HOWTO macOS notarization (plugins, app, pkg installers)
- Banned
- 4021 posts since 7 Sep, 2002
- KVRian
- 710 posts since 16 May, 2014 from Germany
For me new time stamp was enough. And it could take some hours to get new notarization ... It seems that Apple notar server does a re-queueing when sending the same file several times.Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 7:04 am How to reupload a failed file for notarization? I've recompiled and code signed application again, but notarization tells me cache still has the same item.
- Banned
- 4021 posts since 7 Sep, 2002
- Banned
- 4021 posts since 7 Sep, 2002
- KVRian
- 710 posts since 16 May, 2014 from Germany
Of course if you provide an app together with your pkg installer you need to sign, notarize and staple this app as well (as written in the first post). Re-signing seems to be enough to (re)start notarization.
This is our process chain (app+plugin in one pkg):
vst2/vst3/au => codesign
app => codesign, notarize, staple
pkg (app+plugin) => codesign, notarize, staple
(exact instructions in first post)
Just an observation of the notarization process: we have to wait until notarization of a specific "primary-bundle-id" is finished (email or polling) before starting the new notarization. Otherwise the notar queue seems to screw up.
This is our process chain (app+plugin in one pkg):
vst2/vst3/au => codesign
app => codesign, notarize, staple
pkg (app+plugin) => codesign, notarize, staple
(exact instructions in first post)
Just an observation of the notarization process: we have to wait until notarization of a specific "primary-bundle-id" is finished (email or polling) before starting the new notarization. Otherwise the notar queue seems to screw up.
- Banned
- 4021 posts since 7 Sep, 2002
What does "Package Invalid" notarization result mean on an AudioUnit component?
How to ZIP exactly the component file, without Library/Audio..etc path?
How to ZIP exactly the component file, without Library/Audio..etc path?
Last edited by Aleksey Vaneev on Sat Nov 09, 2019 10:36 am, edited 2 times in total.
- Banned
- 4021 posts since 7 Sep, 2002
Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:31 am What does "Package Invalid" notarization result mean on an AudioUnit component?
- KVRian
- 710 posts since 16 May, 2014 from Germany
Just to clarify: you have a pkg with vst/vst3 and au, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:31 am What does "Package Invalid" notarization result mean on an AudioUnit component?
All three plugins are signed, right?
Then you sign and notarize the pkg and get this message, right?
- Banned
- 4021 posts since 7 Sep, 2002
- Banned
- 4021 posts since 7 Sep, 2002
I only have component file, not pkg.TB-ProAudio wrote: ↑Sat Nov 09, 2019 10:35 amJust to clarify: you have a pkg with vst/vst3 and au, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:31 am What does "Package Invalid" notarization result mean on an AudioUnit component?
All three plugins are signed, right?
Then you sign and notarize the pkg and get this message, right?
- KVRian
- 710 posts since 16 May, 2014 from Germany
OK, so packed the signed au in a zip file, signed and notarized this, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:37 amI only have component file, not pkg.TB-ProAudio wrote: ↑Sat Nov 09, 2019 10:35 amJust to clarify: you have a pkg with vst/vst3 and au, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:31 am What does "Package Invalid" notarization result mean on an AudioUnit component?
All three plugins are signed, right?
Then you sign and notarize the pkg and get this message, right?
- Banned
- 4021 posts since 7 Sep, 2002
Yes, but it looks like the packed signed au includes /LIbrary/Audio/Plugins path, so it does not work, no idea how to ZIP correctly.TB-ProAudio wrote: ↑Sat Nov 09, 2019 10:39 amOK, so packed the signed au in a zip file, signed and notarized this, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:37 amI only have component file, not pkg.TB-ProAudio wrote: ↑Sat Nov 09, 2019 10:35 amJust to clarify: you have a pkg with vst/vst3 and au, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:31 am What does "Package Invalid" notarization result mean on an AudioUnit component?
All three plugins are signed, right?
Then you sign and notarize the pkg and get this message, right?
- Banned
- 4021 posts since 7 Sep, 2002
- KVRian
- 710 posts since 16 May, 2014 from Germany
Without path? But then the unpack goes somewhere, I see...Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:40 amYes, but it looks like the packed signed au includes /LIbrary/Audio/Plugins path, so it does not work, no idea how to ZIP correctly.TB-ProAudio wrote: ↑Sat Nov 09, 2019 10:39 amOK, so packed the signed au in a zip file, signed and notarized this, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:37 amI only have component file, not pkg.TB-ProAudio wrote: ↑Sat Nov 09, 2019 10:35 amJust to clarify: you have a pkg with vst/vst3 and au, right?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:31 am What does "Package Invalid" notarization result mean on an AudioUnit component?
All three plugins are signed, right?
Then you sign and notarize the pkg and get this message, right?
But why not use pkg? Similar to zip, supports pathes and gets notarized?
- KVRian
- 710 posts since 16 May, 2014 from Germany
Sorry, no experience with DMG. But it seems that DMG is not supported by notar process...Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:41 am Can I just notarize DMG file, without need to notarize individual components?