How do I properly code sign for OS X?
Let me just start that I come here from many hours of researching and trial and error (mostly error). Some background on my environment; I'm working on a Windows 10 machine and building for Mac OS X x86_64 with Unity 5.2.2f1. I do not currently need to place my app onto the App Store so anything related to that is unnecessary. I do have a Mac that I am performing the code signing on and I would prefer to not need to setup the Mac with a UnityEditor and XCode environment.
Here's what I have so far: Once I have built the Lobby.app and ClientGame.app folder I transfer both over to the Mac and run these commands
echo --sign frameworks--
codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 Lobby.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib
codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 Lobby.app/Contents/Frameworks/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib
codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 ClientGame.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib
codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 ClientGame.app/Contents/Frameworks/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib
echo --sign apps--
codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 Lobby.app
codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 ClientGame.app
echo --codesign verifying apps--
codesign -vv Lobby.app --deep
codesign -vv ClientGame.app --deep
echo --gatekeeper verifying apps--
spctl -a --type execute -vvvv Lobby.app/
spctl -a --type execute -vvvv ClientGame.app/
The returning output is:
--sign frameworks--
Lobby.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib: replacing existing signature
Lobby.app/Contents/Frameworks/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib: replacing existing signature
ClientGame.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib: replacing existing signature
ClientGame.app/Contents/Frameworks/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib: replacing existing signature
—-sign apps—-
Lobby.app: replacing existing signature
ClientGame.app: replacing existing signature
—-codesign verifying apps-—
Lobby.app: valid on disk
Lobby.app: satisfies its Designated Requirement
ClientGame.app: valid on disk
ClientGame.app: satisfies its Designated Requirement
—-gatekeeper verifying apps—-
Lobby.app/: unknown error 99999=1869f
ClientGame.app/: unknown error 99999=1869f
I've read that spctl returning 'unknown error 99999=1869f' refers to Gatekeeper not having a rule set for the app and not necessarily a failure to sign properly. So to test it I transferred the apps over to another Mac to verify that Gatekeeper allows the apps to start. Lobby.app gives me the dialog that it was downloaded from the internet and if I'm sure I want to open but opens just fine. ClientGame.app on the other hand gives me a dialog that it is damaged and cannot be opened.
Running 'codesign -vvvv --deep' on both from the second mac reveals that they are indeed signed. Running 'spctl -a -vvvv --deep' on Lobby.app comes back accepted but on ClientGame it claims that 'a sealed resource is missing or invalid'. That's pretty much as far as I've gotten and have exhausted all the info I could fine so far.
I've also tried running 'codesign -f -s A1E8A2702BD4754448EC3C91740BA47E3F0FB005 --deep' on both of the top level .apps with no difference though I've read doing so is a bad idea, possibly only if I had entitlements.
Does anyone have some insight on how to properly sign for OS X?