Skip to content

Instantly share code, notes, and snippets.

@LunaTheFoxgirl

LunaTheFoxgirl/0. How to use.md

Last active March 2, 2025 11:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save LunaTheFoxgirl/e01caa9b2ee1536710b324f6c7f7411e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save LunaTheFoxgirl/e01caa9b2ee1536710b324f6c7f7411e to your computer and use it in GitHub Desktop.
Download ZIP
Shell script to sign and notarize Unity App Bundles.
Raw
0. How to use.md

First get a Developer ID signing key from apple. You can get this through xcode if you're subscribed to their developer service.

Once you have a Developer ID in your keychain; you need to add a per-app password for notarytool. To do so go to your Apple account settings and add a new per-app-password; copy the password.

Run xcrun notarytool store-credentials --password "<INSERT PER-APP-PASSWORD HERE>" "notarytool".

After this you can add sign.sh and entitlements.plist to the outside of your Unity application, first time run chmod +x sign.sh. You can then run ./sign.sh <name of app>.app and wait.

If the signing fails; you can use xcrun notarytool log <The ID that was displayed during signing> --keychain-profile "notarytool" to determine why signing failed.

Using the script

./sign.sh <path of your app bundle>

NOTE

This script only works if you have a single signing identity in your current account's keychain. If you are signing with multiple identities, update the part of the script that refers to "Developer ID" and put in the full name of the developer id in your keychain.

Raw
entitlements.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
Raw
sign.sh
#!/bin/sh
function sign() {
codesign -vvv -s "Developer ID" --timestamp --options=runtime --entitlements entitlements.plist --deep -f "$1"
}
function notarize() {
local dirname="$1"
local compressed="$dirname.zip"
ditto -c -k --keepParent "$dirname" "$compressed"
if xcrun notarytool submit "$compressed" --keychain-profile "notarytool" --wait; then
if xcrun stapler staple $dirname; then
echo "Signed and notarized $dirname successfully!"
rm $compressed
return 1
fi
fi
echo "Notarization of $dirname failed!"
rm $compressed
}
function signApp() {
local dirname="$1"
# Ensures that any conflicting file attributes a stripped, this is important!
# NOTE: iCloud folders *will* instantly reattach attributes. I recommend using this script
# in your home folder; or a custom subdirectory thereof.
xattr -cr "$dirname"
sign $dirname
sign $dirname/Contents/MacOS/*
notarize $dirname
}
signApp $1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment