Apple team ID, code sign but ask for security to open the plugin
-
@Yannrog
I'm not familiar with the new notary tool. I use the commands I showed you above:// AU Component (Sign) codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.component" --timestamp // VST3 (Sign) codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.vst3" --timestamp // Installer (Sign) codesign --deep --force --options runtime --sign "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg" // Installer (Notarization) xcrun notarytool submit --apple-id "YOUR_MAIL_ADRESS" --password "YOUR_PASSWORD" --team-id "YOUR_CODE" --wait "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg" // Installer (Staple) xcrun stapler staple "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"First, as mentioned, you'll need to remove the signature using this:
codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.vst3" codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.component" -
@Oli-Ullmann Ok , I didn't know about code signing directly from the CLI Thank you so much.
Sorry, this is already the new notary tool. This is the new command apple recommend with “xcrun notarytool submitt“. -
@Oli-Ullmann It seems to work. I have status accepted. God bless you.
-
What is the command to verify if it is code signed ? thank you
-
@Yannrog Can't remember, but there's some useful apps here that will give you the info https://forum.hise.audio/topic/14860/couple-of-handy-free-mac-apps-for-checking-code-signs-and-notarisation
-
@Oli-Ullmann I shouldn't need to remove the old signature prior to signing again.
The new codesign process warns you about the existing signature and automatically replaces it. -
@David-Healey works well

-
@ustk
What do you mean by “new codesign process”? The new notary tool? -
@Oli-Ullmann no I just mean when you codesign again, the previous signature should be replaced. That's what I do with no issues.
-
VST and AU:
Running: codesign --deep --force --timestamp --options runtime --sign "Developer ID Application: XXXXXXXXXXX" "/Library/Audio/Plug-Ins/Components/MyPlugin.component" --verbose /Library/Audio/Plug-Ins/Components/MyPlugin.component: replacing existing signature /Library/Audio/Plug-Ins/Components/MyPlugin.component: signed bundle with Mach-O universal (x86_64 arm64) [com.studio427audio.myplugin]And AAX:
Warning! This binary has an invalid existing platform digital signature. This situation could happen if you wrapped a binary that was already signed. Regardless, a new signature will be created now, using your specified credentials. -
@ustk
I see. Your command looks a little different from mine. I'll try it next time. Maybe it'll work for me then, too. Thanks a lot! :-) -
@Oli-Ullmann The
--forceflag overwrites any existing signature. -
@dannytaurus
Thanks for the info! :-) -
@Oli-Ullmann May the
--forcebe with you
-
@ustk
ha ha ha
-

-
@ustk @AchimR @dannytaurus @David-Healey @Oli-Ullmann @Lindon
Hi, everything works perfectly. However, I have an app that wont notarize. It is code signed, I have removed it and re signed it.
I did it for other apps, they have been notarize well.
The app version of the project should have its own bundle identifier? I have the same for the AU, VST, VST3 versions. The app version should have a different bundle ID or it's good if it's the same?
-
@Yannrog Every package needs a unique ID
-
@David-Healey ok thank you