Hello. I'm developing network extension using app proxy provider under macOS. I've implemented extension and it works fine if I use automatic code signing and developer certificate. But I need to sign extension by developer-id certificate and notarize it. After appropriate modification I got notarized bundle with network extension but my extension generates crash report during activation. I have not found any important messages in Console.app related with my problem and I'm stuck. Where I can find any information to solve my problem?
My crash report:
Process: com.llc.company.bundle.extension [35722]
Path: /Library/SystemExtensions/*/com.llc.company.bundle.extension
Identifier: com.llc.company.bundle.extension
Version: ???
Code Type: X86-64 (Native)
Parent Process: launchd [1]
Responsible: com.llc.company.bundle.extension [35722]
User ID: 0
Date/Time: 2021-10-06 10:19:24.718 +0300
OS Version: macOS 11.6 (20G165)
Report Version: 12
Bridge OS Version: 5.5 (18P4759a)
Anonymous UUID: 60F7ECE8-B522-D45E-97E9-EB1EBAC1304A
Time Awake Since Boot: 21000 seconds
System Integrity Protection: enabled
Crashed Thread: Unknown
Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
Bundle entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>app-proxy-provider-systemextension</string>
</array>
<key>com.apple.developer.system-extension.install</key>
<true/>
</dict>
</plist>
System extension entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>app-proxy-provider-systemextension</string>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>$(TeamIdentifierPrefix)group.com.company.extension</string>
</array>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
Thank you for any help!
The sysex architecture does not, in general, allow you to disable hardened runtime features. You currently have com.apple.security.cs.disable-library-validation set. Why is that?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"