rje/1_sign_and_submit.sh

## 1_sign_and_submit.sh
#!/bin/bash -x
# This script takes .app file generated by unity for OSX, signs any plugin bundles and the main app,
# zips the project, and submits it for notarization

# Required data -- You need to fill these out with useful values!
USERNAME=# username of your apple account, usually your email
PASSWORD=# a generated password from appleid.apple.com
ROOT_FOLDER=# path to where your build lives
APP_NAME=# name of the app file unity created for you
PLUGIN_DIR=Contents/Plugins # you should be able to leave this be
ENTITLEMENTS_NAME=# an entitlements file you made, should be saved next to your .app file (see 'sampleapp.entitlements' in this gist)
BUNDLE_ID=# bundle id for this app (you set this in unity)
TEAM_ID=# your team id usually a 10 digit hex code
CERT_NAME=# name of your developer id cert, usually something like "Developer ID Application: My Company (TEAM_ID)"

for bundle_to_sign in $ROOT_FOLDER/$APP_NAME/$PLUGIN_DIR/*.bundle; do
  codesign --deep --force --verify --verbose --timestamp  --sign "$CERT_NAME" "$bundle_to_sign"
done

codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements "$ROOT_FOLDER/$ENTITLEMENTS_NAME" --sign "$CERT_NAME" "$ROOT_FOLDER/$APP_NAME"

rm -f "$ROOT_FOLDER/$APP_NAME.zip"
ditto -c -k --rsrc --keepParent "$ROOT_FOLDER/$APP_NAME" "$ROOT_FOLDER/$APP_NAME.zip"

xcrun altool --notarize-app --username "$USERNAME" --password "$PASSWORD" --asc-provider "$TEAM_ID" --primary-bundle-id "$BUNDLE_ID" --file "$ROOT_FOLDER/$APP_NAME.zip"

## 2_sampleapp.entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
	       <key>com.apple.security.cs.disable-library-validation</key>
	       <true/>
	       <key>com.apple.security.cs.disable-executable-page-protection</key>
	       <true/>
    </dict>
</plist>

## 3_check_status.sh
#!/bin/sh

# Once you've submitted your app for notarization, it will give you a "RequestUUID" that you can use to check
# the notarization status. If you run this script with your RequestUUID as a command line parameter it will
# tell you the status

# Required data -- You need to fill these out with useful values!
USERNAME=# username of your apple account, usually your email
PASSWORD=# a generated password from appleid.apple.com
TEAM_ID=# your team id usually a 10 digit hex code

xcrun altool --notarization-info $1 --username $USERNAME --password $PASSWORD --asc-provider $TEAM_ID

## 4_finalize.sh
#!/bin/bash -x

# Hooray, your check_status said that the package was approved! Now you can run this to staple the notarization
# to your app, and you will finally have a signed and notarized app. Congrats!

# Required data -- You need to fill these out with useful values!
ROOT_FOLDER=# path to where your build lives
APP_NAME=# name of the app file unity created for you

xcrun stapler staple "$ROOT_FOLDER/$APP_NAME"
spctl -a -v "$ROOT_FOLDER/$APP_NAME"
	#!/bin/bash -x
	# This script takes .app file generated by unity for OSX, signs any plugin bundles and the main app,
	# zips the project, and submits it for notarization

	# Required data -- You need to fill these out with useful values!
	USERNAME=# username of your apple account, usually your email
	PASSWORD=# a generated password from appleid.apple.com
	ROOT_FOLDER=# path to where your build lives
	APP_NAME=# name of the app file unity created for you
	PLUGIN_DIR=Contents/Plugins # you should be able to leave this be
	ENTITLEMENTS_NAME=# an entitlements file you made, should be saved next to your .app file (see 'sampleapp.entitlements' in this gist)
	BUNDLE_ID=# bundle id for this app (you set this in unity)
	TEAM_ID=# your team id usually a 10 digit hex code
	CERT_NAME=# name of your developer id cert, usually something like "Developer ID Application: My Company (TEAM_ID)"

	for bundle_to_sign in $ROOT_FOLDER/$APP_NAME/$PLUGIN_DIR/*.bundle; do
	codesign --deep --force --verify --verbose --timestamp --sign "$CERT_NAME" "$bundle_to_sign"
	done

	codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements "$ROOT_FOLDER/$ENTITLEMENTS_NAME" --sign "$CERT_NAME" "$ROOT_FOLDER/$APP_NAME"

	rm -f "$ROOT_FOLDER/$APP_NAME.zip"
	ditto -c -k --rsrc --keepParent "$ROOT_FOLDER/$APP_NAME" "$ROOT_FOLDER/$APP_NAME.zip"

	xcrun altool --notarize-app --username "$USERNAME" --password "$PASSWORD" --asc-provider "$TEAM_ID" --primary-bundle-id "$BUNDLE_ID" --file "$ROOT_FOLDER/$APP_NAME.zip"
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>com.apple.security.cs.disable-library-validation</key>
	<true/>
	<key>com.apple.security.cs.disable-executable-page-protection</key>
	<true/>
	</dict>
	</plist>
	#!/bin/sh

	# Once you've submitted your app for notarization, it will give you a "RequestUUID" that you can use to check
	# the notarization status. If you run this script with your RequestUUID as a command line parameter it will
	# tell you the status

	# Required data -- You need to fill these out with useful values!
	USERNAME=# username of your apple account, usually your email
	PASSWORD=# a generated password from appleid.apple.com
	TEAM_ID=# your team id usually a 10 digit hex code

	xcrun altool --notarization-info $1 --username $USERNAME --password $PASSWORD --asc-provider $TEAM_ID
	#!/bin/bash -x

	# Hooray, your check_status said that the package was approved! Now you can run this to staple the notarization
	# to your app, and you will finally have a signed and notarized app. Congrats!

	# Required data -- You need to fill these out with useful values!
	ROOT_FOLDER=# path to where your build lives
	APP_NAME=# name of the app file unity created for you

	xcrun stapler staple "$ROOT_FOLDER/$APP_NAME"
	spctl -a -v "$ROOT_FOLDER/$APP_NAME"