Unity Entitlements Tool

Unity Entitlements Tool

Unity Entitlements Tool lets you codesign all the things! Automate OS X code signing for your Unity projects.

v1.16 - 575 kB - OS X 10.7+

Want to set up code signing, entitlements, sandboxing and packaging right from Unity’s editor? Get ready for Mac App Store publishing with just a few clicks right in Unity’s editor with our new Mac App Store Toolset.

Quick start

  • 1 Make sure your OS X (10.7+) installation is up to date (Apple Menu > Software Updates).
  • 2 Make sure you have Xcode installed and it is updated to the latest version (via Mac App Store or Mac Dev Center).
  • 3 Make sure your provisioning profiles are correctly listed and set up in Xcode Organizer.
  • 4 Make sure you have a valid Mac development or release provisioning profile setup (System Preferences > Profiles).
  • 5 You should backup and/or commit (version control) your project before you continue.
  • 6 Launch Unity Entitlements Tool, click “Pick Project Directory” and select a Unity 3.4+ project top directory.
  • 7 Enable code signing, entitlements, sandboxing and packaging. Enable features you will be using.
  • 8 Click “Update” (Build Pipeline) to apply changes or click “Clear” (Build Pipeline) to remove codesign (re-build required).

Why use Unity Entitlements Tool?

Unity Entitlements Tool allows you to easily setup codesign, entitlements, sandboxing and packaging for Mac OS deployment of your Unity applications. Codesigning and sandboxing are mandatory since June 2012 if you intend to make your app available on the Mac App Store. Your application needs proper entitlements if you intend to use iCloud in your application (for example if you are using our iCloud for Unity plugin). Please note that iCloud will only be enabled for applications distributed through the Mac App Store (that is, you cannot use iCloud in a non-’Mac App Store’ app).

Unity Entitlements Tool is a free open-source software available under BSD license. You can check out the full source code at our GitHub Project Page.

How does Unity Entitlements Tool work?

Unity Entitlements Tool adds two files to your project Assets directory under the Editor sub-directory to make its magic work: entitlements.entitlements, a property list containing your application entitlements and sandboxing settings ; and PostprocessBuildPlayer, a perl script executed by Unity after each build which applies proper codesigning and entitlements to your app.

Please note that if your project directory already contains an entitlements.entitlements file under the Editor sub-directory, Unity Entitlements Tool will erase this file with new application entitlements.

Also note that if your project directory already contains a perl PostprocessBuildPlayer script, it won’t erase your script but append the codesigning commands at the end of your script. Please do not edit the added code and its marking comments as this may prevent Unity Entitlements Tool from processing this script later on.

As a sidenote, clearing the build pipeline won’t delete any file or directory. It just clears entitlements.entitlements property list from any content and removes codesigning commands from the PostprocessBuildPlayer script.

What is codesigning and how do I use profiles?

In short, codesigning is a mechanism that is primarily used for security features such as sandboxing. The main reasons that you will want to take advantage of codesigning are additional features for your application such as iCloud or simply because it is be mandatory on all Mac App Store applications since June 2012.

If you want to learn more about codesigning, you should read Apple’s Code Signing Guide.

Provisioning profiles are key to codesigning. It serves two main purposes : development profiles allow you to test and review features for your app such as In-App purchase and iCloud during development stages ; deployment profiles enable all the requested features for release purposes so you can submit your app to the Mac App Store.

If you want to learn more about provisioning profiles, you should read Apple’s App Distribution Guide.

Entitlements is a simple property list used during codesigning in order to tell it which specific features as well as security parameters (sandboxing) you are requesting for your application. You should be careful in enabling any feature your application might need in your entitlements.

If you want to learn more about entitlements, you should read Apple’s Entitlement Key Reference.

Sandboxing is a security feature already implemented in iOS since version 1.0 and that is being pushed for Mac App Store applications (it is mandatory since June 2012). Sandboxing is an operating system mechanism that isolates your app from the rest of the system and gives it only certain privileges that you told the system you would need and enforces that any unauthorized operation will be discarded.

If you want to learn more about sandboxing, you should read Apple’s App Sandbox Design Guide.

Known Issues

Mavericks triggers "Unsigned app" error despite everything getting signed correctly.

There's a knwon issue on Mavericks with storeagent. First you should validate the signature on your app using the "codesign -vvvv" command in the Terminal on your app bundle or package. If you do not have any signing issues, you can take those steps in Mac OS Terminal to prevent the issue on your hand:

$ cd /System/Library/Frameworks/Security.framework
$ sudo mv PlugIns Versions/Current/PlugIns
$ sudo ln -s Versions/Current/PlugIns .

Finally reboot. At this point, it doesn't seem the signature itself is invalid and your app should be good to go for the Mac App Store. It does prevent you from running the app for testing purposes before submitting.


About custom icon being required: due to an issue in Unity post-process pipeline, you have to provide your own custom icon. Furthermore, 512×512@2x icons are required since the MacBook Pro with Retina Display is out. You can provide your own custom icon with Unity Entitlements Tool. To make that icon valid for Mac App Store distribution, you can use the terminal command iconutil as detailed in this Apple documentation under the Packaging your Icon Resources section.

If you need additional support, you can contact us using the form on the Contact page.

Release notes

1.16 (03/15/2014)

- FIX: Reverted once again hints on the Game Center entitlement! This time we double-checked everything. It is required for both development and release.

1.15 (03/07/2014)

- FIX: Reintroduced the Game Center entitlement which is valid only for release

1.14 (02/04/2014)

- FIX: Removed Game Center entitlement which is now invalid

1.13 (01/07/2014)

- FIX: Fixed recursive codesign issue with .meta files

1.12 (11/13/2013)

- NEW: Support for custom splash screen (you have to provide a .tif file) to work around Unity copying the splash screen after post-process

1.11 (10/30/2013)

- FIX: Recursive code sign will now sign .so, .lib and Mach-O files which should fix code signing issues

1.10 (09/21/2013)

- FIX: Reintroduced application identifier entitlement (mistake on our end)

1.9 (09/14/2013)

- FIX: Tool is functional again… (fixed stupid mistakes from previous version)
- FIX: Removed application identifier entitlement which is not supported anymore by Apple
- NEW: Detects post-process scripts that are not Perl
- NEW: Recursive code-signing is now applied to static libraries
- NEW: Early exit detection to provide better compatibility with other post-process scripts
- NEW: Automatic untouched copy of signed bundle due to Unity voiding the signature by copying the icon after post-process
- UI: Window height slightly reduced though it may still not fit on 11″ displays

1.8 (06/24/2013)

- NEW: Unity 4.2 support for x64 and Universal (32+64) targets
- FIX: Do not attempt to run script on non-OS X platforms
- FIX: Icon file (.icns) is now marked as required due to Unity bundling icon after post-process

1.7 (06/17/2013)

- NEW: GameCenter entitlement option
- NEW: Push Notifications entitlement option
- FIX: Fixed code sign environment variable setting in Perl script (thanks Sean)
- UI: App now asks for project folder directly and pipeline status/buttons have been moved to save some space

1.6.4 (06/12/2013)

- NEW: Recursive code signing now applied to the frameworks folder
- NEW: Recursive code signing is now using entitlements if enabled

1.6.3 (06/07/2013)

- FIX: Fixed recursive codesign making the entire post-process script die if Plugins folder is absent

1.6.2 (06/05/2013)

- FIX: Fixed a typo that prevented correct removal of Calendars access entitlements when the box was unchecked

1.6.1 (05/30/2013)

- FIX: Allow setting either iCloud key-value store or container identifiers without the other one being required as your app can be rejected for “unused” entitlements

1.6 (05/10/2013)

- FIX: Fixed certificate detection mechanism to cater for new certificate names
- FIX: Fixed invalid codesign_allocate path that prevented codesign command to function
- NEW: Recursive codesigning of plugins inside the app bundle. This is necessary for dynamic libraries but will also remove warnings for bundles upon submission to the App Store

1.5.5 (10/12/2012)

- Fixed generated bundle permissions and ownership
- Fixed invalid entitlements by adding the now mandatory Application Identifier field
- Updated the sandboxing options
- Fixed UI stuff

1.5 (10/07/2012)

- You can now pick a certificate from a provisioning profile associated to multiple certificates
- Fixed an issue with codesigning and OS X 10.7.5 (many thanks to Gordon for finding this)
- Fixed an issue with codesigning in OS X 10.8.2 (many thanks to Alessandro for finding this)
- Disabled some UI annoyance automatically overriding certain fields
- Fixed a lot of UI issues when loading the project state

1.4 (08/04/2012)

- Added support for Developer ID code signing and packaging
- Fixed a few UI quirks
- Application is now signed with jemast software’s Developer ID

1.3.2 (06/10/2012)

- Fixed potential crash issue when fetching installer certificates

1.3.1 (05/29/2012)

- Slight modification on certificate fetching method to prevent crashes

1.3 (05/19/2012)

- Implemented setting a custom certificate for packaging (productbuild)
- Small UI changes to fit new options

1.2 (05/15/2012)

- Implemented settings for version number, as well as bundle “Get Info” (optional)
- Implemented optional setting for custom icon (in case you want to provide your own .icns file instead of the one generated by Unity)
- Packages generated by the PostProcess script are now ready for Mac App Store distribution
- Better PostProcess script handling to avoid breaking other PostProcess scripts
- UI changes (smaller window, textured background, fixed broken keyboard shortcuts)

1.1 (02/16/2012)

- Implemented settings for the Bundle Identifier and Mac App Store category (modifies Info.plist before signing)
- Implemented provisioning profile embedding into application bundle (before signing)
- Implemented packaging for distribution
- Various fixes to provisioning profile detection and setup
- UI changes

1.0 (12/07/2011)

- Initial release.

English     -     Français