Enable "hardened runtime" when building a macOS app

Hello,

In order to distribute the app outside of the Mac App Store, the app needs to go through the "Notarization Process". To pass this process successfully, the app needs to have the "Hardened Runtime" option enabled.

Locally, I can do that by having Unity building the Xcode Project, and then enable manually "Hardened Runtime" in the Xcode project.

However, when building from Unity Cloud Build, I don't have the option to enable "Hardened Runtime", but I have the option to do the notarization process, which always fails because "Hardened Runtime" isn't enabled.

I thought I could find an option to enable "Hardened Runtime" in the Unity's Player Settings or in Unity Cloud Build, but there is none.

By the way, I did include an entitlement file in Unity Cloud Build that contains the following lines but it doesn't change anything:

Code (XML):

1. <?xml version="1.0" encoding="UTF-8"?>
2. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3. <plist version="1.0">
4. <dict>
5.  
6.     <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
7.     <true/>
8.  
9.     <key>com.apple.security.cs.disable-library-validation</key>
10.     <true/>
11.  
12.     <key>com.apple.security.cs.allow-dyld-environment-variables</key>
13.     <true/>
14.  
15. </dict>
16. </plist>
17.  

Did I miss something?

Thanks in advance for your help

 

I've not done macOS stuff, but with iOS you can modify the Xcode project at build time - perhaps its something similar so you can add in the requirement?

 

Hi. I'm having the same issue. Could you share if you had solved the problem?

 

Hello @VuQNguyen,
It's been a while since I had this issue so I'm not 100% sure but if I remember well the problem was not about the Hardened Runtime option. I think that this option was automatically enabled by Unity Cloud Build.

The problem I had with Unity Cloud Build was different and related to the fact that it used to deleted symbolic links inside frameworks (see this post: https://forum.unity.com/threads/uni...lting-in-damaged-builds.1118557/#post-7545826). By the way, I heard that this issue was fixed but I didn't have the chance to confirm it.

So if you think you have an issue with the Hardened Runtime, it might be possible that your real problem is actually somewhere else (if you're in the same situation as I was).

 

I also have a problem with the "Hardened Runtime" option. I build locally and create a Xcode project. The build can run, but when I enable the option manually I get the exception below. I will investigate into your issue mentioned about the symbolic links. Anyone else having this issue?

My specs:
- Apple Silicon M1
- Unity 2022.2.7f1
- Xcode 14.2

Code (CSharp):

1. dyld[21936]: Library not loaded: @executable_path/../Frameworks/UnityPlayer.dylib
2.   Referenced from: <C24AF935-FA60-369B-8FDB-791C5883F3C3> /Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/MacOS/Fireabend
3.   Reason: tried: '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/UnityPlayer.dylib' (no such file), '/usr/lib/system/introspection/UnityPlayer.dylib' (no such file, not in dyld cache), '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/Frameworks/UnityPlayer.dylib' (code signature in <55A6556B-8634-3A6D-9E04-2025A3D2FC5E> '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/Frameworks/UnityPlayer.dylib' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)), '/System/Volumes/Preboot/Cryptexes/OS@executable_path/../Frameworks/UnityPlayer.dylib' (no such file), '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/Frameworks/UnityPlayer.dylib' (code signature in <55A6556B-8634-3A6D-9E04-2025A3D2FC5E> '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/Frameworks/UnityPlayer.dylib' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)), '/usr/local/lib/UnityPlayer.dylib' (no such file), '/usr/lib/UnityPlayer.dylib' (no such file, not in dyld cache)
4. (lldb)

 

UPDATE: Upon reading the mentioned exception more detailed I thought it's an issue due to signing. When I used a proper signing certificate (Developer Id Application) the error disappeared. Nevertheless the macOS app crashes upon start with a more cryptic exception, see below.

I was able to resolve the problem when I checked following option in "Signing & Capabilities" tab > Hardened Runtime > Runtime Exceptions: Allow Execution of JIT-compiled Code

Code (CSharp):

1. Thread Performance Checker: Thread running at QOS_CLASS_USER_INTERACTIVE waiting on a thread without a QoS class specified. Investigate ways to avoid priority inversions
2. PID: 24482, TID: 3766424
3. Backtrace
4. =================================================================
5. 3   UnityPlayer.dylib                   0x000000010558f320 MultiplyMatrixArrayWithBase4x4_NEON + 11860
6. 4   UnityPlayer.dylib                   0x00000001049f5568 _ZdaPvRKSt9nothrow_t + 2405692
7. 5   UnityPlayer.dylib                   0x00000001049f0734 _ZdaPvRKSt9nothrow_t + 2385672
8. 6   UnityPlayer.dylib                   0x00000001049f5dac _ZdaPvRKSt9nothrow_t + 2407808
9. 7   UnityPlayer.dylib                   0x0000000104ab1468 _ZdaPvRKSt9nothrow_t + 3175484
10. 8   UnityPlayer.dylib                   0x0000000104ab19b8 _ZdaPvRKSt9nothrow_t + 3176844
11. 9   UnityPlayer.dylib                   0x00000001049fb03c _ZdaPvRKSt9nothrow_t + 2428944
12. 10  UnityPlayer.dylib                   0x000000010540a904 _Z10PlayerMainiPPKc + 84
13. 11  dyld                                0x000000018349be50 start + 2544
14. [UnityMemory] Configuration Parameters - Can be set up in boot.config
15.     "memorysetup-bucket-allocator-granularity=16"
16.     "memorysetup-bucket-allocator-bucket-count=8"
17.     "memorysetup-bucket-allocator-block-size=4194304"
18.     "memorysetup-bucket-allocator-block-count=1"
19.     "memorysetup-main-allocator-block-size=16777216"
20.     "memorysetup-thread-allocator-block-size=16777216"
21.     "memorysetup-gfx-main-allocator-block-size=16777216"
22.     "memorysetup-gfx-thread-allocator-block-size=16777216"
23.     "memorysetup-cache-allocator-block-size=4194304"
24.     "memorysetup-typetree-allocator-block-size=2097152"
25.     "memorysetup-profiler-bucket-allocator-granularity=16"
26.     "memorysetup-profiler-bucket-allocator-bucket-count=8"
27.     "memorysetup-profiler-bucket-allocator-block-size=4194304"
28.     "memorysetup-profiler-bucket-allocator-block-count=1"
29.     "memorysetup-profiler-allocator-block-size=16777216"
30.     "memorysetup-profiler-editor-allocator-block-size=1048576"
31.     "memorysetup-temp-allocator-size-main=4194304"
32.     "memorysetup-job-temp-allocator-block-size=2097152"
33.     "memorysetup-job-temp-allocator-block-size-background=1048576"
34.     "memorysetup-job-temp-allocator-reduction-small-platforms=262144"
35.     "memorysetup-temp-allocator-size-background-worker=32768"
36.     "memorysetup-temp-allocator-size-job-worker=262144"
37.     "memorysetup-temp-allocator-size-preload-manager=262144"
38.     "memorysetup-temp-allocator-size-nav-mesh-worker=65536"
39.     "memorysetup-temp-allocator-size-audio-worker=65536"
40.     "memorysetup-temp-allocator-size-cloud-worker=32768"
41.     "memorysetup-temp-allocator-size-gfx=262144"
42. Mono path[0] = '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/Resources/Data/Managed'
43. Mono config path = '/Users/pizzaoven/Library/Developer/Xcode/DerivedData/Fireabend-fscjanuesptkdcheigclybmxsdae/Build/Products/Release/Fireabend.app/Contents/MonoBleedingEdge/etc'
44. (lldb)

 

Thank you for that update!

 

I really wish there was an option for this in Unity Cloud Build...