Notarization Apple
-
@yall said in Notarization Apple:
@orange Hello I need help on the notarization. so i created a pkg. So if I understood correctly, if for example I put 3 plugins in this pkg they will all be notarized. okay. i dont understand apple certificates. I do have an account that I pay 99euros. if someone could detail me the procedure to follow from the creation of a certificate to the notarization please? I just want to be able to open my plugins with bigsur. apple drives me crazy with their stupid protection
Your process should be like this;
Hise Export plugins > Sign plugins > Build installer > Sign installer > Notarize installer > Time stamp installer
For signing you need 2 types of certifiactes.
For plugin signing, you need "Developer ID Application" certificate
For installer signing you need "Developer ID Installer" certificateYou can create certificates with "Request a certificate from a Certificate Authority" option in Keychain. Watch this video. He is making iOS certificate but you can follow the same steps for "Developer ID Application" and "Developer ID Installer" certificates individually.
https://www.youtube.com/watch?v=2NpT3cOQthwAfter creating your certificates, follow this KvR guide:
Cheers :)
-
@orange so I managed to create a certificate.ca I understood. then. I therefore exported a plugin from hise in .vst. I created with package a .pkg for the installation. I have imported the certificate into it. okay now the terminal code lines don't work for me. I put my .pkg on the desktop. I copied and pasted your link and modify the information of course. It gives me an error in the terminal. strongly a full video tutorial ^^ I say that I say nothing ^^
-
.
If you follow the KvR guide properly, it will definately work.
@yall said in Notarization Apple:
@orange so I managed to create a certificate.ca I understood. then.
You need 2 certificates, not one; as I mentioned above, have you got both 2 of them?
I therefore exported a plugin from hise in .vst. I created with package a .pkg for the installation.
After exporting the plugin, you need to sign it before it the .pkg installer. Did you do it? Remember this procedure: Hise Export plugins > Sign plugins > Build installer > Sign installer > Notarize installer > Time stamp installer. You need to carefully follow the KvR guide again: https://www.kvraudio.com/forum/viewtopic.php?t=531663
now the terminal code lines don't work for me.
How it doesn't work? What are you typing into the terminal and what is terminal saying to you?
-
@orange I would like to clarify some things. What exactly am I replacing this data with?
codesign -s "Developer ID Application: Team Name (Team ID)" "/path/plugin.component" --timestamp
developer application ID?
team Name?
(team ID)?
between devloper account, apple account, I'm lost. I certainly did not do it right. the team id I know this is something like XHEIY67HDJJD from apple developer.
Yet it seems very simple but for the first time it is a bit messy all this for a noobs like me ^^ -
@yall You will find this in your Apple developer account. It'll look exactly like the example.
Awesome Plugin Company (W68FJJHBN) -
@yall said in Notarization Apple:
@orange I would like to clarify some things. What exactly am I replacing this data with?
codesign -s "Developer ID Application: Team Name (Team ID)" "/path/plugin.component" --timestamp
developer application ID?
team Name?
(team ID)?
between devloper account, apple account, I'm lost. I certainly did not do it right. the team id I know this is something like XHEIY67HDJJD from apple developer.
Yet it seems very simple but for the first time it is a bit messy all this for a noobs like me ^^Open the Keychain Access Utility and look at your certificates that you've just created.
For example, in below image
Developer ID Application : is just for describing the certificate type, no need to do anything for this.
Team Name: John Smith. It could be your company's name too.
Team ID: RNZ541ACLZAs you see, for signing, you need to use the same name of the certificate just like in the Keychain Access Utility. So acording to this example in the image, the AU plugin signing code will be like this:
codesign -s "Developer ID Application: John Smith (RNZ541ACLZ)" "/path/plugin.component" --timestampAlso be careful about spaces, letters...etc. in the code.
NOTE: If you can't see the both 2 certificates in the Keychain Access Utility, then it means that you didn't installed certificates properly. Then go to the begining and install the certificates properly.
-
@orange @dustbro @d-healey
hello, i haven't looked into notarization yet but something weird has happened to me. a friend who serves me as a beta tester, did not manage to open a vst in ableton because I sent him by we transfer directly to the compressed file format. my instrument.vst .that did not work . I sent it back as a pkg. and strangely enough it worked straight away without a problem. he is on bigsure. the plugin is therefore not notarized. is it a fluke or is it something logical? because if it works. why bother to notarize? his mac is from late 2013 with last bigsure update. I created a package with whitebox package. without entering my apple IDs expand -
@yall Are you sure he didn't just allow it past the gatekeeper when prompted?
-
@yall Sending a project as a raw .vst .aax or .component wont work with Wetransfer. It changes the file structure from a container into a folder (or... something like that). To maintain the properties, zip up the plugins before you send.
-
@d-healey I'm pretty sure he hasn't touched anything because he doesn't know anything about it ^^ however I gave him the .vst file I will try to give it a .componant even I was surprised! the first time he tried to drag the .vst in and the apple indicated that the developer was not verified. then he deleted the .vst. and installed with a simple pkg. and ableton took it straight. I will try to send him some fx and vst plugins of all kinds to be sure.
-
@dustbro I have always sent this way it never bothered. but suppose you are right. how is it possible that bigsure allows an unverified plugin? from what I know now it is imperative to notarize them?
-
imperative to notarize them?
If you notarize the package you don't need to notarize the plugin, but you still need to codesign both.
-
yes I understand, but in this case, nothing has been notarized or coded. I just took the .VST and created a pkg and that's it. That's why I find it weird.
