A small work offer to create a script that creates a notarized install pkg for macOS Catalina
- KVRAF
- Topic Starter
- 4021 posts since 7 Sep, 2002
Hello!
If you are experienced enough and interested, please contact me via info@voxengo.com - the following work is necessary: create a generic .sh script which creates a package using standard developer tools out of signed .component file located in standard Components folder, plus several files like image and license file, plus a post-install script, all located in a separate folder, then submits for notarization and waits for notarization result, then stamps. I'm personally aware of the processes, but I thought it would be fine to cooperate with someone experienced on this. Of course, I will pay for work an agreed sum via PayPal.
If you are experienced enough and interested, please contact me via info@voxengo.com - the following work is necessary: create a generic .sh script which creates a package using standard developer tools out of signed .component file located in standard Components folder, plus several files like image and license file, plus a post-install script, all located in a separate folder, then submits for notarization and waits for notarization result, then stamps. I'm personally aware of the processes, but I thought it would be fine to cooperate with someone experienced on this. Of course, I will pay for work an agreed sum via PayPal.
- KVRian
- 872 posts since 6 Aug, 2005 from England
Excellent idea! If you can make a MacOSX App for the App Store that does the process, just by taking the licence info, then I’d easily pay $50 for it, and I’m sure many others would do too.
Dave Hoskins. http://www.quikquak.com
-
- KVRAF
- 4735 posts since 18 Jul, 2002 from London, UK
Will this work though..? AFAIK notarization won't succeed unless you're using hardened runtime, sandboxing entitlements and possibly some other "new" stuff.
This account is dormant, I am no longer employed by FXpansion / ROLI.
Find me on LinkedIn or elsewhere if you need to get in touch.
Find me on LinkedIn or elsewhere if you need to get in touch.
- KVRian
- 872 posts since 6 Aug, 2005 from England
As long as the user has the requirements, surely you could execute scripts from a program to do it?
Or at least print the procedure to a file that the user can run themselves.
If not then... *sigh*
Or at least print the procedure to a file that the user can run themselves.
If not then... *sigh*
Dave Hoskins. http://www.quikquak.com
- KVRAF
- Topic Starter
- 4021 posts since 7 Sep, 2002
Not sure I understand your messages. I just need a single .sh script with required util calls, and maybe some loop that waits for notarization. If I'm not mistaken, it's possible to create a package with standard devutils, and attach a post-install script to it, I just have no details. maybe it needs to be zipped first for notarization, or component should be submitted for notarization separately - you see, I just have an overview of the process, so need an experienced help.
-
- KVRAF
- 5427 posts since 18 Jul, 2002
This might be of help: https://bitbucket.org/jpommier/notarize ... tarize-app
- KVRAF
- Topic Starter
- 4021 posts since 7 Sep, 2002
Thanks, will check this out if nobody goes online. Anyway, still need to create pkg - my previous attempts to use proprietary applications for package creation failed miserably, I think there should be a way to just use command-line tools to create packages. And I'd really like to pay for the help, maybe ask a couple of questions. I'm fine with Windows way of producing software, but MacOS tools and technology makes me sad. (not only me - xcode has 2.6/5 rating on App Store)
-
- KVRAF
- 5427 posts since 18 Jul, 2002
WhiteBox Packages http://s.sudre.free.fr/Software/Packages/ has command line tools, but I'm using the GUI version. Be aware with GUI version you need to codesign via command line with productsign because secure time stamp isn't supported in 1.2.6. Drop me a line to contactus@discodsp.com if you are looking for some assistance. I'd be glad to help you.
Also, I posted a how to some weeks ago: viewtopic.php?p=7518248#p7518248Command Line Tool
Integrating Packages into an automated production workflow is easy with the packagesbuild command line tool. Once you have created your Packages project, the packagesbuild tool will let you build it from the Terminal, a shell script or an Xcode Run Script Build phase.
-
- KVRist
- 212 posts since 6 Sep, 2007
I'm currently using .sh scripts to automate the creation of my packages for OSX distribution using the standard tools provided by the OS.Aleksey Vaneev wrote: ↑Fri Oct 11, 2019 4:19 amI think there should be a way to just use command-line tools to create packages. And I'd really like to pay for the help, maybe ask a couple of questions.
