OSX code signing

Well, that hasn’t been my experience (I’m both building on Catalina and distributing to Catalina users), and I see nothing in the thread that says so.

(But it does point out that if you’re building on Windows, you will need to take some pains to make sure the execute bit is set on the executable.)

Cool will try build on catalonia not windows. Do u zip on mac to distribute with no problems?

I do, yes. But I do believe that if you are going to sign your app, it works better if you ship it on a signed disk image as well.

1 Like

@andyz one minor point …
in Big Sur they added a ridiculous thing:

  • traditionally if you right-click (I mean ctrl-click) then select Open from the context menu - it will bypass security.

  • in BigSur, you have to do that TWICE (!) the first time it gives an erase warning. but the second time it works traditionally, you get the ‘Open’ context menu option!

hope it helps

2 Likes

Anybody also noticed any trouble when building for macOS and distributing with a zip file download?

I’m quite puzzled, because my older builds still work when downloaded from the webpage. After some investigation I found out that when I build with architecture “Intel 64-bit + Apple Silicon” selected, I can run the build on my laptop, but when I zip, upload, download, unzip it, Big Sur complains that the object is damaged and gives the option of putting it in the trash.

A bit-wise comparison of the original (locally created) zip file and the downloaded zip file show that they’re identical (as in: the MD5 hash is identical), but after unpacking the downloaded zip file, it just doesn’t work.

Is that maybe also related to code signing and mac os whining about downloaded stuff?

Apple are ridiculous at this point. A signed, notarized app will not want to run if distributed in a zip, if you force it to it will run in a quarantined location.
You need to make a pkg installer, sign that (!!) And then distribute like that

1 Like

@tjmaul note, there is now a stupid thing in MacOS …

try to open it using right-click (ie ctrl click), select Open from small menu

BUT

do that TWICE

:confused:

that’s Apple’s new security. idiots.

1 Like

Thanks @Fattie , I tried but that only works if I don’t do a “Intel 64-bit + Apple Silicon” build. I’ll try this notarization that @andyz mentioned tomorrow or next week and come back to you.

Oh, it’s a pain. :confused:

I did try notarizing but it failed. Since that’s another issue, I continued here in case anyone is interested.
Thanks for the help up to here. I hope we’ll figure that out. I’ll come back with my findings once notarization issues are out of the way.

This is true, you can still open uncertified apps but I found it was running with ‘trans-location’ - in a random quarantined location which stopped the local file access I needed.
The decent packaging app (WhiteBox - Packages (free.fr)) is uncertified and has the same issues. You have to manually give it full disk access!

Just for the record to see that the download is not actually broken: the downloaded .app works if I execute the following command
sudo xattr -r -d com.apple.quarantine /path/to/MyApp.app

@tjmaul - gotchya, you have to do “Intel 64-bit + Apple Silicon” as you say

Regarding doing a real notarization build - that does seem incredibly complicated!! I hope someone can pull it off!

@andyz - interesting, thanks for that tidbit!

I did get my build notarized and it runs now after it’s been downloaded from the internet, but it did require manual signing of some libraries. I guess this is something that needs fixing on Unitys side. Here’s the post on the other thread: #14

The notarization itself is pretty straightforward. Just follow this gist: How to notarize a Unity build for MacOs 10.15 Catalina · GitHub