A small work offer to create a script that creates a notarized install pkg for macOS Catalina

DSP, Plug-in and Host development discussion.
User avatar
Aleksey Vaneev
KVRAF
3570 posts since 7 Sep, 2002

Post Wed Oct 09, 2019 9:09 pm

Hello!

If you are experienced enough and interested, please contact me via info@voxengo.com - the following work is necessary: create a generic .sh script which creates a package using standard developer tools out of signed .component file located in standard Components folder, plus several files like image and license file, plus a post-install script, all located in a separate folder, then submits for notarization and waits for notarization result, then stamps. I'm personally aware of the processes, but I thought it would be fine to cooperate with someone experienced on this. Of course, I will pay for work an agreed sum via PayPal.
Image

quikquak
KVRian
588 posts since 6 Aug, 2005 from England

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Thu Oct 10, 2019 4:02 am

Excellent idea! If you can make a MacOSX App for the App Store that does the process, just by taking the licence info, then I’d easily pay $50 for it, and I’m sure many others would do too.

Angus_FX
KVRAF
4679 posts since 18 Jul, 2002 from London, UK

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Thu Oct 10, 2019 5:17 am

Will this work though..? AFAIK notarization won't succeed unless you're using hardened runtime, sandboxing entitlements and possibly some other "new" stuff.
ROLI | FXpansion
FX Twitter | FX YouTube

quikquak
KVRian
588 posts since 6 Aug, 2005 from England

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Thu Oct 10, 2019 6:29 am

As long as the user has the requirements, surely you could execute scripts from a program to do it?
Or at least print the procedure to a file that the user can run themselves.
If not then... *sigh*

User avatar
Aleksey Vaneev
KVRAF
3570 posts since 7 Sep, 2002

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Thu Oct 10, 2019 10:02 am

Not sure I understand your messages. I just need a single .sh script with required util calls, and maybe some loop that waits for notarization. If I'm not mistaken, it's possible to create a package with standard devutils, and attach a post-install script to it, I just have no details. maybe it needs to be zipped first for notarization, or component should be submitted for notarization separately - you see, I just have an overview of the process, so need an experienced help.
Image


User avatar
Aleksey Vaneev
KVRAF
3570 posts since 7 Sep, 2002

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Thu Oct 10, 2019 8:19 pm

Thanks, will check this out if nobody goes online. Anyway, still need to create pkg - my previous attempts to use proprietary applications for package creation failed miserably, I think there should be a way to just use command-line tools to create packages. And I'd really like to pay for the help, maybe ask a couple of questions. I'm fine with Windows way of producing software, but MacOS tools and technology makes me sad. (not only me - xcode has 2.6/5 rating on App Store)
Image

User avatar
discoDSP
KVRAF
4379 posts since 18 Jul, 2002

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Fri Oct 11, 2019 1:48 am

WhiteBox Packages http://s.sudre.free.fr/Software/Packages/ has command line tools, but I'm using the GUI version. Be aware with GUI version you need to codesign via command line with productsign because secure time stamp isn't supported in 1.2.6. Drop me a line to contactus@discodsp.com if you are looking for some assistance. I'd be glad to help you.
Command Line Tool
Integrating Packages into an automated production workflow is easy with the packagesbuild command line tool. Once you have created your Packages project, the packagesbuild tool will let you build it from the Terminal, a shell script or an Xcode Run Script Build phase.
Also, I posted a how to some weeks ago: viewtopic.php?p=7518248#p7518248

Wild Hades
KVRist
188 posts since 6 Sep, 2007

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Fri Oct 11, 2019 4:31 am

Aleksey Vaneev wrote:
Thu Oct 10, 2019 8:19 pm
I think there should be a way to just use command-line tools to create packages. And I'd really like to pay for the help, maybe ask a couple of questions.
I'm currently using .sh scripts to automate the creation of my packages for OSX distribution using the standard tools provided by the OS.
I'd be glad to help you out just to thank you for your amazing R8Brain library :wink:

Here is an example of what I'm doing to create the .pkg installer

Code: Select all

#Variables
PLUGIN_IDENTIFIER=com.yourcompany.yourproductid
PLUGIN_VERSION=1.0.0
PLUGIN_NAME="Your Plug-In name"

#Echo on
set -x -e

#Here we create the .pkg for all the plug-in formats

#AAX
pkgbuild --install-location "/Library/Application Support/Avid/Audio/Plug-Ins" --identifier "$PLUGIN_IDENTIFIER-aax.pkg" --version $PLUGIN_VERSION --component "/Library/Application Support/Avid/Audio/Plug-Ins/$PLUGIN_NAME.aaxplugin" "$PLUGIN_IDENTIFIER-aax.pkg"