I'd be glad to help you out just to thank you for your amazing R8Brain library
Here is an example of what I'm doing to create the .pkg installer
Code: Select all
#Variables
PLUGIN_IDENTIFIER=com.yourcompany.yourproductid
PLUGIN_VERSION=1.0.0
PLUGIN_NAME="Your Plug-In name"
#Echo on
set -x -e
#Here we create the .pkg for all the plug-in formats
#AAX
pkgbuild --install-location "/Library/Application Support/Avid/Audio/Plug-Ins" --identifier "$PLUGIN_IDENTIFIER-aax.pkg" --version $PLUGIN_VERSION --component "/Library/Application Support/Avid/Audio/Plug-Ins/$PLUGIN_NAME.aaxplugin" "$PLUGIN_IDENTIFIER-aax.pkg"
#AU
pkgbuild --install-location "/Library/Audio/Plug-Ins/Components" --identifier "$PLUGIN_IDENTIFIER-au.pkg" --version $PLUGIN_VERSION --component "$HOME/Library/Audio/Plug-Ins/Components/$PLUGIN_NAME.component" "$PLUGIN_IDENTIFIER-au.pkg"
#VST2.4
pkgbuild --install-location "/Library/Audio/Plug-Ins/VST" --identifier "$PLUGIN_IDENTIFIER-vst.pkg" --version $PLUGIN_VERSION --component "$HOME/Library/Audio/Plug-Ins/VST/$PLUGIN_NAME.vst" "$PLUGIN_IDENTIFIER-vst.pkg"
#VST3
pkgbuild --install-location "/Library/Audio/Plug-Ins/VST3" --identifier "$PLUGIN_IDENTIFIER-vst3.pkg" --version $PLUGIN_VERSION --component "$HOME/Library/Audio/Plug-Ins/VST3/$PLUGIN_NAME.vst3" "$PLUGIN_IDENTIFIER-vst3.pkg"
#Here we create the .pkg for the standalone version and all the support files (Manual, Banks, IRs, etc.)
#Standalone
pkgbuild --install-location "/tmp/your_standalone_app" --identifier "$PLUGIN_IDENTIFIER-app.pkg" --version $PLUGIN_VERSION --root "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app" "$PLUGIN_IDENTIFIER-app.pkg"
#IRs
pkgbuild --install-location "/tmp/your_support_files_temp_folder/IRs" --identifier "$PLUGIN_IDENTIFIER-irs.pkg" --version $PLUGIN_VERSION --root "../Common/Resources/IRs" "$PLUGIN_IDENTIFIER-irs.pkg"
#Banks
pkgbuild --install-location "/tmp/your_support_files_temp_folder/Banks" --identifier "$PLUGIN_IDENTIFIER-banks.pkg" --version $PLUGIN_VERSION --root "../Common/Resources/Banks" "$PLUGIN_IDENTIFIER-banks.pkg"
#Manual
pkgbuild --install-location "/tmp/your_support_files_temp_folder/Manual" --identifier "$PLUGIN_IDENTIFIER-manual.pkg" --version $PLUGIN_VERSION --root "../Common/Resources/Manual" "$PLUGIN_IDENTIFIER-manual.pkg"
#Here we pack the postinstall script
#Post install scripts
pkgbuild --install-location "/" --identifier "$PLUGIN_IDENTIFIER-postinstall.pkg" --version $PLUGIN_VERSION --nopayload --scripts ./Scripts "$PLUGIN_IDENTIFIER-postinstall.pkg"
If you're a shell wizard you could add it to the above script along with the editing instructions and use a single .sh to manage this as well.
Code: Select all
#Create default distribution.xml
productbuild --synthesize --package "$PLUGIN_IDENTIFIER-au.pkg" --package "$PLUGIN_IDENTIFIER-aax.pkg" --package "$PLUGIN_IDENTIFIER-vst.pkg" --package "$PLUGIN_IDENTIFIER-vst3.pkg" --package "$PLUGIN_IDENTIFIER-app.pkg" --package "$PLUGIN_IDENTIFIER-irs.pkg" --package "$PLUGIN_IDENTIFIER-banks.pkg" --package "$PLUGIN_IDENTIFIER-manual.pkg" --package "$PLUGIN_IDENTIFIER-postinstall.pkg" distribution.xml
Code: Select all
#Build installer
productbuild --distribution distribution.xml --resources ../Common/Resources/ "$PLUGIN_NAME $PLUGIN_VERSION.unsigned.pkg"
#Sign installer
productsign --sign "Developer ID Installer: Federico Berti" "$PLUGIN_NAME $PLUGIN_VERSION.unsigned.pkg" "$PLUGIN_NAME $PLUGIN_VERSION.pkg"
Code: Select all
#Notarize installer
xcrun altool --notarize-app -f "$PLUGIN_NAME $PLUGIN_VERSION.pkg" --primary-bundle-id "$PLUGIN_IDENTIFIER.installer" --username "your_apple_id" --password "your_altool_password"
Again, a shell wizard could somehow automate this process into a single .sh by polling the verification service until the output code is different from -65.
