I’ll try submitting a build to Mac App Store with these steps today and see if it passes review.
You don’t need to do this for the Mac App Store. You don’t need to notarise. Just codesign (and not with the Developer ID cert, but with a Mac app distribution cert). And make sure your permissions are right (do a chmod +x).
In that case it might not work still as I believe I did do chmod+x in the past and even though the upload tools said everything was right I could not get it past review/couldn’t get it to run right on guest login. There is probably still a sandbox violation somewhere. If you have the time to could you try uploading to Mac App Store and see if they will approve your build?
I will likely not have time to play with this in the near future, unfortunately. My build worked fine on a guest account after doing chmod +x. Maybe you forgot the hardened runtime? (--options runtime). Try with that.
1 Like
I’ll try again today. It’s completely possible I did miss something.
1 Like
Update: I also had to add some entitlements (add --entitlements entitlements.plist to the codesign command) for it to work:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
</dict>
</plist>
1 Like
And is this all confirmed to be working now? I’d like to summarise and put it in a manual.
1 Like
Make sure it’s labeled as for macOS codesign with notarization for non-Mac App Store distribution (such as Steam).
Mac App Store distribution steps still need to be verified working.
Yes, confirmed working. We have builds on Steam done like this. 
1 Like
I have taken a stab at documenting the macOS bundling and distribution process:
I’d appreciate feedback on the document. Is there any step missing? Is something unclear?
1 Like
Hi! For distribution outside of the App Store, you still need to add entitlements for it to run (add --entitlements entitlement.plist to the codesign command). See above for the entitlements I used (you probably don’t need com.apple.security.cs.allow-dyld-environment-variables but I didn’t test without).
One extra note is that the Steamworks SDK, if you use that, requires an extra entitlement: com.apple.security.cs.disable-library-validation.
You probably need similar or different entitlements for the App Store as well, but I didn’t publish anything on the App Store, so can’t speak for sure.
1 Like
Ah, thanks, missed that! Added to the docs now.
I will try this myself when I have some time.
1 Like
As soon as you can get working steps I will submit FSR and FSH to the Mac App Store. 
Where did you get stuck when trying? Did the application loader not accept the game?
No, everything upload wise worked. Apple rejected it because of a sandbox violation? I had the sandbox stuff setup properly as far as I could tell from online guides.
Edit: Looking at the error I got the last time it was this.
“A sealed resource is missing or invalid” - Do you have any filenames containing weird characters?
“Unsealed contents present in the bundle root” - Could this be FMOD banks?
This!!! FMOD banks should be in Contents/Resources, not directly in bundled_resources root on macOS. You can duplicate them for each platform (git probably de-duplicates files, so wouldn’t take too much repo space) or write a script that puts them in the appropriate dir for each platform before bundling (what we do in Interrogation).
3 Likes
I changed it so the folder structure is like so and updated code. Game works with FMOD working when ran before signing.
I followed https://defold.com/manuals/macos/ with some modifications noted below.
I’m able to sign, make pkg, and upload.
What am I doing wrong?
The game launches before I codesign, but after it crashes. This happens only after adding the sandboxing to the entitlements. Without sandboxing, I can run and play fine, but I cannot pkg/upload that to Mac App Store.
Termination Reason: Namespace CODESIGNING, Code 0x1
One difference between the current doc codesign step and one I did before was “3rd Party Mac Developer Application: Your Team Name” does this matter or is it only the identity that matters?
I’m going to submit the build I uploaded today even though it doesn’t run locally and see what happens.
These are the extra steps I am taking:
Before doing codesign edit the Info.plist to add an app category
For example,
<string>public.app-category.card-games</string>
Make sure the Bundle name is the name of your game
Edit the entitlement.plist to add sandboxing
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
Then codesign
codesign --force --sign “Developer ID Application: Devname” --options runtime --deep --timestamp --entitlements entitlement.plist “Game.app”
Now you need to create a pkg
Get your developer ID from your Keychain it looks like this: DZ2-------
productbuild --component "Game.app" /Applications --sign DEV_ID_HERE Game.pkg
Now you can upload with Application Loader.
Or rather I will not submit build as it failed with signing. I’ll compare old steps I did before that got past this point…
Edit
Trying to submit with these
codesign --force --sign "3rd Party Mac Developer Application: Name" --entitlements entitlement.plist "Game.app" --deep
productbuild --component "Game.app" /Applications --sign DEV_ID --product "Game.app/Contents/Info.plist" Game.pkg
These ones worked
Already reviewed! And it failed.
Here’s the old failure after submission (the errors I posted previously… I am pretty sure I did move the files into the right folder before but discarded them since they didn’t help with the review only with uploading).
Here’s the message today
Once again… please… someone try this process and see if you can get a build actually approved by Apple to go live. 