Skip to content

Instantly share code, notes, and snippets.

@anthonylavado

anthonylavado/FNA Notarization.md

Created March 27, 2020 03:21
Show Gist options
  • Save anthonylavado/b2c1c99385b331274cf9bf0c716063b4 to your computer and use it in GitHub Desktop.
Save anthonylavado/b2c1c99385b331274cf9bf0c716063b4 to your computer and use it in GitHub Desktop.
Download ZIP
Code signing and notarizing an FNA app on macOS
Raw
FNA Notarization.md

It's surprisingly simple to notarize an app using FNA. The structure of the app bundle doesn't follow macOS best practices but at the end of it you do get an app bundle that users can open up on macOS Catalina without any issues with Gatekeeper.

So here are the simple steps:

  1. Build your macOS .app bundle using MonoKickstart. You probably already have this and I'm not going to explain that here.

  2. Create a file called mygame.entitlements (the name really doesn't matter) with these contents:

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.security.cs.allow-jit</key>
  <true/>
  <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
  <true/>
</dict>
</plist>

  3. Code sign your app filling in the right signing identity (you can find it in Keychain):

    codesign \
  --entitlements mygame.entitlements \
  -s "Developer ID Application: XXXXXXXX (XXXXXX)" \
  --force \
  --deep \
  --verbose \
  ~/path/to/your/game.app

  4. Create a zip file of your app:

    zip -r ~/path/to/your/game.zip ~/path/to/your/game.app

  5. Upload your game for notarization, filling in the right bundle ID, username, and password. You need an app specific password for altool. The Apple docs have more details on the notarization flow

    xcrun altool \
  --notarize-app \
  --primary-bundle-id com.yourgame.app.zip \
  --username <username> \
  --password <password> \
  --file ~/path/to/your/game.zip

  6. You should get an email when it's done notarizing but you can also check manually with the RequestUUID that the previous command printed:

    xcrun altool \
  --notarization-info <RequestUUID> \
  --username <username> \
  --password <password>

  7. Then you can staple the results to your app:

    xcrun stapler staple ~/path/to/your/game.app

  8. Now you can zip up your your app and distribute it. 🎉

These are the steps I used to sign Shipwreck for distribution on itch.io and everything seems to be working fine so hopefully this helps other FNA users looking to sign and notarize their games.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment