Codesigning/Notarization 2024

DanH

@Sampletekk You only need to codesign your vst3/au files. You codesign & notarize the .pkg installer (and staple if you want). You need to re-codesign each time you export a new version, and re-notarize every new .pkg

orange

@DanH As far as I know, notarization is also required for every update. isn't it?

Lindon

@orange yep - As far as my workflow goes its codesign and notarise everything every time...

DanH

@orange do you notarize your vst3 & au files?

d.healey

@DanH said in Codesigning/Notarization 2024:

You only need to codesign your vst3/au files. You codesign & notarize the .pkg installer

This is correct. No need to notarize the individual binaries.

Sampletekk

Found this: https://www.youtube.com/watch?v=7bT0gmz0QPw
Does this Notarytool replace the codesign/Notarization process described in the KVR post?

d.healey

@Sampletekk said in Codesigning/Notarization 2024:

Does this Notarytool replace the codesign/Notarization process described in the KVR post?

The KVR post was updated to use the notary tool.

orange

@DanH said in Codesigning/Notarization 2024:

@orange do you notarize your vst3 & au files?

Since I always distribute plugins with the installer (Whitebox Packages), yes I do.

d.healey

@orange You only need to notarize the installer and it applies to the binaries too.

orange

@d-healey said in Codesigning/Notarization 2024:

@orange You only need to notarize the installer and it applies to the binaries too.

I already mentioned this above, yes, that's how I do it anyway. In other words, if the installer is being distributed, re-notarization is required with each update.

d.healey

@orange oh I read it like you were notarizing your plugins in addition to the installer.

orange

@d-healey I think the above statements may cause confusion for some folks.

@Sampletekk In short, (since you will be distributing your products with installer), you need to notarize the installer every time you update the product version.

Sampletekk

There are three processes here, (I think): Notarization, Codesigning and Stapling.
With the Notary tool, as I understand it, you don't need codesigning anymore, correct?
Also, as I understand, Notarization is when you make it so that Macs gatekeeper doesn't throw a warning that the application comes from an unauthorized developer.
What does "staple" and "codesigning (if it's still needed)" do?

d.healey

@Sampletekk said in Codesigning/Notarization 2024:

With the Notary tool, as I understand it, you don't need codesigning anymore, correct?

You codesign your plugins/apps.
You codesign and notarize your installer - stapling is part of the notarization process

orange

@Sampletekk said in Codesigning/Notarization 2024:

What does "staple" and "codesigning (if it's still needed)" do?

Plugins and installers containing plugins must be codesigned. Staple is the process performed after notarization.

So you have to follow the steps below if you want to distribute plugins for macOS:

Export your plugin with HISE --> Codesign plugin --> Create an installer app --> Codesign the installer app --> Notarize the installer app --> Staple the installer app

Then your plugins will be able to run on DAWs on macOS without any Gatekeeper issues.

clevername27

@Sampletekk Are you still having issues?

johnmike

I know this may muddy the waters a bit...but ive actually never code signed my VST3/AU...only my AAX because its required...Ive only ever codesigned the .PKG when I was using those and the Standalone app(via apple's signing/ notarizing in Xcode) now I have a custom installer that I built and I only have to codesign/Notirize it via Xcode(not via the terminal) and I dont worry about the cosigning any of the individual binaries...and all my plugins run just fine for my users...