Sign a DriverKit based Dext for distribution

Dear Sirs,

I've written a Swift App, a C++ application and a Driver Extension using DriverKit and AudioDriverKit. As it works on my development machine now I'd like to give it to some other users and so I'm trying to make a Release Build. I've created a Signing Certificate for "Apple Distribution" which I can use for my Swift App and the C++ application which also both use "com.apple.developer.driverkit.userclient-access". I've been given this entitlement and the "Distribution Support" is for "Development, Ad hoc, App Store, Developer ID". For my Driver Extension I'm using the entitlements "com.apple.developer.driverkit" and "com.apple.developer.driverkit.family.audio" which I've also been given and which show the identical "Distribution Support". But when I try to use my Signing Certificate XCode refuses to use the provisioning profile for the Dext and says "Xcode 14 and later requires a DriverKit development profile enabled for iOS and macOS. Visit the developer website to create or download a DriverKit profile." On the other hand I have to use the same Signing Certificate for my Swift App that embeds the Dext and the Dext itself. How can I create a Signing Certificate for Release mode that works for both, the Swift App and the Dext?

Thanks and best regards, Johannes

Up vote post of JFreyberger Down vote post of JFreyberger
483 views
Posted by
JFreyberger
Reply
Add a Comment

Replies

I think you're talking about a macOS app, right, not an iOS app?

are you the account owner? Only the account owner (not a mere admin) can create certificates and profiles for managed entitlements. Xcode can't make it automatically, and the developer portal's feedback is unhelpful on this issue.

I think you want a signing certificate for Developer ID, not for Apple Distribution. The latter means on the app store, the former means you distribute it, and it is signed by a registered developer, and that signature is notarized by Apple.

On the Xcode side, you leave the signing set to "Automatic", and go through the steps to make an archive. Once you have an archive, open the Organizer window, select your archive and click Distribute App. In the next dialog, select Developer ID as the method of distribution. A dialog will come up offering you the choice of automatic or manual signing. Choose manual.

In the next dialog, pick appropriate Certificates and Profiles for the app and its extension. The profile you pick for the app is special - this is the one that your Account Owner has to create. You probably don't need a profile at all for the driver extension.

Click Next, review your certificate and profile choices, if you are happy, upload to the notarization server and wait a little while. Good luck!

Posted by
ssmith_c
Up vote reply of ssmith_c Down vote reply of ssmith_c
Add a Comment

Thank you very much. This was really helpful and I've already done all the steps and uploaded my app with the dext for notarization. So currently I will have to learn what "a little while" actually means.

Will I have to go through all these steps for each version I'd like to distribute? Normally we do our builds in a fully automatized build system like Jenkins and have a final installer falling out of this process without human interference. Is this also possible for MacOS applications and dexts developed in XCode?

Best regards, Johannes

Posted by
JFreyberger
Up vote reply of JFreyberger Down vote reply of JFreyberger
Add a Comment