Code signing is the process of creating a code signature for an application. This signature guarantees the integrity of applications and safeguards from any tampering. Apple devices use an application’s code signature to detect changes made after the developer created the code signature. If an application doesn’t have a code signature, the device warns the user before they open it.
Note: You must code sign your application to notarize it with the Xcode command-line or Unity Build AutomationA continuous integration service for Unity projects that automates the process of creating builds on Unity’s servers. More info
See in Glossary.
Unity adds a code signature to every macOS build it produces, known as a Signing Identity. To notarize an application, Apple requires the code signature to include a cryptographic signature, such as a Developer ID certificate, that identifies the developer.
To create a new Developer ID certificate, use the following steps:
.cer
.To notarize your application, Apple needs to identify it using an application identifier. There are two ways to get an application identifier: in Unity, or in the application’s information property list file.
When you have your application identifier, you can register it with Apple. To do this, use the following steps:
Entitlements are permissions or restrictions your code signature includes that control the actions your application can take.
To set entitlements for your application, use the following steps:
.entitlements
file extension. For example, if you name your application MyProject, create a file called MyProject.entitlements
.<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
</dict>
</plist>
These entitlements are the minimum entitlements a macOS application requires to have a Hardened Runtime. If your application requires any more entitlements, add them to this list.
To code sign your application you need to use the command line. On your machine, open Terminal and navigate to the directory that the application is in.
To ensure that you have the necessary read permissions to process code signing, run the following command where "application_name.app"
is the name of your application:
chmod -R a+xr "application_name.app"
To code sign your application, run the following command where:
"application_name.app"
is your built application."application_name.entitlements"
is the name of the entitlements file."Developer ID Application : XXX (YYY)"
is your signing identity.codesign
--deep
--force
--verify
--verbose
--timestamp
--options runtime
--entitlements "application_name.entitlements"
--sign "Developer ID Application : XXX (YYY)" "application_name.app"
This command works through the application bundle folder, signs all files, adds a secure timestamp, and embeds the entitlements you’ve set into the signature.
Using the --deep
option might cause issues with your code signature. This is because:
It applies the same code signing options and entitlements to all the code that it signs.
It only signs code files that it finds. If there are code files in a place where the system expects to find data, using --deep
doesn’t sign these code files.
For more information about the --deep
option and how to resolve issues with it, refer to Sign your code.
Did you find this page useful? Please give it a rating:
Thanks for rating this page!
What kind of problem would you like to report?
Thanks for letting us know! This page has been marked for review based on your feedback.
If you have time, you can provide more information to help us fix the problem faster.
Provide more information
You've told us this page needs code samples. If you'd like to help us further, you could provide a code sample, or tell us about what kind of code sample you'd like to see:
You've told us there are code samples on this page which don't work. If you know how to fix it, or have something better we could use instead, please let us know:
You've told us there is information missing from this page. Please tell us more about what's missing:
You've told us there is incorrect information on this page. If you know what we should change to make it correct, please tell us:
You've told us this page has unclear or confusing information. Please tell us more about what you found unclear or confusing, or let us know how we could make it clearer:
You've told us there is a spelling or grammar error on this page. Please tell us what's wrong:
You've told us this page has a problem. Please tell us more about what's wrong:
Thank you for helping to make the Unity documentation better!
Your feedback has been submitted as a ticket for our documentation team to review.
We are not able to reply to every ticket submitted.
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
More information
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Some 3rd party video providers do not allow video views without targeting cookies. If you are experiencing difficulty viewing a video, you will need to set your cookie preferences for targeting to yes if you wish to view videos from these providers. Unity does not control this.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.