HISE Logo Forum
    • Categories
    • Register
    • Login

    Notarisation for dummies

    Scheduled Pinned Locked Moved General Questions
    160 Posts 20 Posters 17.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • d.healeyD
      d.healey @Lindon
      last edited by d.healey

      @Lindon Seems like we're good to just notarize the pkg

      Does notarization apply to a .app contained on a .pkg?

      Yep. From my previous post:
      The notary service generates a ticket for the top-level file that you specify, as well as each nested file. For example, if you submit a disk image that contains a signed installer package with an app bundle inside, the notarization service generates tickets for the disk image, installer package, and app bundle.

      Your app must get code signed and get Hardened Runtime enabled,

      My exporter tool handles this.

      Libre Wave - Freedom respecting instruments and effects
      My Patreon - HISE tutorials
      YouTube Channel - Public HISE tutorials

      1 Reply Last reply Reply Quote 0
      • A
        adriano @d.healey
        last edited by

        @d-healey I don't understand everything in the language of a programmer like you. gatekeeper I don't even know what it is. I distributed a dixiane of plugin to friends under catalina, mainly producers. I created one. pkg with the mac package application, then creates a distribution package. I just told the package to put the .vst and .au plugins in audio / plugin .... and that's it .. no problem whatsoever at the package or vst level. To be sure, I asked my friends if they had any errors and no one reported any problem to me. I did not do any right click manipulation etc ... just we open the pkg and everything works fine. After that maybe to distribute a plugin via the apple store it is necessary but for me, at this moment, everything is fine. I compile under x code latest version, project latest version and catalina latest version

        d.healeyD SampleScienceS 2 Replies Last reply Reply Quote 0
        • Christoph HartC
          Christoph Hart
          last edited by

          Alrighty, then enjoy the freedom from notarization as long as you can :)

          1 Reply Last reply Reply Quote 1
          • d.healeyD
            d.healey @adriano
            last edited by

            @adriano said in Notarisation for dummies:

            gatekeeper I don't even know what it is.

            Gatekeeper is the Mac "security" thing that pops up and tells you which apps it thinks are dangerous and it will try to stop you running them.

            Libre Wave - Freedom respecting instruments and effects
            My Patreon - HISE tutorials
            YouTube Channel - Public HISE tutorials

            A 1 Reply Last reply Reply Quote 0
            • A
              adriano @d.healey
              last edited by

              @d-healey ball kick to gatekeep 😂😂

              1 Reply Last reply Reply Quote 0
              • SampleScienceS
                SampleScience @adriano
                last edited by

                @adriano Do you distribute your plugins to your friends online or by using USB keys? Because if it's by using USB keys, you won't have any problems, it's when it's downloaded via the web that the Gatekeeper will interfere with the app/plugin.

                A 1 Reply Last reply Reply Quote 0
                • A
                  adriano @SampleScience
                  last edited by

                  @SampleScience from "WE transfert" or gmail directly.

                  1 Reply Last reply Reply Quote 1
                  • Y
                    yall
                    last edited by

                    @Lindon said in Notarisation for dummies:

                    username

                    @Lindon

                    hi, i just got to code my vst.component and the PKG. the coding went well.
                    (I could not verify if the code was successful with the command.>.

                    codesign -vvv /Users/macmini/Desktop/notarizationplugin/myvst.component. )

                    i had again entered the command line to sign, the terminal told me that the vst was already signed. so ok.
                    i'm notarizing pkg now, i handwrite in terminal but get this error. >.
                    unable to find utility "altool", not a developer tool or in PATH. <

                    and I am a little stuck.
                    I have created my altool password, correctly entered my email address in username. do you have any idea of ​​the problem?
                    thank you ;)

                    Y 1 Reply Last reply Reply Quote 0
                    • Y
                      yall @yall
                      last edited by

                      @Lindon the problem may be with x code 8.3 instead of a newer version?

                      d.healeyD 1 Reply Last reply Reply Quote 0
                      • d.healeyD
                        d.healey @yall
                        last edited by

                        Official docs say you need xcode 10 or later.

                        https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow

                        Libre Wave - Freedom respecting instruments and effects
                        My Patreon - HISE tutorials
                        YouTube Channel - Public HISE tutorials

                        Y 1 Reply Last reply Reply Quote 1
                        • Y
                          yall @d.healey
                          last edited by

                          @d-healey @Lindon i just installed xcode 10. i received an email from apple saying that the notarization was not accepted. but I think I know why, the signature of the plugin, in the end, is not good. however when I do it nothing happens on the terminal. basically I can't sign. however on a previous manipulation, he told me that the plugin was already signed but probably not correctly. a little help would be welcome ^^

                          d.healeyD 1 Reply Last reply Reply Quote 0
                          • d.healeyD
                            d.healey @yall
                            last edited by

                            @yall Did you sign the pkg?