Code: Select all
#Staple installer
xcrun stapler staple "$PLUGIN_NAME $PLUGIN_VERSION.pkg"
#Verify notarization
spctl -a -vvv -t install "$PLUGIN_NAME $PLUGIN_VERSION.pkg"
Code: Select all
#Sign standalone app
codesign --deep --force --sign "Developer ID Application: Federico Berti" "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"
#Zip standalone app
zip -r "$PLUGIN_NAME.zip" "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"
#Notarize standalone app
xcrun altool --notarize-app -f "$PLUGIN_NAME.zip" --primary-bundle-id "$PLUGIN_IDENTIFIER.app" --username "your_apple_id" --password "your_altool_password"
Code: Select all
#Staple installer
xcrun stapler staple "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"
#Verify notarization
spctl --assess --verbose "../../Builds/MacOSX/build/Release/$PLUGIN_NAME.app"
The reason for this is that you can't use the tilde (~) in the main .sh script because it would translate into YOUR user folder, so it won't work for the customer.
(if someone has a better way to solve this without the postinstall calls I'm all ears)
Here is my postinstall, please note that in this example I'm copying the support files into the user's Document folder:
Code: Select all
#!/bin/sh
set -e
mkdir -p ~/Documents/your_support_files_root_folder/
cp -Rf /tmp/your_support_files_temp_folder/ ~/Documents/your_support_files_root_folder/
#temporary hack to solve Garageband 10 Sandboxing
mkdir -p ~/Library/Containers/com.apple.garageband10/Data/Documents/your_support_files_root_folder/
cp -Rf /tmp/your_support_files_root_folder/ ~/Library/Containers/com.apple.garageband10/Data/Documents/your_support_files_root_folder/
#Copy the standalone app into the Applications
cp -Rf /tmp/your_standalone_app /Applications/your_standalone_application.app
#Cleanup the installer temporary folders
rm -R /tmp/your_support_files_temp_folder
rm -R /tmp/your_standalone_app
exit 0
Now, if some shell guru would like to help in automating the notarization stapling and distribution.xml editing, this entire process could be merged into a single .sh script...
Hope it helps,
Federico
- KVRAF
- Topic Starter
- 4021 posts since 7 Sep, 2002
-
- KVRAF
- 5427 posts since 18 Jul, 2002
Federico, I saw your hack for GarageBand 10 sandbox but Logic Pro X is missing. I'm using symlinks instead copying files.
Cheers,
George.
Code: Select all
if [ -d "$HOME/Library/Containers/com.apple.logic10/Data" ]
then
if [ ! -d "$HOME/Library/Containers/com.apple.logic10/Data/Documents/discoDSP" ]
then
ln -s "$HOME/Documents/discoDSP" "$HOME/Library/Containers/com.apple.logic10/Data/Documents/"
fi
fi
George.
-
- KVRist
- 212 posts since 6 Sep, 2007
Ah yes! Simlink, nice idea, thank you!
Btw the reason I didn't put the hack for the Logic sandbox is that no customer has ever complained about it, I've only got reports from GarageBand users. Is the sandbox even working for Logic?
-
- KVRAF
- 5427 posts since 18 Jul, 2002
I got it implemented years ago for a sandboxed Logic internal Apple release. Better safe than sorryWild Hades wrote: ↑Sun Oct 13, 2019 12:28 pm Btw the reason I didn't put the hack for the Logic sandbox is that no customer has ever complained about it, I've only got reports from GarageBand users. Is the sandbox even working for Logic?
- KVRAF
- Topic Starter
- 4021 posts since 7 Sep, 2002
-
- KVRist
- 212 posts since 6 Sep, 2007
I usually build it with "productbuild --synthesize", then customize it manually, for example by adding this:Aleksey Vaneev wrote: ↑Thu Oct 31, 2019 11:41 pm Federico, how distribution.xml is defined, is there a standard for it? Or does "productbuild --synthesize" create a default XML? What is postinstallscript - you refer it is a pkg, is it really just a sh script?
Code: Select all
<background file="Logo.png" alignment="topleft" scaling="none"/>
<readme file="readme.txt" />
<license file="EULA.txt" />
When you then execute the productbuild command, you need to specify the folder where those resources (Logo.png, EULA.txt, etc.) are, like:
Code: Select all
productbuild --distribution distribution.xml --resources ../Common/Resources/ "$PLUGIN_NAME $PLUGIN_VERSION.unsigned.pkg"
Be aware that I had issues when I edited and saved that postinstall file on a Windows machine and it was causing the installation to fail.
Recreating it with the identical script on OSX solved the issue, maybe there could be some file encoding problems, so better to create and edit it on OSX directly.