I’m not sure if this is the right forum for this, but I figured since Cloud Build is introducing some uncertainty into my process, I’d put it here.
Here’s my process for my macOS game:
I build and notarize my app through Unity Cloud Build (using my Developer ID Application certificate)
Download the .app file
Build/sign the .pkg file (using productbuild --component APP_NAME.app /Applications --sign ‘3rd Party Mac Developer Installer: Company Inc. (XXXXXXXXX)’ APP_NAME.pkg)
Submit to Mac App Store via Transporter
Apple sends me this great big long error email, with the headline error of “Invalid Signature.”
ITMS-90238: Invalid Signature - The main app bundle La Constellation de l’Ours at path Constellation.app has following signing error(s): --prepared:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libMonoPosixHelper.dylib --validated:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libMonoPosixHelper.dylib --prepared:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libmonobdwgc-2.0.dylib --validated:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libmonobdwgc-2.0.dylib --prepared:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libssl.dylib --validated:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libssl.dylib --prepared:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libcrypto.dylib --validated:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libcrypto.dylib --prepared:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/UnityPlayer.dylib --validated:/Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/UnityPlayer.dylib /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app: valid on disk /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
ITMS-90238: Invalid Signature - The executable at path Constellation.app/Contents/Frameworks/UnityPlayer.dylib has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/UnityPlayer.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
ITMS-90238: Invalid Signature - The executable at path Constellation.app/Contents/Frameworks/libMonoPosixHelper.dylib has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libMonoPosixHelper.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
ITMS-90238: Invalid Signature - The executable at path Constellation.app/Contents/Frameworks/libcrypto.dylib has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libcrypto.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
ITMS-90238: Invalid Signature - The executable at path Constellation.app/Contents/Frameworks/libmonobdwgc-2.0.dylib has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libmonobdwgc-2.0.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
ITMS-90238: Invalid Signature - The executable at path Constellation.app/Contents/Frameworks/libssl.dylib has following signing error(s): valid on disk /Volumes/data01/app_data/app-processing/mz_621478465736756725dir/mz_11614935509311203053dir/com.nanomonx.constellation.pkg/Payload/Constellation.app/Contents/Frameworks/libssl.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at Documentation Archive and Technical Note 2206 at Technical Note TN2206: macOS Code Signing In Depth for more information.
I’m concerned because I know you sign the code before notarization and apple seems to be having problem with some internal unity .dylibs. So if anyone has any insight on how the notarization process is actually going in cloud build, that’d be useful.
I’ve also asked this question (worded somewhat differently) on the apple forums , in case I forget to update this and I figure it out over there.
This was not related to unity cloud build except as far as UCB was doing the notarization. However I’ll put what I learnt as hopefully this will be helpful if you google that error code.
Basically I was getting confused between the various type of Apple provided certificates:
Developer ID Application: Company Name (xxxxxxxxxx) - Can sign code, used for Notarization + distribution outside the AppStore
Used in conjunction with Apple’s codesign
tool
And what you use to set up notarization in UnityCloudBuild
3rd Party Mac Developer Application: Company Name (xxxxxxxxxx) - Can sign code, used for AppStore submission
Used in conjunction with Apple’s codesign
tool
3rd Party Installer Application: Company Name (xxxxxxxxxx) - Can sign .pkg files, used for AppStore
Used in conjunction with Apple’s productbuild
tool
You need to make sure you’re signing each step with the correct type of certificate, if you don’t apple will just say “Invalid Signature”, which is vague, but maybe this help
This how-to was really useful for clearing up where I was getting confused. Signing a Mac Product For Distribu… | Apple Developer Forums
1 Like