Code signing is the process of creating a code signature for an application. This signature guarantees the integrity of applications and safeguards from any tampering. Apple devices use an application’s code signature to detect changes made after the developer created the code signature. If an application doesn’t have a code signature, the device warns the user before they open it.
Note: You must code sign your application to notarize it with the Xcode command-line or Unity Build AutomationA continuous integration service for Unity projects that automates the process of creating builds on Unity’s servers. More info
See in Glossary.
Unity adds a code signature to every macOS build it produces, known as a Signing Identity. To notarize an application, Apple requires the code signature to include a cryptographic signature, such as a Developer ID certificate, that identifies the developer.
To create a new Developer ID certificate, use the following steps:
.cer
.To notarize your application, Apple needs to identify it using an application identifier. There are two ways to get an application identifier: in Unity, or in the application’s information property list file.
When you have your application identifier, you can register it with Apple. To do this, use the following steps:
Entitlements are permissions or restrictions your code signature includes that control the actions your application can take.
To set entitlements for your application, use the following steps:
.entitlements
file extension. For example, if you name your application MyProject, create a file called MyProject.entitlements
.<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
</dict>
</plist>
These entitlements are the minimum entitlements a macOS application requires to have a Hardened Runtime. If your application requires any more entitlements, add them to this list.
To code sign your application you need to use the command line. On your machine, open Terminal and navigate to the directory that the application is in.
To ensure that you have the necessary read permissions to process code signing, run the following command where "application_name.app"
is the name of your application:
chmod -R a+xr "application_name.app"
To code sign your application, run the following command where:
"application_name.app"
is your built application."application_name.entitlements"
is the name of the entitlements file."Developer ID Application : XXX (YYY)"
is your signing identity.codesign
--deep
--force
--verify
--verbose
--timestamp
--options runtime
--entitlements "application_name.entitlements"
--sign "Developer ID Application : XXX (YYY)" "application_name.app"
This command works through the application bundle folder, signs all files, adds a secure timestamp, and embeds the entitlements you’ve set into the signature.
Using the --deep
option might cause issues with your code signature. This is because:
It applies the same code signing options and entitlements to all the code that it signs.
It only signs code files that it finds. If there are code files in a place where the system expects to find data, using --deep
doesn’t sign these code files.
For more information about the --deep
option and how to resolve issues with it, refer to Sign your code.
Did you find this page useful? Please give it a rating:
Thanks for rating this page!
What kind of problem would you like to report?
Thanks for letting us know! This page has been marked for review based on your feedback.
If you have time, you can provide more information to help us fix the problem faster.
Provide more information
You've told us this page needs code samples. If you'd like to help us further, you could provide a code sample, or tell us about what kind of code sample you'd like to see:
You've told us there are code samples on this page which don't work. If you know how to fix it, or have something better we could use instead, please let us know:
You've told us there is information missing from this page. Please tell us more about what's missing:
You've told us there is incorrect information on this page. If you know what we should change to make it correct, please tell us:
You've told us this page has unclear or confusing information. Please tell us more about what you found unclear or confusing, or let us know how we could make it clearer:
You've told us there is a spelling or grammar error on this page. Please tell us what's wrong:
You've told us this page has a problem. Please tell us more about what's wrong:
Thank you for helping to make the Unity documentation better!
Your feedback has been submitted as a ticket for our documentation team to review.
We are not able to reply to every ticket submitted.