We've made a game with Unity 5, which runs without any problems on Mac OSX. But for the Mac OSX App Store from Apple, the game must be codesigned.
I've done that a lot of times in the past and there I didn't have problems. But I have made a clean install of OSX on the Mac a few weeks ago. I installed all the certificates and they seem to work. But I can't check in the terminal, which codesign commands I used in the past, and there maybe the problem...
In Unity I build the app with the Mac Appstore Validation.
Then I edit the info.plist, add the icons, create the entitlements-file (do all which was listed in several documents) and go to the terminal.
There I type in the directory of the app:
chmod -R a+xr “APPNAME.app"
codesign -f -v -s "3rd Party Mac Developer Application: COMPANY-NAME" "APPNAME.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib"
codesign -f --deep -s '3rd Party Mac Developer Application: COMPANY-NAME' --entitlements "APPNAME.entitlements" "APPNAME.app"
productbuild --component "APPNAME.app" /Applications --sign "3rd Party Mac Developer Installer: COMPANY-NAME" "APPNAME.pkg"
Everything works fine, even with the libmono.0.dylib. There I get the result that the existing codesigning will be replaced. I am not sure, but I had in mind, that we have codesigned 3 lines in the past, but we didn't have used any more Frameworks or Plugins now.
Then I test the pkg. I install it and was asked about the login-details and I login with a iTunesConnect testuser-account. The app will be installed and when I try to run it, it will be closed after a few seconds. Then something curious happens. I must login again with the testuser and after that the game starts without problem (without trying to start it again!)
I upload the pkg with the ApplicationLoader 3.1 (3.6 didn't work, because it says to me, that I can't submit an IPA-file, even it is a pkg, a lot have that problem and use an old version of the loader) and that worked too. But I got the result of Apple with the rejection: "...launched app and immediately stopped from launching." So they can't start it.
When I check the codesigned app with spctl -a -t exec -vv <APPNAME> I got the result:
<APPNAME>: rejected
...
But I didn't know where I've done the mistake?!
Does anyone has an idea of what I am doing wrong?
You mean in the savety case to recreate the certificates? I am sure, that I have done that when setup the Mac new, but if there can't happen any wrong, I can do it again for going sure...
Edit: I've created new certificates for that mac and try to codesign again. When I make the check with spctl -a -t exec -vv <APPNAME> I got the rejected again.
For the Mac OSX App Store I only need the certificates
3rd Party Mac Developer Application
3rd Party Mac Developer Installer
Mac OS Developer
And in the certificates (dev area at developer.apple.com) I have additional:
Mac App Distribution
Mac Installer Distribution
Related
I need to distribute one unsigned app for Mac OS with arm64 arch.And I want users to automatically sign the application with ad-hoc certificate like this codesign -s ###### app.But these users are not developers, and have no Xcode installed.
Is it possible to create Apple Development identity (########## "Apple Development:mail#mail.com (########)) using Apple ID and password without Xcode tools?
I know the app Sideloadly is able to do this, but it is closed-source and I'm too stupid to interpret function with disassembler.
You can use the next command:
codesign -fs- name.app -deep
But before don't forget to install Xcode command-line tools:
sudo xcode-select --install
I am trying to submit a macOS app built with Unity to the Mac App Store. I followed the instructions mentioned in the Unity documentation, Delivering your application to the Mac App Store.
I am able to run the Build command for macOS and get a .app bundle for my app. I am also able to launch it and it runs fine. However, after running the following codesign command (as mentioned in the linked document above), the app freezes upon launch and has to be force quitted. This is the codesign command line that I am running:
codesign -o runtime -f --deep -s '3rd Party Mac Developer Application: DEVELOPER NAME' --entitlements "GAMENAME.entitlements" "/AppPath/GAMENAME.app"
I have a paid (Individual) developer license with Apple, and have properly set up the certificates in keychain as mentioned in the document. I also managed to check that the app bundle was signed by running the command line:
codesign -dv --verbose=4 GAMENAME.app
Running the above command displays that it's signed with my 3rd Party Mac App Developer certificate.
I have tried looking for a way to export the Xcode project out from Unity app, so I can attempt to build and sign it with Xcode, but after searching the Web, I realized that Unity doesn't have support for exporting the Xcode project for macOS app yet (it can do the same for iOS).
I am running the current latest version of all the software, and the same are mentioned below:
macOS Catalina 10.15.1
Xcode 11.2.1
Unity 2019.2.13
My questions are:
What is it that may be going wrong?
What other avenues do I have?
I am looking for distributing the app exclusively via the Mac App Store for the time being. This is going to be a paid app (if that's relevant).
If you are building the .app from the command line (using Unity's command line invocation), try building from the editor instead.
Confirm you are not building a 32 bit-only binary.
Try removing -o runtime from your codesign command, this is the only part of your process that differs from mine, and mine works fine.
Otherwise, when uploading to the App Store, I believe Xcode will sign for you. While this will not be different from codesign, Xcode may check if you accidentally blocked or otherwise misconfigured running binaries signed by you on your particular machine. You should test on a different machine or macOS VM.
My app is not targeting yet the app store so i'm building using my Developer ID Application certificate
I'm building now by xcode 13.2 a Unity 2021.1.28f1 produced xcodeproj on macOS 11.6.2
The produced app bundle is notarized during Archiving it (so using the -o runtime switch implicitely) and
running seamlessly on macOS 11.6.2 even if no entitlements exception is used
freezing on macOS 10.15.7 till the "Allow Unsigned Executable Memory" (com.apple.security.cs.allow-unsigned-executable-memory) entitlements is not added during the build
So now the solution was for me to add com.apple.security.cs.allow-unsigned-executable-memory to the app entitlements
I have a Qt 5.4 application with Sparkle framework. Gatekeeper on Mac OS X 10.11 will display "unidentified developer" error after downloading from our server. After some researches (codesign --strict shows missing file in sparkle), I removed broken symbolic links in Sparkle framework. Then I rebuilt the app, the check with both codesign and spctl
codesign --verbose --deep --strict myapp.app
The result is:
myapp.app: satisfies its Designated Requirment
spctl --assess --type exec --verbose myapp.app
shows: accepted
next I built dmg image, install from image, the app runs without issue.
Then I uploaded dmg to server, and downloaded from our server. MD5 checksum matches.
However, after I drag and drop the app to /Applications folder, ran it, OS shows the application is corrupted and must be moved to trash.The same codesign command still returns "Satifies its Designated Requirements", but the same spctl command shows:
code has no resources but signature indicates they must be present
Just by downloading the app from our server, spctl output changed. I don't think it has anything to do with resources (the app does have resources) since the same build script has created a few releases without this error. the script does modify qt framework structure but that works on 10.10.
I built a new Mac OS 10.11, installed xcode 7.0.1, Qt 5.5, rebuilt the app (without the script to modify Qt framework structure in App bundle). Exact the same result: the app passes both codesign and spctl before upload, and failed with the same error after downloading.
In essence, after removing broken link in Sparkle framework, the app bundle changed from "unidentified developer" to "corrupted image".
Can someone tell me where it went wrong?
After many problems to codesign an Mac OSX app finally I got a working combination (what to sign, where it should be located).
My question is if there's some system command to do the exact same verification the system does on a downloaded app. I've used codesign --display and RB App Checker that passed the verification in some cases but when downloading the app didn't succeed.
You don't say what version of Mac OS X you develop under, or what version of Mac OS X you're downloading and testing on. That's important because there were changes in code signatures and GateKeeper in Mavericks and later.
See Apple's tech note for details, but what I use is:
spctl -a -v path/to/my.app
I have a Mac App, I export it as a pkg for distribution, using the latest XCode.
Deployment target is 10.7.3.
I have got many user reports that the app can't be installed on 10.7.5 "appname can't be installed on this computer"
There is no further information in the logs.
My understanding is that this message can happen when a 64 bit only app is installed on a 32 bit mode OS, however the systems are running 64 bit kernel.
Any idea on how to fix this? The problem seems to be happening exclusively on 10.7.5 so far, might be a 10.7.5 bug, but I would still need a workaround.
I was able to somewhat work around the problem by manually building an installer package from the instructions found in Making OS X Installer Packages like a Pro - Xcode Developer ID ready pkg
I was however forced to bypass that process a little bit, mainly I think because of the priviliged helper tool I provide with the app.
These were my steps, forged by despreate trial an error, your milage may vary:
# In the release directory built by xcode, app already signed by xcode:
$ pkgbuild --component MyApp.app --install-location /Applications MyApp.pkg
$ productbuild --synthesize --package MyApp.pkg Distribution.xml
$ productbuild --distribution Distribution.xml --package-path . ./Installer.pkg
$ nano Distribution.xml
# added attribute customLocation="/Applications"
# to the choice-element for my app id.
$ productsign --sign "Developer ID Installer: Jon Larsson (...)" \
Installer.pkg InstallerSigned.pkg
The s produced an acceptable installer, though a little incomplete, which I think is because of an incomplete Distribution.xml.