OSX no longer requires the kext due to feth black magic! The MacEthernetTapAgent must be installed in /Library/Application Support/ZeroTier/One for ZT to work now. Eventually this can let us do an app bundle, get rid of the pkg, and have ZT itself run with normal or reduced privileges. Also fixes GitHub issue #870 (at least for me) and may be faster than the old kext.

2025-08-21 05:43:59 -07:00 · 2018-10-25 12:43:30 -07:00 · 2018-10-25 12:43:30 -07:00 · 2e44b90f63
commit 2e44b90f63
parent 7c72653385
7 changed files with 957 additions and 10 deletions
--- a/make-mac.mk
+++ b/make-mac.mk
@ -19,7 +19,7 @@ ZT_VERSION_BUILD=$(shell cat version.h | grep -F VERSION_BUILD | cut -d ' ' -f 3
 DEFS+=-DZT_BUILD_PLATFORM=$(ZT_BUILD_PLATFORM) -DZT_BUILD_ARCHITECTURE=$(ZT_BUILD_ARCHITECTURE)

 include objects.mk
-ONE_OBJS+=osdep/OSXEthernetTap.o ext/http-parser/http_parser.o
+ONE_OBJS+=osdep/MacEthernetTap.o ext/http-parser/http_parser.o

 # Official releases are signed with our Apple cert and apply software updates by default
 ifeq ($(ZT_OFFICIAL_RELEASE),1)
@ -78,7 +78,11 @@ all: one macui
 ext/x64-salsa2012-asm/salsa2012.o:
 	$(CC) $(CFLAGS) -c ext/x64-salsa2012-asm/salsa2012.s -o ext/x64-salsa2012-asm/salsa2012.o

-one:	$(CORE_OBJS) $(ONE_OBJS) one.o 
+mac-agent: FORCE
+	$(CC) -O -s -o MacEthernetTapAgent osdep/MacEthernetTapAgent.c
+	$(CODESIGN) -f -s $(CODESIGN_APP_CERT) MacEthernetTapAgent
+
+one:	$(CORE_OBJS) $(ONE_OBJS) one.o mac-agent
 	$(CXX) $(CXXFLAGS) -o zerotier-one $(CORE_OBJS) $(ONE_OBJS) one.o $(LIBS)
 	$(STRIP) zerotier-one
 	ln -sf zerotier-one zerotier-idtool
@ -128,17 +132,17 @@ official: FORCE
 	make ZT_OFFICIAL_RELEASE=1 mac-dist-pkg

 clean:
-	rm -rf *.dSYM build-* *.a *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier doc/node_modules macui/build zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_*
+	rm -rf MacEthernetTapAgent *.dSYM build-* *.a *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o $(CORE_OBJS) $(ONE_OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier doc/node_modules macui/build zt1_update_$(ZT_BUILD_PLATFORM)_$(ZT_BUILD_ARCHITECTURE)_*

 distclean:	clean

 realclean:	clean

 # For those building from source -- installs signed binary tap driver in system ZT home
-install-mac-tap: FORCE
-	mkdir -p /Library/Application\ Support/ZeroTier/One
-	rm -rf /Library/Application\ Support/ZeroTier/One/tap.kext
-	cp -R ext/bin/tap-mac/tap.kext /Library/Application\ Support/ZeroTier/One
-	chown -R root:wheel /Library/Application\ Support/ZeroTier/One/tap.kext
+#install-mac-tap: FORCE
+#	mkdir -p /Library/Application\ Support/ZeroTier/One
+#	rm -rf /Library/Application\ Support/ZeroTier/One/tap.kext
+#	cp -R ext/bin/tap-mac/tap.kext /Library/Application\ Support/ZeroTier/One
+#	chown -R root:wheel /Library/Application\ Support/ZeroTier/One/tap.kext

 FORCE: