Fixing the code signing and notarization issues of Unreal Engine

The Importance of Proper Packaging and Distribution for Unreal Engine Applications

As an experienced IT professional, I’ve encountered numerous challenges when it comes to packaging, code signing, and notarizing Unreal Engine applications for distribution on macOS. The recently introduced “modern Xcode workflow” in Unreal Engine 5.3 promised to simplify this process, but in reality, it has introduced several issues that can make it impossible to create a properly signed and notarized application.

In this comprehensive article, I’ll dive deep into the problems I encountered, the solutions I discovered, and the insights I gained through my extensive research and hands-on experience. Whether you’re a seasoned Unreal Engine developer or just starting to explore the platform, this guide will provide you with the practical tips and in-depth understanding you need to overcome the code signing and notarization challenges and successfully distribute your Unreal Engine applications on macOS.

Understanding the Modernized Xcode Workflow

Starting from Unreal Engine 5.3, Epic Games introduced the so-called “modern Xcode workflow” to improve the integration between Unreal Engine and the standard Xcode app projects. The goal was to make the Unreal Build Tool (UBT) more consistent with Xcode’s workflows and to ensure compliance with Apple’s requirements for distributing applications.

In theory, this workflow should simplify the packaging, code signing, and notarization process. However, in practice, it is flawed, as both the code signing and the framework support are not correctly implemented, making the creation of working apps and their distribution impossible.

The issues I encountered during the packaging, code signing, and notarization of an Unreal Engine application that included third-party plugins (URedis and WebBrowserWidget) are the focus of this article. I’ve documented all the attempts I made to reach the goal of creating a properly signed and notarized application, and I’ll share the insights and solutions I discovered along the way.

Packaging and Code Signing Challenges

To begin the packaging and distribution process, I first created an Unreal Engine application with a simple setup: an empty world with a user widget containing a Web Browser Widget pointing to a website, and an ARedis actor that connects to a local Redis server, sets a value, fetches it, and prints the retrieved value in the scene.

The packaging process should allow us to get a correctly signed application, but I quickly encountered several issues:

1. Missing Dependencies: The packaged application only contained the main executable, with no references to the required dylibs (e.g., the URedis plugin) or the Chromium Embedded Framework (CEF) required by the Web Browser Widget.
2. Crash on Launch: Even with the missing dependencies added, the packaged application would still crash on launch without providing any useful clues.
3. Incorrect CEF Location: The engine’s implementation of CEF as a macOS framework was incorrect, requiring a manual fix to ensure the framework was placed in the correct location within the bundle.

Addressing these issues was just the beginning of the journey. The real challenges started when it came to code signing and notarization.

The Complexities of Code Signing and Notarization

Code signing and notarization are essential steps for distributing Unreal Engine applications on macOS, as they ensure the security and trustworthiness of your software. However, I found that the code signing integration within the UBT, even with the modernized Xcode workflow, was not sufficient for this task.

Some of the key issues I encountered included:

1. Incomplete Entitlements: The UBT did not correctly generate the necessary entitlements file, which is critical for passing the notarization process.
2. Incorrect Info.plist Configuration: The UBT also failed to properly configure the Info.plist file, which is another essential component for a successfully notarized application.
3. Signing Challenges: Manually signing the application and its contents, including ensuring all dylibs were properly executable, was a complex and time-consuming process.
4. Notarization Errors: Even with the manual code signing efforts, the notarization process often failed, with cryptic error messages that provided little insight into the root causes.

Overcoming these challenges required a deep dive into the Unreal Engine source code, extensive research, and a lot of trial and error. But in the end, I was able to develop a comprehensive workflow that addresses the issues and ensures a properly signed and notarized Unreal Engine application.

The Comprehensive Workflow for Successful Notarization

To achieve a successfully notarized Unreal Engine application, I discovered that the code signing and packaging integrated into the UBT is not sufficient. Instead, a more hands-on and meticulous approach is required. Here’s the comprehensive workflow I recommend:

1. Manually Configure the Entitlements and Info.plist Files: The UBT does not correctly generate these critical files, so you’ll need to create them manually, ensuring that the Bundle ID and other key settings are properly configured.
2. Ensure All Dependencies are Properly Included: Carefully inspect the packaged application to verify that all required dylibs, frameworks, and other dependencies are present and in the correct locations.
3. Manually Sign the Application and its Contents: Use the codesign command to sign the application, all executable files, and any other relevant components, ensuring that the necessary flags are set to enable the hardened runtime and secure timestamp.
4. Notarize the Packaged Application: Submit the signed application to the Apple notarization service, carefully review any error messages, and address any issues found before resubmitting.
5. Staple the Notarization Ticket: Once the notarization process is successful, use the stapler tool to attach the notarization ticket to the application, ensuring that it can be properly verified by Gatekeeper.

By following this comprehensive workflow, you can overcome the limitations of the UBT’s code signing integration and create a properly signed and notarized Unreal Engine application that can be confidently distributed to your users.

The Importance of Patience and Persistence

Throughout my journey of solving the code signing and notarization issues, I encountered numerous roadblocks and frustrations. The lack of comprehensive documentation from Epic Games, the cryptic error messages, and the seemingly endless trial-and-error process all contributed to a challenging experience.

However, I persevered, and I’m confident that the insights and solutions I’ve shared in this article will save other developers significant time and effort. The key is to approach the problem with a methodical and persistent mindset, not hesitating to delve into the Unreal Engine source code and leverage external resources to understand the underlying issues.

Remember, the distribution of your Unreal Engine applications on macOS is a critical aspect of your development process. By mastering the code signing and notarization workflows, you’ll be able to provide your users with a secure and trustworthy experience, ultimately contributing to the success of your applications.

Conclusion: Empowering Unreal Engine Developers

In this comprehensive article, I’ve shared my extensive experience in tackling the code signing and notarization challenges faced when packaging and distributing Unreal Engine applications on macOS. From the problems introduced by the “modern Xcode workflow” to the detailed solutions I discovered, I hope this guide has provided you with the practical tips and in-depth insights you need to overcome these obstacles.

By following the comprehensive workflow outlined in this article, Unreal Engine developers can ensure that their applications are properly signed, notarized, and ready for distribution, ultimately delivering a secure and trustworthy experience to their users.

Remember, the journey towards successful Unreal Engine application distribution on macOS may be long and arduous, but with the right approach and perseverance, you can overcome the challenges and unlock the full potential of your creations. Visit the ITFix blog for more practical technology tips and insights from experienced IT professionals like myself.