HOWTO macOS notarization (plugins, app, pkg installers)
-
AnalogObsession AnalogObsession https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=427177
- KVRian
- 557 posts since 3 Oct, 2018
Just checked log file and there are 2 errors.
"The binary is no signed with a valid Developer ID certificate"
"The signature does not include a secure timestamp"
But i did everything correct... Missing something?
Edit
Solved the issue. It was my bad. Used wrong cert.
But, Packages can't include timestamp and sign .pkg with correct cert. I had to manually sign .pkg file.
"The binary is no signed with a valid Developer ID certificate"
"The signature does not include a secure timestamp"
But i did everything correct... Missing something?
Edit
Solved the issue. It was my bad. Used wrong cert.
But, Packages can't include timestamp and sign .pkg with correct cert. I had to manually sign .pkg file.
https://www.patreon.com/analogobsession Support for free VST3, AU, AAX for WIN & MAC
-
- KVRAF
- Topic Starter
- 5427 posts since 18 Jul, 2002
Latest Whitebox Packages release has no issues with certificated signing.AnalogObsession wrote: ↑Wed Feb 05, 2020 8:52 am Packages can't include timestamp and sign .pkg with correct cert. I had to manually sign .pkg file.
-
- KVRian
- 624 posts since 30 Aug, 2012
It sometimes seems that Apple made this process as difficult and convoluted as possible.
For example, you can't notarize individual plugin binaries - they have to be zipped first and then notarized.
But then you can't STAPLE that notarized zip file - you have to extract the notarized plugin binaries first - then staple - then re-zip.
WTF?
For example, you can't notarize individual plugin binaries - they have to be zipped first and then notarized.
But then you can't STAPLE that notarized zip file - you have to extract the notarized plugin binaries first - then staple - then re-zip.
WTF?
- KVRian
- 872 posts since 6 Aug, 2005 from England
I've started to not use zip files anymore for installers, it's a waste of time and possibly confusing for computer-illiterate Apple users.
Dave Hoskins. http://www.quikquak.com
- KVRist
- 377 posts since 2 Feb, 2005 from UK
OK I've been following the thread with trepidation/interest - now its time to start this whole process. First what I'm using:
Mojave
XCode 10
WhiteBox Packages 1.2.7
Apple Developer account/ID
What I want to distribute (all in the same single pkg....):
- AU
- VST
- Stand-Alone app
- a bunch of support files (none of them are executables)
What I think I need to do:
Codesign the AU
Codesign the VST
Codesign and Hardened Runtime enabled for the Stand-Alone App
Then I create the pkg, and submit that for notorization.
Then I staple the PKG
...and then I can zip this pkg up and load it onto the server
OK so where is this plan wrong?
Mojave
XCode 10
WhiteBox Packages 1.2.7
Apple Developer account/ID
What I want to distribute (all in the same single pkg....):
- AU
- VST
- Stand-Alone app
- a bunch of support files (none of them are executables)
What I think I need to do:
Codesign the AU
Codesign the VST
Codesign and Hardened Runtime enabled for the Stand-Alone App
Then I create the pkg, and submit that for notorization.
Then I staple the PKG
...and then I can zip this pkg up and load it onto the server
OK so where is this plan wrong?
VST/AU Developer for Hire
- KVRian
- 519 posts since 12 Apr, 2010 from The Netherlands
-
- KVRian
- 1100 posts since 3 May, 2005 from Victoria, BC
.pkg are already compressed, why zip it?
- KVRist
- 377 posts since 2 Feb, 2005 from UK
OK great, didn't realise that about the pkg - thinking about it that make sense. So one less problem as a few Mac customers have had problems with zip files...
But thinking about it I realise I zip up the package as part of a bigger deliverable that includes the other materials and the windows installer... so zip is what its gotta be to have only one download archive...so thats why "zip the pkg"
But thinking about it I realise I zip up the package as part of a bigger deliverable that includes the other materials and the windows installer... so zip is what its gotta be to have only one download archive...so thats why "zip the pkg"
VST/AU Developer for Hire
-
- KVRAF
- Topic Starter
- 5427 posts since 18 Jul, 2002
I have received a PM with a heads up regarding timestamp now being a requirement for plugin files (.component, .vst, .vst3)
https://developer.apple.com/documentati ... es#3087733
Terminal commands for the first page have been updated accordingly.
It's yet to be confirmed that previously notarized stuff without timestamp still works properly.
https://developer.apple.com/documentati ... es#3087733
Terminal commands for the first page have been updated accordingly.
It's yet to be confirmed that previously notarized stuff without timestamp still works properly.
- KVRian
- 872 posts since 6 Aug, 2005 from England
I got tripped up by Xcode using 'Mac Developer' instead of the correct 'Developer ID Application'
Mac Developer worked before, but they like moving goal posts.
Mac Developer worked before, but they like moving goal posts.
You do not have the required permissions to view the files attached to this post.
Dave Hoskins. http://www.quikquak.com
-
- KVRAF
- 6576 posts since 14 Nov, 2006 from Ankara, Turkey
- KVRist
- 103 posts since 28 Aug, 2011 from United Kingdom
Thank you for posting these instructions
I'm stuck on this part. On the linked Apple Developer page it says:
I don't see any 'security' section on my developer account?1. Sign in to your Apple ID account page.
2. In the Security section, click Generate Password below App-Specific Passwords.
-
- KVRAF
- Topic Starter
- 5427 posts since 18 Jul, 2002
Maybe it's because two factor authentication is off.SPC Plugins wrote: ↑Thu Feb 27, 2020 8:55 am I don't see any 'security' section on my developer account?
You do not have the required permissions to view the files attached to this post.