xcodebuild command. Thanks

I have a system network extension that is installed by my app. When I update my app I also update me system extension by returning ReplacementAction.replace at the actionForReplacingExtension delegate. When the new extension starts, I created a new NSXPCListener with the same mach service name, but the app can’t register to it. I updated from MyExtension version 1 to MyExtension version 2. On the Console logs I see: launchd: [system:] Service "NetworkExtension.com.MyExtension.2" tried to register for endpoint "machServiceName" already registered by owner: NetworkExtension.MyExtension.1 launchd: [system:] failed activation: name = machServiceName, flags = 0x0, requestor = MyApp[38340], error = 1: Operation not permitted

Hi, I’m using network system extension and I wanted to launch the containing app from the extension. I'm using NSWorkspace.shared.openApplication(at applicationURL: URL, configuration: NSWorkspace.OpenConfiguration) async throws -> NSRunningApplication and sometimes it works but sometimes I gets those errors: -[_LSRemoteOpenCall invokeWithError:]: XPC error encountered talking to CSUIA: <error: 0x7fff9793e9a0> { count = 1, transaction: 0, voucher = 0x0, contents = "XPCErrorDescription" => <string: 0x7fff9793eb08> { length = 18, contents = "Connection invalid" } } error Optional(Error Domain=NSCocoaErrorDomain Code=256 "The application “APP_NAME” could not be launched because a miscellaneous error occurred." UserInfo={NSURL=file:/Applications/APP_NAME.app/, NSLocalizedDescription=The application “APP_NAME” could not be launched because a miscellaneous error occurred., NSUnderlyingError=0x7fcf005634d0 {Error Domain=NSOSStatusErrorDomain Code=-10822 "kLSServerCommunicationErr: The server process (registration and recent items) is not available" UserInfo={_LSLine=354, _LSFunction=-[_LSRemoteOpenCall invokeWithError:]}}}) Want is the best practice to open the containing application from the system extension. Thanks