search

PlayEveryWare / eos_plugin_for_unity

Repository for PlayEveryWare's EOS Plugin for Unity, bringing the functionality of Epic Online Services to the Unity Game Engine.
https://eospluginforunity.playeveryware.com
297 stars 54 forks source link

`eac_launcher.app` (the binary `start_protected_game`) has an invalid signature on Mac OSX 15.x #989

Closed CliffCawley closed 1 day ago

CliffCawley commented 4 weeks ago

eac_launcher.app can no longer be run on Mac OSX 15.x. It works fine on Mac OSX 12.x

Steps to reproduce:

  1. Setup an example project using eos_plugin_for_unity and build with EOS enabled to get the eac_launcher.app in the build folder
  2. Double click the eac_launcher.app and receive 'The application "eac_launcher" cannot be opened, along with a 'Ignore' and 'Report' dialog.
  3. Click Report to see: Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature

This exact app was working fine on MacOSX 12.x. But upgrading to Mac OSX 15.x and running the same file resulted in the above issue.

arthur740212 commented 4 weeks ago

Maybe there is something in Info.plist that we didn't update. Does tweaking the version number like the previous issue work?

CliffCawley commented 4 weeks ago

Running some further investigation and it seems to be saying the Info.plist isn't bound.

So I ran some additional checks and I think the problem is that it hasn't been Notarized with Apple and in later versions of OSX it seems to be a requirement.

Whoever created and signed the eac_launcher.app can perhaps try the following steps:

1) Verify Notarization Was Successful Use altool to check the notarization status:

xcrun altool --notarization-history 0 -u "your-apple-id" -p "app-specific-password"

This command lists recent notarization requests. Look for your app and confirm its status as "success." If the app isn’t listed, or the status isn’t "success," it means notarization didn’t complete.

If you don’t have the request ID, you can re-submit the app for notarization.

2) Re-submit for Notarization (if Needed) Re-notarizing the app ensures a valid ticket. To submit the app for notarization:

xcrun altool --notarize-app -f /path/to/eac_launcher.app -u "your-apple-id" -p "app-specific-password" --primary-bundle-id "com.epicgames.easyanticheat"

After submission, Apple will provide a Request UUID.

3) Check Notarization Status for the Submission Wait for an email from Apple confirming notarization success or run:

xcrun altool --notarization-info <request-uuid> -u "your-apple-id" -p "app-specific-password"

Replace <request-uuid> with the UUID provided by Apple. If notarization was successful, proceed to the next step.

4) Staple the Notarization Ticket Once notarization is confirmed, staple the ticket to the app:

xcrun stapler staple /path/to/eac_launcher.app

Validate the Stapling Finally, run:

xcrun stapler validate /path/to/eac_launcher.app

This should complete without errors if everything is correctly notarized and stapled.

arthur740212 commented 3 weeks ago

Thank you for the in-depth investigation. We will try to incorporate this into the plugin.

Is this notarization step required only for newer versions of MacOS?

CliffCawley commented 3 weeks ago

It looks like it's a requirement now in MacOS 10.14.5 (May 13, 2019) and later. (Although their quoted docs say both 10.14.5 and 10.15 so not sure which it is.)

Beginning in macOS 10.14.5, software signed with a new Developer ID certificate and all new or updated kernel extensions must be notarized to run. Beginning in macOS 10.15, all software built after June 1, 2019, and distributed with Developer ID must be notarized. However, you aren’t required to notarize software that you distribute through the Mac App Store because the App Store submission process already includes equivalent security checks.

https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution

I don't believe you need to incorporate it in the plugin, it's just the eac_launcher.app needs to be notarized. It's signed already by Epic, but it also needs to be notarized, since it's distributed outside the Mac Store.

arthur740212 commented 3 weeks ago

Thank you for the info. We will see if we can raise this in the Epic forums

arthur740212 commented 1 week ago

Hello. Updates on the thread. We received news that the app should be notarized out of the box since v1.16.4, which we are working on a release for and should come out soon. We'd like to encourage you to try out the new version once it is ready. If you find out the notarization isn't ready on the new package, please let us know.

We will keep this ticket open for a while to help us track the process. Thank you for helping us with the plugin.

paulhazen commented 1 day ago

Hey @CliffCawley, I'm going to close this out because thanks to our release yesterday we have resolved the issue. Thanks again, and feel free to reach out if you have any continued need for assistance :)