MacOS - Fails notarization when using an extension #81733
Description
Godot version
4.1.1.stable
System information
MacOS Ventura 13.5.2, Apple M2 (Mac mini)
Issue description
When I try to export my game using the Godot-Sqlite extension (https://github.com/2shady4u/godot-sqlite) the process continually fails at the Notarization step.
I have verified I'm using the correct certificate based on security find-identity -v -p codesigning output, evidenced by the notarization log reducing from four errors (two complaining when I used the wrong certificate) to two which invariably complain the extension is not signed:
{
"logFormatVersion": 1,
"jobId": "159224f4-87b4-4be5-aa76-569f149faa9c",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "accessible_sudoku.dev.dmg",
"uploadDate": "2023-09-15T21:14:34.867Z",
"sha256": "26a6c76a4d21fcd47774685f47fda6b113ef4f6fecdea6e5adf221d05cf75b65",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "accessible_sudoku.dev.dmg/Accessible Sudoku.app/Contents/Frameworks/libgdsqlite.macos.template_debug.framework/libgdsqlite.macos.template_debug",
"message": "The signature of the binary is invalid.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "accessible_sudoku.dev.dmg/Accessible Sudoku.app/Contents/Frameworks/libgdsqlite.macos.template_debug.framework/libgdsqlite.macos.template_debug",
"message": "The signature of the binary is invalid.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
"architecture": "arm64"
}
]
}I've tried variations of the following entitlements, including all of them:
- Allow JIT Code Execution
- Allow Unsigned Executable Memory
- Allow DyId Environment Variables
- Disable Library Validation
The above error did not change in any case.
Here is the same report for the attached Minimal Project:
tim@Tims-Mac-mini Testing % xcrun notarytool log "${request_uid}" --issuer "${issuer_id}" --key-id "${key_id}" --key "${key_path}" | jq .
{
"logFormatVersion": 1,
"jobId": "1e6b3096-ea53-4e47-be3b-9b61c392a86f",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "test.dmg",
"uploadDate": "2023-09-16T10:13:47.031Z",
"sha256": "dd2c8ec5d550b957ab226b198eb4c6680a6671decb8e8ad9bdf4136d5b670990",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "test.dmg/MinimalMacExport.app/Contents/Frameworks/libgdsqlite.macos.template_debug.framework/libgdsqlite.macos.template_debug",
"message": "The signature of the binary is invalid.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "test.dmg/MinimalMacExport.app/Contents/Frameworks/libgdsqlite.macos.template_debug.framework/libgdsqlite.macos.template_debug",
"message": "The signature of the binary is invalid.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",
"architecture": "arm64"
}
]
}Steps to reproduce
Add the Godot-SQLite extension and export a Mac project with Code Signing and Notarization.
Minimal reproduction project
Couldn't attach the zip with the add-on installed, as it was too big. The attached project will need the SQLite add-on installed via the asset store.