HOWTO macOS notarization (plugins, app, pkg installers)
- KVRAF
- 4021 posts since 7 Sep, 2002
- KVRAF
- 4021 posts since 7 Sep, 2002
- KVRist
- 91 posts since 13 May, 2007
I can’t answer your question, but for reference, hardened runtime is not applicable for plugins. Unless they’re standalones.Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:12 am How is "hardened runtime" is enabled via clang++ switches?
Arne @ noteperformer.com
-
Zaphod (giancarlo) Zaphod (giancarlo) https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=111268
- KVRAF
- 2596 posts since 23 Jun, 2006
It could be the SDK you are linking against
- KVRist
- 91 posts since 13 May, 2007
Did you retrieve the notarisation log from Apple’s servers?Aleksey Vaneev wrote: ↑Sat Nov 09, 2019 10:54 am I only want to notarize a given component. It does not work, even after removing initial Library/Audio/Plugins/Component path. Just the SPAN.component inside the ZIP. Says Invalid Package. What is wrong?
Arne @ noteperformer.com
- KVRAF
- 1748 posts since 2 Jul, 2018
The Apple-hassle continues. Today I wasted another 4 hours of development time with broken tools...
Now a new obstacle has appeared.
If I run codesign with command-line I get this error message:
codesign -s 'Developer ID Application: DeveloperName (P4217013)' Icarus.vst
Icarus.vst: invalid or unsupported format for signature
If I run codesign on the .component it works.
Does code-signing on the .VST not longer work?
Do I miss something?
Thanks in advance,
Markus
Now a new obstacle has appeared.
If I run codesign with command-line I get this error message:
codesign -s 'Developer ID Application: DeveloperName (P4217013)' Icarus.vst
Icarus.vst: invalid or unsupported format for signature
If I run codesign on the .component it works.
Does code-signing on the .VST not longer work?
Do I miss something?
Thanks in advance,
Markus
Last edited by Markus Krause on Wed Nov 20, 2019 3:00 pm, edited 1 time in total.
- KVRAF
- 1748 posts since 2 Jul, 2018
I was able to fix it. The compiler somehow did place a .cstemp file within the .vst. . After deleting it it did work
Further findings: You needed to login to developer.apple.com and accept a new contract. Otherwise notarization upload resulted in an error
Further findings: You needed to login to developer.apple.com and accept a new contract. Otherwise notarization upload resulted in an error
- KVRist
- 91 posts since 24 Dec, 2015 from Bristol, UK
Got a quick questions about what needs notarizing...
I create packages using pkgbuild and then combine then into a single installer package using productbuild. Question is: can I get away with just notarizing the package output from productbuild or do I need to notarize the sub packages created with pkgbuild as well? I also then add this installer package to a dmg - I'm assuming this doesn't need notarizing?
I create packages using pkgbuild and then combine then into a single installer package using productbuild. Question is: can I get away with just notarizing the package output from productbuild or do I need to notarize the sub packages created with pkgbuild as well? I also then add this installer package to a dmg - I'm assuming this doesn't need notarizing?
- KVRAF
- 1873 posts since 13 Apr, 2011 from EU
Check this:keithwood wrote: ↑Thu Nov 21, 2019 9:21 am Got a quick questions about what needs notarizing...
I create packages using pkgbuild and then combine then into a single installer package using productbuild. Question is: can I get away with just notarizing the package output from productbuild or do I need to notarize the sub packages created with pkgbuild as well? I also then add this installer package to a dmg - I'm assuming this doesn't need notarizing?
From that link:e-phonic wrote: ↑Sat Oct 19, 2019 12:49 pmYou can find some info about notarizing plugins here:
https://developer.apple.com/documentati ... n_workflow
The notary service generates a ticket for the top-level file that you specify, as well as each nested file. For example, if you submit a disk image that contains a signed installer package with an app bundle inside, the notarization service generates tickets for the disk image, installer package, and app bundle.
- KVRist
- 91 posts since 13 May, 2007
You only need to notarise the finished .pkg, not the sub packages.keithwood wrote: ↑Thu Nov 21, 2019 9:21 am Got a quick questions about what needs notarizing...
I create packages using pkgbuild and then combine then into a single installer package using productbuild. Question is: can I get away with just notarizing the package output from productbuild or do I need to notarize the sub packages created with pkgbuild as well? I also then add this installer package to a dmg - I'm assuming this doesn't need notarizing?
EDIT: Actually, in this case I think you only need to notarise the .dmg. The outmost container is what's notarised.
Arne @ noteperformer.com
-
- KVRian
- 631 posts since 30 Aug, 2012
NAIVE question - I have only been at this a short time and never come across an OS change like this - how are you guys testing your plugins in OS Catalina? Are you running the whole thing in a VM? If so, how do you know the VM is giving you the correct result? And, finally, what Catalina-compatible DAW(s) are you testing them in?
- KVRAF
- 1873 posts since 13 Apr, 2011 from EU
I've installed Catalina on an external SSD and I'm using it with an old MacBook Pro (2012).Fender19 wrote: ↑Fri Nov 22, 2019 6:15 pm NAIVE question - I have only been at this a short time and never come across an OS change like this - how are you guys testing your plugins in OS Catalina? Are you running the whole thing in a VM? If so, how do you know the VM is giving you the correct result? And, finally, what Catalina-compatible DAW(s) are you testing them in?
I've tested Logic and Live so far but I didn't bother testing other DAWs as the main concern was Gatekeeper. I also run tests with auvaltool and pluginval.
-
- KVRian
- 631 posts since 30 Aug, 2012
Thanks for the info. Auvaltool from what version of Xcode?
- KVRist
- 243 posts since 24 Aug, 2014
Auvaltool is not a part of Xcode. It is a part of OS.
Code: Select all
$ which auvaltool
/usr/bin/auvaltool
- KVRAF
- 1873 posts since 13 Apr, 2011 from EU