HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

DSP, Plug-in and Host development discussion.
User avatar
SPC Plugins
KVRist
101 posts since 28 Aug, 2011 from United Kingdom

Post Thu Feb 27, 2020 1:53 am

discoDSP wrote:
Thu Feb 27, 2020 1:42 am
Maybe it's because two factor authentication is off.
I've got two-factor authentication set up.

User avatar
discoDSP
KVRAF
4577 posts since 18 Jul, 2002

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Thu Feb 27, 2020 2:08 am

Strange. Perhaps there is something related to the account that's not making Security section appear. I'd contact Apple on this regard.

User avatar
Lind0n
KVRist
120 posts since 2 Feb, 2005 from UK

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Thu Feb 27, 2020 4:07 am

OK quick question:

codesign -s "Developer ID Application: Your Name" "/path/plugin.component" --timestamp


What's "Your Name" here? My Apple Developer ID?
VST/AU Developer for Hire

User avatar
discoDSP
KVRAF
4577 posts since 18 Jul, 2002

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Thu Feb 27, 2020 4:12 am

Lind0n wrote:
Thu Feb 27, 2020 4:07 am
What's "Your Name" here? My Apple Developer ID?
I'm using Team Name (Team ID). Will update accordingly to avoid confusions, thanks.

Markus Krause
KVRist
370 posts since 2 Jul, 2018

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Thu Feb 27, 2020 10:38 am

Software notarization fails, although codesign and productsign are without errors. I always get the same error "The signature of the binary is invalid." It is currently impossible to notarize .component files .

This problem was not present when I notarized my stuff in December.

Please note that code-signing works without errors on my computer.
I also checked and passed codesign -vvv --deep --strict

{
"logFormatVersion": 1,
"jobId": "b53c7d5e-67ba-4c97-95c0-7364db008307",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "plugin.zip",
"uploadDate": "2020-02-27T18:19:25Z",
"sha256": "6ad9b8a131df05ab468984619eda6cff00eceb3078ebda336a8a8fdab2a9c1a7",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "plugin.zip/Saurus.component/Contents/MacOS/Symbiosis",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "i386"
},
{
"severity": "error",
"code": null,
"path": "plugin.zip/Saurus.component/Contents/MacOS/Symbiosis",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
Tone2 Audiosoftware https://www.tone2.com

User avatar
discoDSP
KVRAF
4577 posts since 18 Jul, 2002

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Thu Feb 27, 2020 10:44 am

Markus, have you tried signing with the —timestamp flag? Apple added this requirement recently.

Markus Krause
KVRist
370 posts since 2 Jul, 2018

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Thu Feb 27, 2020 10:53 am

Tried again. It does not seem to be related to the timestamp. I used --timestamp
Tone2 Audiosoftware https://www.tone2.com

User avatar
SPC Plugins
KVRist
101 posts since 28 Aug, 2011 from United Kingdom

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Fri Feb 28, 2020 5:53 am

discoDSP wrote:
Thu Feb 27, 2020 2:08 am
Strange. Perhaps there is something related to the account that's not making Security section appear.
Problem solved: I was making the dumb mistake of signing in to Apple Developer account, not my Apple ID account :( I followed your instructions and my (test) installer pkg successfully notorised on the first try. Now all I need to do is work out what all that 'stapler' stuff is about.

Markus Krause
KVRist
370 posts since 2 Jul, 2018

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Fri Feb 28, 2020 6:53 am

Building towards which MacOSX Base SDK is the best choice?
(I am using MacOSX10.11.sdk)

What macOS Deployment Target is the best choice?
(I am using 10.7)

What are the minimum system requirements for my combination of Deployment Target and Base SDK?

—————————

Further findings:

If you copy a file with a post-build-script the code signing is removed

Add --force to the arguments of your codesign command to make it re-sign something.
Example:
codesign -s 'Developer ID Application: YourName (X12234768)’ Plugin.component --timestamp --force

There is also an undocumented —remove command to remove existing timestamps. However it seems to be unreliable. You should use —force instead.

The symbiosis-AU-wrapper does not longer work with the Notarization since February 2020. The notarization seems to be buggy. This seems to affect all plugins that use the wrapper. Plug-ins with embedded symbiosis seem to pass.

---------------

The main difficulty seems to be to pass .component files through the Notarization. To speed up the testing you can:

1) codesign the .component
codesign -s 'Developer ID Application: YourName (X12234768)’ Plugin.component --timestamp --force

2) then zip it then

3) Notarize it:
xcrun altool --notarize-app -f plugin.zip --primary-bundle-id com.mycompany.myplugin --username “yourname” --password “your password”

4) Check the status via command line instead of waiting for the email. If there is a 0 on top it passed.
xcrun altool --notarization-history 0 -u “your name” -p “yourpassword”

——

I hope this helps a bit to get through Apples nighmare-desaster of Notarization. :x
Markus
Tone2 Audiosoftware https://www.tone2.com

quikquak
KVRian
676 posts since 6 Aug, 2005 from England

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Fri Feb 28, 2020 8:28 am

FYI. If you didn't get the email, Eden 5.2.1 SDK is out.

Markus Krause
KVRist
370 posts since 2 Jul, 2018

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Tue Mar 03, 2020 1:31 am

Further findings:

- Since February 2020 it does not longer work to have a .component file which creates files within it dynamically. It will fail the notarisation. This affects mainly wrappers that use a .VST to convert it to AU or AAX

- Symlinks within the .component do not longer work.

- codesigning does not seem to protect against hacks and viruses. I found a way to modify an existing .component file that was already codesgined. I will not post further details here in the public.
Tone2 Audiosoftware https://www.tone2.com

Fender19
KVRist
447 posts since 30 Aug, 2012

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Wed Mar 04, 2020 10:46 am

Markus Krause wrote:
Tue Mar 03, 2020 1:31 am
- codesigning does not seem to protect against hacks and viruses. I found a way to modify an existing .component file that was already codesgined. I will not post further details here in the public.
In the amount of time it took us to figure this stuff out and get our products working on Catalina hackers have surely figured out how to circumvent it. IMO, the only thing this "exercise" did was frustrate Apple customers and developers. Newcomers with new Macs probably don't care too much but people with existing systems that "upgraded" to it... :x

User avatar
trackbout
KVRist
78 posts since 29 Apr, 2019

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Sat Mar 07, 2020 9:02 pm

Thank you to everyone here, especially the homie at DiscoDSP for getting this rolling. This thread was a huge help. 🙏🏼

Apple, if you are listening, this was a massive pain in the dick. I hope you all stub your toes, really, really hard.

User avatar
discoDSP
KVRAF
4577 posts since 18 Jul, 2002

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Sun Mar 08, 2020 2:59 am

trackbout wrote:
Sat Mar 07, 2020 9:02 pm
Thank you to everyone here, especially the homie at DiscoDSP for getting this rolling. This thread was a huge help. 🙏🏼
You're welcome :) I was also told to ask forum mods to set this thread sticky but I'm not sure about it. Thoughts?

Cheers,
George.

User avatar
trackbout
KVRist
78 posts since 29 Apr, 2019

Re: HOWTO macOS Mojave/Catalina notarization (plugins, app, pkg installers)

Post Sun Mar 08, 2020 3:07 am

discoDSP wrote:
Sun Mar 08, 2020 2:59 am
You're welcome :) I was also told to ask forum mods to set this thread sticky but I'm not sure about it. Thoughts?

Cheers,
George.
Sounds like a good idea to me. Until everyone is out of the woods on this transition we might as well make this post easy to find.

Return to “DSP and Plug-in Development”