Codesigning/Notarization 2024

Lindon

@Sampletekk said in Codesigning/Notarization 2024:

@Lindon Whohoooo! 28 pages..... In your opinion, is the first post still relevant?

the first post was pretty much updated as we all went along, so it should be a very good guide to what to do..

ustk

@Sampletekk Search the Hise forum for codesigning, I reckon @clevername27 made a very detailed tutorial

ustk

@Sampletekk found it:

https://forum.hise.audio/topic/9229/tutorial-macos-code-signing-notorising-and-installer-part-ii-added?_=1729508252942

Sampletekk

@Lindon If I notarize/staple a VST3/AU file, do I need to go through the same process every time I release a new version of the instrument? Given that it's called the same

orange

@Sampletekk Yes, everytime you update your software, you need to follow the same instructions

DanH

@Sampletekk You only need to codesign your vst3/au files. You codesign & notarize the .pkg installer (and staple if you want). You need to re-codesign each time you export a new version, and re-notarize every new .pkg

orange

@DanH As far as I know, notarization is also required for every update. isn't it?

Lindon

@orange yep - As far as my workflow goes its codesign and notarise everything every time...

DanH

@orange do you notarize your vst3 & au files?

d.healey

@DanH said in Codesigning/Notarization 2024:

You only need to codesign your vst3/au files. You codesign & notarize the .pkg installer

This is correct. No need to notarize the individual binaries.

Sampletekk

Found this: https://www.youtube.com/watch?v=7bT0gmz0QPw
Does this Notarytool replace the codesign/Notarization process described in the KVR post?

d.healey

@Sampletekk said in Codesigning/Notarization 2024:

Does this Notarytool replace the codesign/Notarization process described in the KVR post?

The KVR post was updated to use the notary tool.

orange

@DanH said in Codesigning/Notarization 2024:

@orange do you notarize your vst3 & au files?

Since I always distribute plugins with the installer (Whitebox Packages), yes I do.

d.healey

@orange You only need to notarize the installer and it applies to the binaries too.

orange

@d-healey said in Codesigning/Notarization 2024:

@orange You only need to notarize the installer and it applies to the binaries too.

I already mentioned this above, yes, that's how I do it anyway. In other words, if the installer is being distributed, re-notarization is required with each update.

d.healey

@orange oh I read it like you were notarizing your plugins in addition to the installer.

orange

@d-healey I think the above statements may cause confusion for some folks.

@Sampletekk In short, (since you will be distributing your products with installer), you need to notarize the installer every time you update the product version.

Sampletekk

There are three processes here, (I think): Notarization, Codesigning and Stapling.
With the Notary tool, as I understand it, you don't need codesigning anymore, correct?
Also, as I understand, Notarization is when you make it so that Macs gatekeeper doesn't throw a warning that the application comes from an unauthorized developer.
What does "staple" and "codesigning (if it's still needed)" do?

d.healey

@Sampletekk said in Codesigning/Notarization 2024:

With the Notary tool, as I understand it, you don't need codesigning anymore, correct?

You codesign your plugins/apps.
You codesign and notarize your installer - stapling is part of the notarization process

orange

@Sampletekk said in Codesigning/Notarization 2024:

What does "staple" and "codesigning (if it's still needed)" do?

Plugins and installers containing plugins must be codesigned. Staple is the process performed after notarization.

So you have to follow the steps below if you want to distribute plugins for macOS:

Export your plugin with HISE --> Codesign plugin --> Create an installer app --> Codesign the installer app --> Notarize the installer app --> Staple the installer app

Then your plugins will be able to run on DAWs on macOS without any Gatekeeper issues.