Requirements:
- Apple Developer ID ($99/year).
- XCode 13. If you're using older XCode you can download the XCode 13 command line tools.
- Internet access.
- Create a specific notarytool password.
If you distribute your plugins using a simple ZIP file, you still need to notarize it (you're actually notarizing the contents of the ZIP). You can't staple a ZIP file, but you can staple the contents after they have been notarized.
PLUGIN FILES
Signing via terminal is simple. Team name should be your Name and Surname followed by Team ID number like 87UBP9ZN95 using parenthesis:
Code: Select all
codesign -s "Developer ID Application: Team Name (Team ID)" "/path/plugin.component" --timestamp
codesign -s "Developer ID Application: Team Name (Team ID)" "/path/plugin.vst" --timestamp
codesign -s "Developer ID Application: Team Name (Team ID)" "/path/plugin.vst3" --timestamp
- If you are using an installer, use the method as described below.
- If you are distributing a .vst / .component without installer, notarize the plugin.
You can do this by creating a zip file containing the plugin. Then run:
Code: Select all
xcrun notarytool submit --apple-id "you apple id" --password "your notarytool password" --team-id "your team id" --wait "plugin.zip"
Code: Select all
xcrun stapler staple "plugin.zip"
The notary service generates a ticket for the top-level file that you specify, as well as each nested file. For example, if you submit a disk image that contains a signed installer package with an app bundle inside, the notarization service generates tickets for the disk image, installer package, and app bundle.
- Your app must get code signed and get Hardened Runtime enabled, it workes for signing from command line:
Code: Select all
codesign --deep --force --options runtime --sign "Developer ID Application: Your Name" "Application.app"
- ZIP and submit it for notarization (following steps NOT required if you are going to submit a PKG):
Code: Select all
xcrun notarytool submit --apple-id "you apple id" --password "your notarytool password" --team-id "your team id" --wait "MyApp.app"
- After it's accepted, it's time to staple the .app with a The staple and validate action worked! message.
Code: Select all
xcrun stapler staple "/Users/you/MyApp/MyApp.app"
- For verification purposes you use the commnad with a message like
Code: Select all
spctl --assess --verbose "MyApp.app"
Code: Select all
/path/MyApp.app: accepted source=Notarized Developer ID
- The app can be distributed now.
PKG INSTALLER NOTARIZATION
I use the app WhiteBox Packages to distribute the plugins and it works great. Make sure you set the Apple Developer certificate to your PKG:
- Submit the signed PKG to Apple servers: and after a few minutes you should receive a notification via terminal.
Code: Select all
xcrun notarytool submit --apple-id "your apple id" --password "your notarytool password" --team-id "your team ID" --wait "Install.pkg"
- Staple the PKG:
Code: Select all
xcrun stapler staple /Users/home/Desktop/signedPKG/Install.pkg"
- Verify everything is OK: should give you a valid message
Code: Select all
spctl -a -vvv -t install "/Users/home/Desktop/Install.pkg"
Code: Select all
/Users/home/Desktop/signedPKG/Install.pkg: accepted source=Notarized Developer ID origin=Developer ID Installer: Your Name (IDXXXXXX)
- And that's all! Ready to get distributed.