I’ve been having problems with MacOS builds. I’m making a release Appstore build and uploading it to Testflight. However when running it instantly crashes, and report screen shows the following:
Current flow:
- I sign all files in PlugIns/ (we have a number of .bundle), and I’ve tried combinations of signing with/without --entitlements, as well as with/without --deep.
- After this I sign Frameworks/GameAssembly.dylib and Frameworks/UnityPlayer.dylib. Again, I’ve tried combinations of with/without --entitlements and --deep, also not signing them at all.
- After signing PlugIns and frameworks, I sign the .app, also tried this with/without --deep (always with --entitlements).
- Finally I make a .pkg and upload to Testflight.
It’s not the game, as I can make an enterprise version that runs fine. We have some restricted entitlements, such as Apple Arcade. Building from an M1 mac, and architecture is Universal (Intel + ARM).
Unity documentation says to use --deep, but Apple documentation highly recommend against it. So basically, my question is, how and in what order should I sign the files?
Much obliged!
Unity documentation says to use --deep
That’s just wrong, and I encourage you to file a bug with them about it. Feel free to reference our docs (links below) for justification.
how and in what order should I sign the files?
We have detailed advice on this topic in:
It’s not the game, as I can make an enterprise version that runs fine.
I’m not sure what that means. macOS doesn’t support In-House (Enterprise) code signing; that’s an iOS thing.
We have some restricted entitlements,
In that case you have to be super careful:
-
Only apply these entitlements to executables, not to libraries. That’s generally good advice, but it’s super important when you use restricted entitlements [1].
-
When you update your signing type — Apple Development vs Apple Distribution, say — you have to update your profile. The Embed distribution provisioning profiles section of Creating distribution-signed code for macOS discuss this in detail.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] If you sign a library with a restricted entitlement, the trusted execution system will try to find a profile that authorises the library to use the entitlement. This can’t ever work — profiles are tied to executables, not libraries — and that’ll prevent the library from loading.