#AU
pkgbuild --install-location "/Library/Audio/Plug-Ins/Components" --identifier "$PLUGIN_IDENTIFIER-au.pkg" --version $PLUGIN_VERSION --component "$HOME/Library/Audio/Plug-Ins/Components/$PLUGIN_NAME.component" "$PLUGIN_IDENTIFIER-au.pkg"

#VST2.4
pkgbuild --install-location "/Library/Audio/Plug-Ins/VST" --identifier "$PLUGIN_IDENTIFIER-vst.pkg" --version $PLUGIN_VERSION --component "$HOME/Library/Audio/Plug-Ins/VST/$PLUGIN_NAME.vst" "$PLUGIN_IDENTIFIER-vst.pkg"

#VST3
pkgbuild --install-location "/Library/Audio/Plug-Ins/VST3" --identifier "$PLUGIN_IDENTIFIER-vst3.pkg" --version $PLUGIN_VERSION --component "$HOME/Library/Audio/Plug-Ins/VST3/$PLUGIN_NAME.vst3" "$PLUGIN_IDENTIFIER-vst3.pkg"

#Here we create the .pkg for the standalone version and all the support files (Manual, Banks, IRs, etc.)

#Standalone
pkgbuild --install-location "/tmp/your_standalone_app" --identifier "$PLUGIN_IDENTIFIER-app.pkg" --version $PLUGIN_VERSION --root "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app" "$PLUGIN_IDENTIFIER-app.pkg"

#IRs
pkgbuild --install-location "/tmp/your_support_files_temp_folder/IRs" --identifier "$PLUGIN_IDENTIFIER-irs.pkg" --version $PLUGIN_VERSION --root "../Common/Resources/IRs" "$PLUGIN_IDENTIFIER-irs.pkg"

#Banks
pkgbuild --install-location "/tmp/your_support_files_temp_folder/Banks" --identifier "$PLUGIN_IDENTIFIER-banks.pkg" --version $PLUGIN_VERSION --root "../Common/Resources/Banks" "$PLUGIN_IDENTIFIER-banks.pkg"

#Manual
pkgbuild --install-location "/tmp/your_support_files_temp_folder/Manual" --identifier "$PLUGIN_IDENTIFIER-manual.pkg" --version $PLUGIN_VERSION --root "../Common/Resources/Manual" "$PLUGIN_IDENTIFIER-manual.pkg"

#Here we pack the postinstall script

#Post install scripts
pkgbuild --install-location "/" --identifier "$PLUGIN_IDENTIFIER-postinstall.pkg" --version $PLUGIN_VERSION --nopayload --scripts ./Scripts "$PLUGIN_IDENTIFIER-postinstall.pkg"
You should now create a distribution.xml file to customize the installer. You can do this once and then manually edit it to link your resources (adding the license, icons, images, etc.).
If you're a shell wizard you could add it to the above script along with the editing instructions and use a single .sh to manage this as well.

Code: Select all

#Create default distribution.xml
productbuild --synthesize --package "$PLUGIN_IDENTIFIER-au.pkg" --package "$PLUGIN_IDENTIFIER-aax.pkg" --package "$PLUGIN_IDENTIFIER-vst.pkg" --package "$PLUGIN_IDENTIFIER-vst3.pkg" --package "$PLUGIN_IDENTIFIER-app.pkg" --package "$PLUGIN_IDENTIFIER-irs.pkg" --package "$PLUGIN_IDENTIFIER-banks.pkg" --package "$PLUGIN_IDENTIFIER-manual.pkg" --package "$PLUGIN_IDENTIFIER-postinstall.pkg" distribution.xml
You can now build the installer by packing all those .pkgs created above into one, using your distribution.xml customizations and sign it with your Apple Developer Installer certificate:

Code: Select all

#Build installer
productbuild --distribution distribution.xml --resources ../Common/Resources/ "$PLUGIN_NAME $PLUGIN_VERSION.unsigned.pkg"

#Sign installer
productsign --sign "Developer ID Installer: Federico Berti" "$PLUGIN_NAME $PLUGIN_VERSION.unsigned.pkg" "$PLUGIN_NAME $PLUGIN_VERSION.pkg"
For the notarization part, you need an altool password as suggested by discoDSP in his tutorial: https://support.apple.com/en-us/HT204397

Code: Select all

#Notarize installer
xcrun altool --notarize-app -f "$PLUGIN_NAME $PLUGIN_VERSION.pkg" --primary-bundle-id "$PLUGIN_IDENTIFIER.installer" --username "your_apple_id" --password "your_altool_password"
After the notarization is confirmed, you can staple and verify.
Again, a shell wizard could somehow automate this process into a single .sh by polling the verification service until the output code is different from -65.

