Greetings reader,
Backstory:
For a long time we've been using Unity to distribute apps for multiple platforms.
To automate building we're using the UnityCloud Build Server - service.
Recently they've added the possibility to build to os x as well. (32,64 and universal).
When done so we can download a zip inclusing the build .app
Now, we like to distribute in enterprise format. But our test imac began yelling stuf about unknown developers. So we needed signing.
I've downloaded the developer application id certificate to sign this app and the developer installer certificate to productbuild it to a .pkg/installer
Signing finally worked out but feels... "sketchy"
To sign i need to fix read permissions first because it was build on another machine (the cloud)
Then set the internal .plist info to our desired settings (like versioning and bundle id)
Then force/deep sign with our codesigning identity and build it to a package
Perhaps it feels sketchy beacuse im not well acquainted to the apple environment and it feels i can just 'mess around' in plists and stuff.
Can i force sign other apps like this as well, or is our certificate nicely keeping everything in check and am i doing it right?
Do i need to lock read permissions when im done again?
Really hope someone can shine a light on this with me.
Thanks in advance,
David