Last active
July 3, 2021 10:49
-
-
Save rje/70ea38c85e5a690ae8aa0c66e3df441e to your computer and use it in GitHub Desktop.
This is a set of scripts that I'm using to sign and notarize a unity app that has native plugins included as .bundle files. It's a lot of steps! Hopefully this makes it a bit easier...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -x | |
# This script takes .app file generated by unity for OSX, signs any plugin bundles and the main app, | |
# zips the project, and submits it for notarization | |
# Required data -- You need to fill these out with useful values! | |
USERNAME=# username of your apple account, usually your email | |
PASSWORD=# a generated password from appleid.apple.com | |
ROOT_FOLDER=# path to where your build lives | |
APP_NAME=# name of the app file unity created for you | |
PLUGIN_DIR=Contents/Plugins # you should be able to leave this be | |
ENTITLEMENTS_NAME=# an entitlements file you made, should be saved next to your .app file (see 'sampleapp.entitlements' in this gist) | |
BUNDLE_ID=# bundle id for this app (you set this in unity) | |
TEAM_ID=# your team id usually a 10 digit hex code | |
CERT_NAME=# name of your developer id cert, usually something like "Developer ID Application: My Company (TEAM_ID)" | |
for bundle_to_sign in $ROOT_FOLDER/$APP_NAME/$PLUGIN_DIR/*.bundle; do | |
codesign --deep --force --verify --verbose --timestamp --sign "$CERT_NAME" "$bundle_to_sign" | |
done | |
codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements "$ROOT_FOLDER/$ENTITLEMENTS_NAME" --sign "$CERT_NAME" "$ROOT_FOLDER/$APP_NAME" | |
rm -f "$ROOT_FOLDER/$APP_NAME.zip" | |
ditto -c -k --rsrc --keepParent "$ROOT_FOLDER/$APP_NAME" "$ROOT_FOLDER/$APP_NAME.zip" | |
xcrun altool --notarize-app --username "$USERNAME" --password "$PASSWORD" --asc-provider "$TEAM_ID" --primary-bundle-id "$BUNDLE_ID" --file "$ROOT_FOLDER/$APP_NAME.zip" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>com.apple.security.cs.disable-library-validation</key> | |
<true/> | |
<key>com.apple.security.cs.disable-executable-page-protection</key> | |
<true/> | |
</dict> | |
</plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Once you've submitted your app for notarization, it will give you a "RequestUUID" that you can use to check | |
# the notarization status. If you run this script with your RequestUUID as a command line parameter it will | |
# tell you the status | |
# Required data -- You need to fill these out with useful values! | |
USERNAME=# username of your apple account, usually your email | |
PASSWORD=# a generated password from appleid.apple.com | |
TEAM_ID=# your team id usually a 10 digit hex code | |
xcrun altool --notarization-info $1 --username $USERNAME --password $PASSWORD --asc-provider $TEAM_ID |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -x | |
# Hooray, your check_status said that the package was approved! Now you can run this to staple the notarization | |
# to your app, and you will finally have a signed and notarized app. Congrats! | |
# Required data -- You need to fill these out with useful values! | |
ROOT_FOLDER=# path to where your build lives | |
APP_NAME=# name of the app file unity created for you | |
xcrun stapler staple "$ROOT_FOLDER/$APP_NAME" | |
spctl -a -v "$ROOT_FOLDER/$APP_NAME" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment