Azure-Samples / cognitive-services-speech-sdk

Sample code for the Microsoft Cognitive Services Speech SDK
MIT License
2.87k stars 1.85k forks source link

Azure Speech SDK native Unity plugin load failure on Mac OS; Gatekeeper prevents loading, possibly due to missing notarization #2507

Open philip-lamb opened 3 months ago

philip-lamb commented 3 months ago

Describe the bug

Upon invocation of a method from the speech SDK in Unity, Unity attempts to load the native plugin (libMicrosoft.CognitiveServices.Speech.core.dylib), however this fails with the following error: "libMicrosoft.CognitiveServices.Speech.core.dylib" can't be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information.

Examination shows the dylib is signed:

sudo codesign -d --verbose libMicrosoft.CognitiveServices.Speech.core.dylib
Executable=Assets/SpeechSDK/Plugins/MacOS/libMicrosoft.CognitiveServices.Speech.core.dylib
Identifier=libMicrosoft.CognitiveServices.Speech.core
Format=Mach-O universal (x86_64 arm64)
CodeDirectory v=20400 size=38286 flags=0x0(none) hashes=1190+2 location=embedded
Signature size=9012
Timestamp=Apr 6, 2024 at 10:53:49 AM
Info.plist=not bound
TeamIdentifier=UBF8T346G9
Sealed Resources=none
Internal requirements count=1 size=204

but not notarized:

sudo spctl -a -vvv -t install libMicrosoft.CognitiveServices.Speech.core.dylib
libMicrosoft.CognitiveServices.Speech.core.dylib: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: Microsoft Corporation (UBF8T346G9)

This is hardly surprising, since bare dylibs, while theoretically able to be notarized, cannot be stapled in any case. The correct mechanism for distributing native plugins for Unity on Mac OS is to build the plugin as a .bundle including an Info.plist file and then submit the bundle for notarization using Apple's standard processes.

To Reproduce

Steps to reproduce the behavior:

  1. Import Microsoft.CognitiveServices.Speech.1.38.0.unitypackage into clean Unity project
  2. Access speech APIs
  3. Observe error message.

Expected behavior

Unity should load the plugin without any further user interaction.

Workarounds

It is possible to manually create a Gatekeeper exception in System Settings->Security:

Screenshot 2024-07-18 at 6 54 34 PM

and then at the point where the error previously appeared, accept the resulting warning by clicking open:

Screenshot 2024-07-18 at 6 57 05 PM

however this is not an acceptable solution for distribution.

Version of the Cognitive Services Speech SDK

Microsoft.CognitiveServices.Speech.1.38.0.unitypackage

Platform, Operating System, and Programming Language

Additional context

github-actions[bot] commented 2 months ago

This item has been open without activity for 19 days. Provide a comment on status and remove "update needed" label.

philip-lamb commented 2 months ago

Can anyone advise if there is a more direct way to get a bug report to the development team?

github-actions[bot] commented 2 months ago

This item has been open without activity for 19 days. Provide a comment on status and remove "update needed" label.

philip-lamb commented 1 month ago

Can anyone advise if there is a more direct way to get a bug report to the development team?