                            Libre Wave - Freedom respecting instruments and effects
                            My Patreon - HISE tutorials
                            YouTube Channel - Public HISE tutorials

                            Y 1 Reply Last reply Reply Quote 0
                            • Y
                              yall @d.healey
                              last edited by

                              @d-healey I started again from the beginning so the first step would be to sign the plugin or code it, is that right? with this line>
                              codesign -s "Developer application ID: my name (my number id)" "/Users/Desktop/your.component" --timestamp
                              already for me it does not work

                              d.healeyD 1 Reply Last reply Reply Quote 0
                              • d.healeyD
                                d.healey @yall
                                last edited by

                                @yall

                                Codesign the plugin
                                Package the plugin
                                Codesign the package
                                Notarize the package

                                for me it does not work

                                What error do you get?

                                Libre Wave - Freedom respecting instruments and effects
                                My Patreon - HISE tutorials
                                YouTube Channel - Public HISE tutorials

                                Y 1 Reply Last reply Reply Quote 0
                                • Y
                                  yall @d.healey
                                  last edited by

                                  @d-healey no error because nothing happens that is the problem. I have checked multiple times to see if I was wrong, but I do not think so.

                                  d.healeyD 1 Reply Last reply Reply Quote 0
                                  • d.healeyD
                                    d.healey @yall
                                    last edited by

                                    @yall Post a video so we can see what you're doing and what messages you get (blur out your credentials of course).

                                    Libre Wave - Freedom respecting instruments and effects
                                    My Patreon - HISE tutorials
                                    YouTube Channel - Public HISE tutorials

                                    Y 1 Reply Last reply Reply Quote 0
                                    • Y
                                      yall @d.healey
                                      last edited by

                                      @d-healey ok I will do that tomorrow, thank you;)

                                      1 Reply Last reply Reply Quote 1
                                      • Y
                                        yall
                                        last edited by

                                        @d-healey @Lindon

                                        Here are my precise steps for signing. (The notarization fails because I think my plugin is not signed correctly you will understand later)

                                        Step 0> plugin export wise> myplugin.component
                                        Step 1> I place the myplugin on the desktop
                                        Step 3> I open Keychain and I create a certificate request from a competent authority. I save "CertificateSigningRequest.certSigningRequest" on my desktop.
                                        Step 4> I log into my apple developer space and create a Developer ID Application certificate, so I import the "CertificateSigningRequest.certSigningRequest" file.
                                        I create a certificates also a pkg distribution certificate…;
                                        Step 5> I download the certificates and install them, I see them appear in Keychain

                                        Step 6> I want to sign my myplugin.component so I proceed this way from the terminal>
                                        Step 6.1 codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp

                                                  > here nothing is happening in particular so I decide to check to start step 6.1 again. the terminal tells me that the myplugin.component. is already signed
                                        

                                        Step7> I really want to be sure that myplugin.component is signed so this time, from the terminal, I enter this formula>
                                        codesign -vvv /Users/macmini/Desktop/myplugin.component
                                        I get this>. /Users/macmini/Desktop/myplugin.component: valid on disk
                                        /Users/macmini/Desktop/myplugin.component: does not satisfy its designated Requirement

                                                    This sentence "does not satisfy its designated Requirement" appeals to me but I try anyway (you never know ^^)
                                        

                                        Step 8> I create a raw PKG or I integrate myplugin.component and then I transform it into a distribution. I affix the certificate from the "project" tab.
                                        Step 9> I therefore want to sign my PKG and for that I use the following formula from the terminal>
                                        codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.pkg" --timestamp

                                        Step 10: I check by entering the same command again. The terminal tells me myplugin.pkg is already signed (same step as 6.1)

                                               Again I really want to be sure so I enter this command>
                                                   codesign -vvv /Users/macmini/Desktop/myplugin.pkg
                                                  I get exactly the same as in step 7. "valid on disk" and "does not meet its designated requirement"
                                        

                                        Step 11> I'm trying to be a notarize but I already know the result…. I am using this command

                                            xcrun altool --notarize-app -f "/Users/macmini/Desktop/myplugin.pkg" --primary-bundle-id en.myname.pkg.myplugin --username "my email address" --password "my password altool pass "
                                        

                                        Step 12> I drink a coffee
                                        Step 13> I wash my cup of coffee!
                                        Step 14> I receive an email from apple (I'm happy, I have friends ^^). In this mail I get this> the Mac software you downloaded has not been notarized, please check the notarization log with Xcode or altool, fix the issues it presents and download your software again.

                                        I think concretely that the problem comes from the signature of the component and the pkg.

                                        I could not make videos my mac paddles too much

                                        My Mac config> High Sierra 10.13.6. and x code 10.1

                                        1 Reply Last reply Reply Quote 0
                                        • LindonL
                                          Lindon
                                          last edited by

                                          steps 3,4 and 5 are pretty redundant I think - I never do these.

                                          HISE Development for hire.
                                          www.channelrobot.com

                                          Y 1 Reply Last reply Reply Quote 0
                                          • Y
                                            yall @Lindon
                                            last edited by

                                            @Lindon Are there any steps that I missed or did I get the wrong certificates? there is nothing to modify in the certificates? I'm almost there, I'm only missing this phase ^^

                                            LindonL 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            27

                                            Online

                                            1.7k

                                            Users

                                            11.8k

                                            Topics

                                            103.2k

                                            Posts