Notarisation for dummies
-
@adriano Do you distribute your plugins to your friends online or by using USB keys? Because if it's by using USB keys, you won't have any problems, it's when it's downloaded via the web that the Gatekeeper will interfere with the app/plugin.
-
@SampleScience from "WE transfert" or gmail directly.
-
@Lindon said in Notarisation for dummies:
username
hi, i just got to code my vst.component and the PKG. the coding went well.
(I could not verify if the code was successful with the command.>.codesign -vvv /Users/macmini/Desktop/notarizationplugin/myvst.component. )
i had again entered the command line to sign, the terminal told me that the vst was already signed. so ok.
i'm notarizing pkg now, i handwrite in terminal but get this error. >.
unable to find utility "altool", not a developer tool or in PATH. <and I am a little stuck.
I have created my altool password, correctly entered my email address in username. do you have any idea of the problem?
thank you ;) -
@Lindon the problem may be with x code 8.3 instead of a newer version?
-
Official docs say you need xcode 10 or later.
-
@d-healey @Lindon i just installed xcode 10. i received an email from apple saying that the notarization was not accepted. but I think I know why, the signature of the plugin, in the end, is not good. however when I do it nothing happens on the terminal. basically I can't sign. however on a previous manipulation, he told me that the plugin was already signed but probably not correctly. a little help would be welcome ^^
-
@yall Did you sign the pkg?
-
@d-healey I started again from the beginning so the first step would be to sign the plugin or code it, is that right? with this line>
codesign -s "Developer application ID: my name (my number id)" "/Users/Desktop/your.component" --timestamp
already for me it does not work -
Codesign the plugin
Package the plugin
Codesign the package
Notarize the packagefor me it does not work
What error do you get?
-
@d-healey no error because nothing happens that is the problem. I have checked multiple times to see if I was wrong, but I do not think so.
-
@yall Post a video so we can see what you're doing and what messages you get (blur out your credentials of course).
-
@d-healey ok I will do that tomorrow, thank you;)
-
Here are my precise steps for signing. (The notarization fails because I think my plugin is not signed correctly you will understand later)
Step 0> plugin export wise> myplugin.component
Step 1> I place the myplugin on the desktop
Step 3> I open Keychain and I create a certificate request from a competent authority. I save "CertificateSigningRequest.certSigningRequest" on my desktop.
Step 4> I log into my apple developer space and create a Developer ID Application certificate, so I import the "CertificateSigningRequest.certSigningRequest" file.
I create a certificates also a pkg distribution certificate…;
Step 5> I download the certificates and install them, I see them appear in KeychainStep 6> I want to sign my myplugin.component so I proceed this way from the terminal>
Step 6.1 codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp> here nothing is happening in particular so I decide to check to start step 6.1 again. the terminal tells me that the myplugin.component. is already signed
Step7> I really want to be sure that myplugin.component is signed so this time, from the terminal, I enter this formula>
codesign -vvv /Users/macmini/Desktop/myplugin.component
I get this>. /Users/macmini/Desktop/myplugin.component: valid on disk
/Users/macmini/Desktop/myplugin.component: does not satisfy its designated RequirementThis sentence "does not satisfy its designated Requirement" appeals to me but I try anyway (you never know ^^)
Step 8> I create a raw PKG or I integrate myplugin.component and then I transform it into a distribution. I affix the certificate from the "project" tab.
Step 9> I therefore want to sign my PKG and for that I use the following formula from the terminal>
codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.pkg" --timestampStep 10: I check by entering the same command again. The terminal tells me myplugin.pkg is already signed (same step as 6.1)
Again I really want to be sure so I enter this command> codesign -vvv /Users/macmini/Desktop/myplugin.pkg I get exactly the same as in step 7. "valid on disk" and "does not meet its designated requirement"
Step 11> I'm trying to be a notarize but I already know the result…. I am using this command
xcrun altool --notarize-app -f "/Users/macmini/Desktop/myplugin.pkg" --primary-bundle-id en.myname.pkg.myplugin --username "my email address" --password "my password altool pass "
Step 12> I drink a coffee
Step 13> I wash my cup of coffee!
Step 14> I receive an email from apple (I'm happy, I have friends ^^). In this mail I get this> the Mac software you downloaded has not been notarized, please check the notarization log with Xcode or altool, fix the issues it presents and download your software again.I think concretely that the problem comes from the signature of the component and the pkg.
I could not make videos my mac paddles too much
My Mac config> High Sierra 10.13.6. and x code 10.1
-
steps 3,4 and 5 are pretty redundant I think - I never do these.
-
@Lindon Are there any steps that I missed or did I get the wrong certificates? there is nothing to modify in the certificates? I'm almost there, I'm only missing this phase ^^
-
@yall you dont need any certificates to codesign your plugins.
You need a Developer install certificate for whitebox packages to allow the install to happen correctly.
-
@yall said in Notarisation for dummies:
codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp
this looks slightly odd from my perspective:
codesign -s "Developer ID Application: myname (mycode)" "/Users/macmini/Desktop/myplugin.component" --timestamp
I always uses a specific user so not "/Users/macmini/Desktop"
but "<username>/Desktop" etc..
-
@Lindon said in Notarisation for dummies:
@yall you dont need any certificates to codesign your plugins.
Pretty sure you do. But you only need to install it into the keyring once and then never touch it again.
-
-
I just tried something. I have re-exported a new plugin and followed my steps. the plugin is now signed, the pkg too. but the notarization failed again.