Skip to content

Instantly share code, notes, and snippets.

@rje
Last active July 3, 2021 10:49
Show Gist options
  • Save rje/70ea38c85e5a690ae8aa0c66e3df441e to your computer and use it in GitHub Desktop.
Save rje/70ea38c85e5a690ae8aa0c66e3df441e to your computer and use it in GitHub Desktop.
This is a set of scripts that I'm using to sign and notarize a unity app that has native plugins included as .bundle files. It's a lot of steps! Hopefully this makes it a bit easier...
#!/bin/bash -x
# This script takes .app file generated by unity for OSX, signs any plugin bundles and the main app,
# zips the project, and submits it for notarization
# Required data -- You need to fill these out with useful values!
USERNAME=# username of your apple account, usually your email
PASSWORD=# a generated password from appleid.apple.com
ROOT_FOLDER=# path to where your build lives
APP_NAME=# name of the app file unity created for you
PLUGIN_DIR=Contents/Plugins # you should be able to leave this be
ENTITLEMENTS_NAME=# an entitlements file you made, should be saved next to your .app file (see 'sampleapp.entitlements' in this gist)
BUNDLE_ID=# bundle id for this app (you set this in unity)
TEAM_ID=# your team id usually a 10 digit hex code
CERT_NAME=# name of your developer id cert, usually something like "Developer ID Application: My Company (TEAM_ID)"
for bundle_to_sign in $ROOT_FOLDER/$APP_NAME/$PLUGIN_DIR/*.bundle; do
codesign --deep --force --verify --verbose --timestamp --sign "$CERT_NAME" "$bundle_to_sign"
done
codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements "$ROOT_FOLDER/$ENTITLEMENTS_NAME" --sign "$CERT_NAME" "$ROOT_FOLDER/$APP_NAME"
rm -f "$ROOT_FOLDER/$APP_NAME.zip"
ditto -c -k --rsrc --keepParent "$ROOT_FOLDER/$APP_NAME" "$ROOT_FOLDER/$APP_NAME.zip"
xcrun altool --notarize-app --username "$USERNAME" --password "$PASSWORD" --asc-provider "$TEAM_ID" --primary-bundle-id "$BUNDLE_ID" --file "$ROOT_FOLDER/$APP_NAME.zip"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
</dict>
</plist>
#!/bin/sh
# Once you've submitted your app for notarization, it will give you a "RequestUUID" that you can use to check
# the notarization status. If you run this script with your RequestUUID as a command line parameter it will
# tell you the status
# Required data -- You need to fill these out with useful values!
USERNAME=# username of your apple account, usually your email
PASSWORD=# a generated password from appleid.apple.com
TEAM_ID=# your team id usually a 10 digit hex code
xcrun altool --notarization-info $1 --username $USERNAME --password $PASSWORD --asc-provider $TEAM_ID
#!/bin/bash -x
# Hooray, your check_status said that the package was approved! Now you can run this to staple the notarization
# to your app, and you will finally have a signed and notarized app. Congrats!
# Required data -- You need to fill these out with useful values!
ROOT_FOLDER=# path to where your build lives
APP_NAME=# name of the app file unity created for you
xcrun stapler staple "$ROOT_FOLDER/$APP_NAME"
spctl -a -v "$ROOT_FOLDER/$APP_NAME"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment