Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Unity Entitlements Tool - Automate OS X codesigning

Discussion in 'Made With Unity' started by jemast, Dec 7, 2011.

  1. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Hello,

    We are jemast software, a small indie software development studio. We have released an iCloud plugin on the Unity Asset Store (see link in signature below). As part of this plugin, which allows syncing documents data (files player prefs) across iOS and Mac devices, we have built a small and really simple tool to enable proper codesigning for iCloud to work on Mac OS X apps.

    Unity Entitlements Tool is a free open-source OS X app that will add the necessary files to your Unity project so that each time you build your application for OS X, it gets codesigned and you can test it right away with adequate privileges and features. Unity Entitlements Tool is independent from our future iCloud plugin and can be used to enable, test and deploy sandboxing on your OS X apps, as this is mandatory since June 2012.


    You can download Unity Entitlements Tool from here : http://www.jemast.com/unity/unity-entitlements-tool/

    Note that you'll find on this page instructions on how to use this software and why it may be useful to codesign your app (even if you are not using iCloud). We have also compiled a list of must-read documentations from Apple regarding topics like codesigning, provisioning profiles, entitlements and sandboxing.

    You can check out its source code from GitHub : https://github.com/jemast/Unity-Entitlements-Tool

    Again this is a really simple tool, UI is not great but not too shabby and you do not need this tool to actually codesign your apps, it's just designed to make things simple and automated (unless you are a die-hard command-line fan).

    Feel free to drop us a line here or via email to give us some feedback.


    Thanks,

    jemast software.

    Addendum: Shameless self-promotion for our paid-for, integrated into Unity version of this tool available on Unity Asset Store: Mac App Store Toolset
     
    Last edited: Oct 3, 2013
  2. gateway69

    gateway69

    Joined:
    Feb 18, 2010
    Posts:
    94
    thanks for taking the time to build this tool, when I run this and set the build pipeline, then in unity build my app, it doesnt *seem* to do anything, and when I try to run it nothing happens.. btw this is using Unity 3.5 F5 release
     
  3. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Hey, we've updated the tool with a bunch of new features to facilitate Mac App Store distribution. First, we've fixed issues when reopening projects which already contained entitlements information from this tool.

    Then, we've implemented new features to automate proper bundle setup for distribution as well as packaging so that you get a package ready for submitting to Mac App Store. Please bear with the fact that we're not yet 100% confident packages generated with this tool are fully ready for Mac App Store validation as Apple requires a lot of setup when you enable entitlements (plist setup, profile embedding, code signing with entitlements and packaging). Though we're finishing a small app to test the waters on the Mac App Store submission/validation process with iCloud entitlements so we should be able to get back to you soon with fixed results.

    @gateway69, the fact that it "seems" to do nothing is actually ok. What this plugin does is adding a "post-process" script to your Unity build process. That is, when Unity is done building your app, it executes some commands (as listed above plist, embed, code sign, package). Nothing you cannot do or undo yourself using terminal commands. In fact, if you look at the PostprocessBuildPlayer file, you'll have see the list of commands performed.

    Edit: with the forum sections reorganization, I'm not sure this thread still belongs here. So if any admin wants to bounce this thread around the forum, feel free to do it. :)
     
    Last edited: Feb 16, 2012
  4. Muckel

    Muckel

    Joined:
    Mar 26, 2009
    Posts:
    471
    Awesome Tool just in Time for my Project !!!
    Great go on
    many many thxxxxx
     
  5. gateway69

    gateway69

    Joined:
    Feb 18, 2010
    Posts:
    94
    Sorry im a bit new to this hole OSX building and it seems like a huge pain with out some scripts or tools.

    I'm trying to test in app purchase with osx I have all the data set up in the client, but when I go to build it and enable Mac App Store Validation, then use your tool to code sign, enable sandbox etc, do a build then double click on my package it seems to launch but then is nowhere to be found.

    Am I doing this wrong I would assume it would come up with the unity client as this point then I could test my buy button to test the purchase?
     
  6. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    @gateway69 when you enable Mac App Store validation, it is normal that your app will exit right away as validation will only succeed for apps bought from the Mac App Store. You should be able to test in-app purchase without Mac App Store validation. As a matter of fact, you should enable Mac App Store validation only once you are ready to publish your app.
     
  7. prime31

    prime31

    Joined:
    Oct 9, 2008
    Posts:
    6,426
    @jemast, you actually cant test in app purchase without a proper receipt from Apple. All purchased items have their receipts appended to the one from the Mac App Store. A build signed with a distribution certificate can be launched from Finder and it will retrieve a receipt from Apple if you sign in using a test account setup in iTunes Connect.
     
  8. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    @prime31 thank you for sharing your knowledge on the subject. I'm not exactly familiar with in-app purchase, but can you confirm signing the app with a distribution profile is mandatory? I'm under the impression (from what I read from Apple's documentation) that you can do this with development profiles. The thing is, production profiles are only required when you use entitlements for things such as enabling sandboxing, push notifications and iCloud. And because it uses the same mechanism as iOS, when you codesign with a production profile, your app won't run anymore because you cannot install production profiles on devices (as documented here).
     
  9. prime31

    prime31

    Joined:
    Oct 9, 2008
    Posts:
    6,426
    @jemast, testing IAP requires there to be a receipt file in the app bundle. All IAP purchased products dump their own receipts into the original Mac App Store receipt. Unless I'm missing something there is no way to get a receipt with a development certificate that I am aware of though I could certainly be missing something. If you know of a way to get a receipt without signing with a distribution cert please do share!
     
  10. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    You have way more experience than me on the topic so I'm sure you're right. I just find it odd that you need a production profile considering sandboxing will be mandatory starting June 2012 (and it should have been starting March 2012), and knowing that codesigning apps with production profile sandboxing entitlements will prevent apps from running on your machine (as per linked technical note from my above post). Therefore to test IAP, you'll have to disable sandboxing in production and reenable it later for publishing... that doesn't seem right. Either there is a way to run codesigned apps with production entitlements that I am not aware of, either there may be some way to test IAP with development profiles (but again, your experience speaks for itself and at the moment I don't have time to look into this), or Apple may need to sort this out.

    Have you tried IAP on iOS, do you test with development or production profiles? Unless I'm missing something (which may well be the case), in theory apps with production profiles shouldn't run for the same reason that you cannot install them on devices and entitlements require them (again techincal note linked in my previous post specifically mentions this and it's quite recent).
     
    Last edited: Feb 24, 2012
  11. prime31

    prime31

    Joined:
    Oct 9, 2008
    Posts:
    6,426
    @jemast, I have never been able to get a receipt from Apple when signing with a dev cert. Their docs sound pretty simple with regard to getting a receipt but it just never works for me unless I use a distribution cert. From their docs:

    Sounds simple, right? I have no clue why it doesnt actually retrieve a receipt when signed with a dev cert. The devforums have some others that are experiencing the same issue as well. Bear in mind that none of this applies to apps signed with entitlements. I have no clue how to get a proper receipt when in development when signing with entitlements. That should be a fun one to figure out :)

    IAP on iOS is a bit different than on OS X. The receipt data is returned with the actual transaction so dev certs work straight away. On Mac, the receipt data is actually just merged into the standard Mac App Store receipt in the app bundle by Apple directly. If you don't have a Mac App Store receipt then all IAP tests fail. Quite an odd setup Apple has provided us with all this stuff...
     
  12. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Sometimes it feels the transition from iOS to Mac OS has been a bit rushed for IAP Push Notifications...

    Documentation isn't very clear and often mention iOS even in Mac Dev Center (some of the docs even land you straight into iOS Dev Center). I try to RTFM as much as I can and Apple docs are generally good if you actually take the time to read them thoroughly but I have to admit the whole thing is confusing me on those specific topics.

    Though, I'll get back to this thread if I find a proper way to deal with both IAP sandboxing at the same time. At the moment, it seems the "right" thing to do for people trying to test IAP in an app with entitlements is to disable them during the test phase with production signing and re-enable them right before packaging for publishing.

    Again, thank you prime31 for your input on the subject. You have hands-on experience and that's truly helpful on those complex topics. The (non?) interaction between entitlements and receipt validation on Mac OS is just confusing me, hence my questions.
     
  13. prime31

    prime31

    Joined:
    Oct 9, 2008
    Posts:
    6,426
    @jemast, you're not alone. I have only found these workarounds by luck and digging through others experiences in the forums.
     
  14. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Just a friendly bump to notify that we have updated this tool to version 1.2. As of now, it should set up properly your application for Mac App Store distribution without the need to do any additional command line stuff (previous version did not fix permissions and failed to set up a mandatory setting in the Info.plist file, therefore it required to redo manually a whole bunch of commands).

    This app still has a lot of rough edges but it should get the job done. I'll gladly take feedback, so let me know how it goes for you.

    I wish I had more time to devote to this and make things really nice and simple, unfortunately I'm fully booked so updates to this app take some time. Thanks for your patience. :)
     
  15. POLYGAMe

    POLYGAMe

    Joined:
    Jan 20, 2009
    Posts:
    196
    WOW!!!! Thanks for this tool! I have had SOOOO many headaches with this stuff! I shall try it out now!!!!
     
  16. zuba

    zuba

    Joined:
    Sep 13, 2012
    Posts:
    2
    I'm trying to integrate Game Center in my unity app but receiving "This game is not recognized by Game Center"; Bundle Id and other properties are correct, I enabled Network input/output too using this tool but problem still occurs; Anyone have any ideas? thanks in advance

    P.S. i'm using Unity 3.5.5 Pro on OSX 10.8.1 Mountain Lion; I created test project in xCode with
    same bundle id and game center works without any problems;
     
    Last edited: Sep 13, 2012
  17. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    I don't have any direct experience with Mac OS Game Center, but can you make sure that your AppID is indeed configured for Game Center in the Mac Dev Portal (Developer Certificate Utility)?

    I'm quite sure that for Game Center on iOS, you need fully qualified AppIDs (com.company.appname for example) and enable them for Game Center in the iOS Provisioning Portal. I wouldn't be surprised if this is a requirement for Mac OS apps as well.

    EDIT: Misread the part where you said it DOES work in Xcode. I'll look into it and see if there's new stuff in entitlements required for Game Center to work. Should get around it before the end of the week-end.
     
  18. zuba

    zuba

    Joined:
    Sep 13, 2012
    Posts:
    2
    Thanks for your time!
     
  19. Wolfos

    Wolfos

    Joined:
    Mar 17, 2011
    Posts:
    950
    Website appears to be offline. If you PM me a link I could put up a mirror for you.
     
  20. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    @zuba I'm not seeing any requirement for Game Center other than matching bundle IDs. Could you tell me a bit on how you're actually polling the Game Center service? Are you using Unity's built-in implementation? If that's the case, did you make sure it is actually compatible with Mac OS Game Center? The docs make it look like it's iOS only at the moment. Details on implementation could help me replicate the case and track down what's wrong.

    @Wolfos I guess we went a little too cheap for our hosting provider. It may have short downtimes every once in a while but it's now up. We'll look into having some more reliable hosting provider as those downtimes are not acceptable for us.
     
  21. mattSydney

    mattSydney

    Joined:
    Nov 10, 2011
    Posts:
    171
    Thanks for the tool unfortunately in doesn't seem too work, it writes the new info.plist but doesn't code sign or package up the app
     
  22. Monops

    Monops

    Joined:
    Jan 12, 2012
    Posts:
    28
    Yeah, doesn't work right now :( no sign nor package or snadboxing, nothing at all
     
  23. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    I'll look into it and see if I can reproduce this behavior on my end.

    Can you give me some information about which Mac OS version you are using and which Unity version as well?


    Thanks!

    EDIT: I've thought this through, can you make sure you have Xcode installed? This tool requires a few command line tools that should be installed alongside Xcode (you may have to run it once), including the codesign and productbuild command. Please let me know if that's your issue, I'll make sure this is clearly documented.

    EDIT2: Well, seems like there are plenty of issues with the tool and recent updates to Mac OS. I'll look into it and try to fix the whole thing this week-end. I'll let you know once the new release is out.
     
    Last edited: Oct 5, 2012
  24. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Hello,

    Just a friendly bump.

    I have updated the tool and I think I fixed most of the issues. On my end, it does work so hopefully it also work for you as well. By the way, you can now pick different certificates associated to the same provisioning profile. I overlooked this feature but it is now available. I also tweaked some UI stuff (removed that annoying autofill stuff). And fixed a lot of issues regarding project state reading (during open).

    I also fixed a few bugs related to Mac OS 10.7.5 and 10.8.2 thanks to Gordon and Alessandro.

    Let me know if you find any issues and I'll do my best fixing this tool, though to be perfectly honest I don't have much time to devote to it at the moment.


    Thanks for the feedback!
     
  25. gateway69

    gateway69

    Joined:
    Feb 18, 2010
    Posts:
    94
    Hey, we just tried this tool out, and are using prime 31 osx icloud plugin, but when we run the game and look at the player log it says icloud enabled, but cant then read or write via documents into the game, is their an extra setting for enabling where icloud can read from or could this be a plugin issue?
     
  26. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Hello,

    I've just made another update that fixed some additional quirks remaining. Let's just hope I've not added additional bugs to this release :)

    I'm not really familiar with Prime31's cloud plugin but I'm quite sure you don't need any additional sandboxing settings for iCloud. You need to set iCloud identifiers and make sure they match your AppID and a valid bundle ID (generally that's your app bundle ID). Make sure you enable sandboxing. While it may not be necessary for debug purposes (untested), it will be mandatory for Mac App Store distribution so you might as well enable this right away.
     
  27. POLYGAMe

    POLYGAMe

    Joined:
    Jan 20, 2009
    Posts:
    196
    Hi there, this is a great tool but it's stopped working for me... it no longer outputs a .pkg file... I've had to do my latest submission manually but went without sandboxing (couldn't work it out... lol).
     
  28. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    I'll make some checks to make sure it still works on my end.

    What was your issue with sandboxing? It has quite a lot of restrictions, the biggest one being file access. Unless things have changed in Unity 4.0, Unity does not give you the path to the sandboxed directory and considering that's the only directory where you get read/write access, it can break savegames or any file-related stuff you may be doing.

    EDIT: Or you couldn't get around applying sandboxing to your app? Isn't sandboxing mandatory anyway for Mac App Store?
     
  29. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    I've finally gotten around finding sometime to review this issue.

    On my end it does generate the package file so I'm not sure what's wrong with your setup. I'm using Unity 4.0, OS X 10.8.2 and Xcode 4.5.2 (Xcode is required for some command line tools). It should definitely work under Unity 3.x as well.

    One way to see what could be happening is opening the "PostprocessBuildPlayer" file in your "Editor" directory (under your project Assets) and look at the lines between "#BEGIN_APPLY_ENTITLEMENTS" and "#END_APPLY_ENTITLEMENTS". If you enabled packaging the last line should issue the command "/usr/bin/productbuild..." with your certificate.

    Let me know if you need additional help on resolving this issue.
     
  30. laurentlavigne

    laurentlavigne

    Joined:
    Aug 16, 2012
    Posts:
    6,221
    C'est genial cet outil je viens de l'utiliser sur McDROID et ca fait tout automatiquement.

    Merci !
     
  31. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Merci, content de savoir que cela fonctionne pour vous. La version actuelle peut ne pas fonctionner selon la configuration, nous travaillons sur une mise à jour qui devrait intervenir ce week-end.

    English:
    Thanks!

    To all our users, we've been really busy lately and know this tool has issues under certains configurations. We're working on updating it and fixing those issues. This should be done over the week-end. Thanks for your patience!

    Feel free to report issues at contact [at] jemast (dot) com
     
  32. tingham

    tingham

    Joined:
    Nov 1, 2007
    Posts:
    18
    Lifesaver. Thanks so much.
     
  33. Myrddin

    Myrddin

    Joined:
    Mar 20, 2013
    Posts:
    8
    Wow, great tool! Thanks.

    According to "This game is not recognized by Game Center" issue. A'm almost tear my hair trying to discover this issue even with Aplle support but without success. And then somehow I realized that testing app must be in "Debug" folder. That's why it works in Xcode.
     
  34. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    Just a small bump to let people know that we've updated this tool to fix codesigning issues as well as certificate detection issues.

    We've also implemented recursive codesigning which mean the script will also code sign all your native plugins which prevents either warnings for bundles or errors for dynamic librairies (dylibs have to be properly signed for Mac App Store submission).

    This tool is really intended to work on up to dates systems (latest Mountain Lion and Xcode) as Apple tends to change quite a lot of background stuff regarding code signing and entitlements on a regular basis. We haven't really tracked them and they're not really documented so sorry if you're using older OS X or Xcode versions, I'd recommend you look at the PostprocessBuildPlayer generated script and see which commands are problematic.

    Of course, you can always contact and we'll try to help (we've been very busy the last few weeks but we now have cleared some time for support and updates).
     
  35. wraxul

    wraxul

    Joined:
    Dec 10, 2012
    Posts:
    12
    I don't know if you're still actively working on this, but it does not seem like a pkg is generated, and the icon is not changed. Am I missing something? I ran the app, filled in each section, got the green checks after updating the pipeline. Nothing besides an unaltered app is generated after building. I've also noticed after reopening the tool, the installer certificate I had selected is no longer selected, but one of my other dev certificates is instead. Any idea as to what I am missing?

    Running Unity 3.5.7 on OSX 10.8.4

    Thanks for any help you can give!
     
  36. jemast

    jemast

    Joined:
    Dec 7, 2011
    Posts:
    141
    @wraxul

    Hello and thanks for reaching us.

    Unity Entitlements Tool was long overdue for an update and we just couldn't find time. I'm pleased to say I've just pushed the 1.9 update live and it should fix the packaging issues you're getting.

    We're now making clear in the tool that you have to provide a custom icns file due to the way Unity post-process pipeline works (it copies the icon after post-process, due to be fixed in Unity 4.x releases). You can look up Apple's documentation or tutorials on how to generate valid icons file. Shameless self-promotion for our "paid for" version of Unity Entitlements Tool, integrated in Unity editor: Mac App Store Toolset. It does handle nicely icons thanks to automatic generation using the one you provided in Unity.

    About the wrong installer certificate issue being picked up after reopening, it may persist at this time as I didn't get enough time to look it up. Though it's not something you should be worried about, just pick the right certificate again.

    I'm in the process of writing up release notes and pushing the changes to GitHub but the updated binary is up on our website.

    We do intend to keep this tool updated, free and open source. Though: 1/ it won't be as feature complete as Mac App Store Toolset and may require a bit more work to make things work (such as providing custom icns file) ; 2/ it may lag behind a bit but we'll try to make things as fast as possible.

    Hope this helps. Let me know if you're still getting issues with this new version!
     
  37. wraxul

    wraxul

    Joined:
    Dec 10, 2012
    Posts:
    12
    Well it looks like the icon is being used properly, but it did not package the app. I think the problem is on my end though, as I can't package it directly through Terminal either. Thanks for helping and making a useful tool. Hopefully I can figure out what I'm missing to make good use of it!
     
  38. lightbe

    lightbe

    Joined:
    Mar 17, 2016
    Posts:
    8
    It looks like this tool is no longer available. I hope there is something similar that will work as I'm new to Unity app developer and a new Apple Developer. The website is no longer working.
     
  39. Tom163

    Tom163

    Joined:
    Nov 30, 2007
    Posts:
    1,290
    You can still download it from github and compile it yourself in xcode. But sadly the instructions on how to use it are gone as well.