Code: Select all

#Staple installer
xcrun stapler staple "$PLUGIN_NAME $PLUGIN_VERSION.pkg"

#Verify notarization
spctl -a -vvv -t install "$PLUGIN_NAME $PLUGIN_VERSION.pkg"
Please note that the standalone app needs to be signed, zipped and notarized before the main .pkg creation, here is an example of how I do it:

Code: Select all

#Sign standalone app
codesign --deep --force --sign "Developer ID Application: Federico Berti" "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"

#Zip standalone app
zip -r "$PLUGIN_NAME.zip" "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"

#Notarize standalone app
xcrun altool --notarize-app -f "$PLUGIN_NAME.zip" --primary-bundle-id "$PLUGIN_IDENTIFIER.app" --username "your_apple_id" --password "your_altool_password"
And then must be stapled and verified, as usual:

Code: Select all

#Staple installer
xcrun stapler staple "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"

#Verify notarization
spctl --assess --verbose "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"
In the postinstall script you'll have to move the files from the temp installation folders into the user actual folders.
The reason for this is that you can't use the tilde (~) in the main .sh script because it would translate into YOUR user folder, so it won't work for the customer.
(if someone has a better way to solve this without the postinstall calls I'm all ears)

Here is my postinstall, please note that in this example I'm copying the support files into the user's Document folder:

Code: Select all

#!/bin/sh
set -e

mkdir -p ~/Documents/your_support_files_root_folder/
cp -Rf /tmp/your_support_files_temp_folder/ ~/Documents/your_support_files_root_folder/

#temporary hack to solve Garageband 10 Sandboxing
mkdir -p ~/Library/Containers/com.apple.garageband10/Data/Documents/your_support_files_root_folder/
cp -Rf /tmp/your_support_files_root_folder/ ~/Library/Containers/com.apple.garageband10/Data/Documents/your_support_files_root_folder/

#Copy the standalone app into the Applications
cp -Rf /tmp/your_standalone_app /Applications/your_standalone_application.app

#Cleanup the installer temporary folders
rm -R /tmp/your_support_files_temp_folder
rm -R /tmp/your_standalone_app

exit 0
And that's all.

Now, if some shell guru would like to help in automating the notarization stapling and distribution.xml editing, this entire process could be merged into a single .sh script...

Hope it helps,
Federico

User avatar
Aleksey Vaneev
KVRAF
3570 posts since 7 Sep, 2002

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Sat Oct 12, 2019 9:57 am

Federico, thank you very much. When I have enough energy I'll experiment with your suggestions. I have my own "generator" application which generates any required supporting files for any project installer (that's why I've tried several options already).
Image

User avatar
discoDSP
KVRAF
4379 posts since 18 Jul, 2002

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Sun Oct 13, 2019 1:23 am

Federico, I saw your hack for GarageBand 10 sandbox but Logic Pro X is missing. I'm using symlinks instead copying files.

Code: Select all

if [ -d "$HOME/Library/Containers/com.apple.logic10/Data" ]
then

	if [ ! -d "$HOME/Library/Containers/com.apple.logic10/Data/Documents/discoDSP" ]
	
	then
   
	ln -s "$HOME/Documents/discoDSP" "$HOME/Library/Containers/com.apple.logic10/Data/Documents/"    
    
	fi

fi
Cheers,
George.

Wild Hades
KVRist
188 posts since 6 Sep, 2007

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Sun Oct 13, 2019 4:28 am

discoDSP wrote:
Sun Oct 13, 2019 1:23 am
Federico, I saw your hack for GarageBand 10 sandbox but Logic Pro X is missing. I'm using symlinks instead copying files.
Ah yes! Simlink, nice idea, thank you!

Btw the reason I didn't put the hack for the Logic sandbox is that no customer has ever complained about it, I've only got reports from GarageBand users. Is the sandbox even working for Logic?

User avatar
discoDSP
KVRAF
4379 posts since 18 Jul, 2002

Re: A small work offer to create a script that creates a notarized install pkg for macOS Catalina

Post Sun Oct 13, 2019 9:37 am

Wild Hades wrote:
Sun Oct 13, 2019 4:28 am
Btw the reason I didn't put the hack for the Logic sandbox is that no customer has ever complained about it, I've only got reports from GarageBand users. Is the sandbox even working for Logic?
I got it implemented years ago for a sandboxed Logic internal Apple release. Better safe than sorry :)

Return to “DSP and Plug-in Development”