Forum
    • Categories
    • Register
    • Login

    Apple team ID, code sign but ask for security to open the plugin

    Scheduled Pinned Locked Moved General Questions
    36 Posts 7 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dannytaurusD
      dannytaurus @Yannrog
      last edited by

      @Yannrog Where did you use the Apple Team ID?

      I don't think it's needed for regular VST/AU exports, only for iOS exports (which are no longer supported).

      How are you code-signing the plugin and the installer? Are you using an app, like Packages or Package Builder? Or are you using the command line?

      Meat Beats: https://meatbeats.com
      Klippr Video: https://klippr.video

      Y 1 Reply Last reply Reply Quote 0
      • A
        AchimR
        last edited by

        You can use this terminal command to check your signing:

        codesign -vvv --deep --strict "Your Plugin.vst3" && spctl --assess -vv --type install "Your Plugin.vst3" 
        

        If the output doesn't say 'accepted', something went wrong with the signing or notarization process.

        Y 1 Reply Last reply Reply Quote 0
        • David HealeyD
          David Healey @Yannrog
          last edited by David Healey

          @Yannrog Did you notarize it?

          This workshop might be helpful for you: https://audiodevschool.com/courses/packaging-for-macos/

          Free HISE Bootcamp Full Course for beginners.
          YouTube Channel - HISE tutorials
          My Patreon - More HISE tutorials

          Y 2 Replies Last reply Reply Quote 0
          • Y
            Yannrog @David Healey
            last edited by

            @David-Healey Hi, I don't know what is notarize,

            I will check

            LindonL 1 Reply Last reply Reply Quote 0
            • Y
              Yannrog @dannytaurus
              last edited by

              @dannytaurus When I put VST and AU, the plugin is not seen and is seeing as a potential malware.

              I use Packages and I use “add a certificate“

              1 Reply Last reply Reply Quote 0
              • Y
                Yannrog @AchimR
                last edited by

                @AchimR Ok,

                I will check

                Oli UllmannO 1 Reply Last reply Reply Quote 0
                • LindonL
                  Lindon @Yannrog
                  last edited by

                  @Yannrog said in Apple team ID, code sign but ask for security to open the plugin:

                  @David-Healey Hi, I don't know what is notarize,

                  I will check

                  if its not notarized its not going to load....

                  HISE Development for hire.
                  www.channelrobot.com

                  Y 1 Reply Last reply Reply Quote 0
                  • Oli UllmannO
                    Oli Ullmann @Yannrog
                    last edited by

                    @Yannrog
                    You must codesign your plug-in files.
                    And you must codesign, notarize, and staple your installer.

                    Here are the commands I use. Of course, you'll need to enter your own data. For the commands to work, the files must always be on your desktop.

                    // AU Component (Sign)
                    codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.component" --timestamp
                    
                    // VST3 (Sign)
                    codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.vst3" --timestamp
                    
                    // Installer (Sign)
                    codesign --deep --force --options runtime --sign "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
                    
                    // Installer (Notarization)
                    xcrun notarytool submit --apple-id "YOUR_MAIL_ADRESS" --password "YOUR_PASSWORD"  --team-id "YOUR_CODE" --wait "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
                    
                    // Installer (Staple)
                    xcrun stapler staple "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
                    

                    This article is very helpful, and it allowed me to set up my system:
                    https://www.kvraudio.com/forum/viewtopic.php?t=531663

                    This article is also very helpful if you run into any problems:
                    https://developer.apple.com/documentation/security/resolving-common-notarization-issues

                    Y 1 Reply Last reply Reply Quote 0
                    • Y
                      Yannrog @Lindon
                      last edited by

                      @Lindon ok,

                      I'm a true newbie, so I will learn. thank you for your advices

                      1 Reply Last reply Reply Quote 0
                      • Y
                        Yannrog @Oli Ullmann
                        last edited by

                        @Oli-Ullmann Ok,

                        Thank you 🙏

                        1 Reply Last reply Reply Quote 0
                        • Y
                          Yannrog @David Healey
                          last edited by

                          @David-Healey @AchimR @dannytaurus @Lindon @Oli-Ullmann

                          Is it normal that when I code sign it, notarize it with the new notary tool, it is invalid?
                          (in Hise I have team ID and Bundle), I have registered the bundle in apple.

                          I have one plugin that worked when code signed it, notarized and stapled it. But I have a new one that load to server and has status invalid.

                          Oli UllmannO David HealeyD 2 Replies Last reply Reply Quote 0
                          • Oli UllmannO
                            Oli Ullmann @Yannrog
                            last edited by

                            @Yannrog
                            I had the same problem with the automatic code signing performed by HISE / xCode. My solution is to first remove the signature after compiling, and then manually run the signing process again before notarizing and stapling.

                            The command to remove the signature is as follows:

                            codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.vst3"
                            codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.component"
                            

                            For this as well, your plug-in must be on the desktop, or you'll need to adjust the command.

                            Y 2 Replies Last reply Reply Quote 0
                            • David HealeyD
                              David Healey @Yannrog
                              last edited by

                              @Yannrog Do it manually through the CLI as Oli suggests.

                              Free HISE Bootcamp Full Course for beginners.
                              YouTube Channel - HISE tutorials
                              My Patreon - More HISE tutorials

                              Y 1 Reply Last reply Reply Quote 0
                              • Y
                                Yannrog @Oli Ullmann
                                last edited by

                                @Oli-Ullmann ok, thank you. I will try

                                1 Reply Last reply Reply Quote 0
                                • Y
                                  Yannrog @David Healey
                                  last edited by

                                  @David-Healey Thank you David, ok

                                  1 Reply Last reply Reply Quote 0
                                  • Y
                                    Yannrog @Oli Ullmann
                                    last edited by

                                    @Oli-Ullmann By runnnig the signing process again, you mean with the new notary tool?

                                    Oli UllmannO 1 Reply Last reply Reply Quote 0
                                    • Oli UllmannO
                                      Oli Ullmann @Yannrog
                                      last edited by

                                      @Yannrog
                                      I'm not familiar with the new notary tool. I use the commands I showed you above:

                                      // AU Component (Sign)
                                      codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.component" --timestamp
                                      
                                      // VST3 (Sign)
                                      codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.vst3" --timestamp
                                      
                                      // Installer (Sign)
                                      codesign --deep --force --options runtime --sign "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
                                      
                                      // Installer (Notarization)
                                      xcrun notarytool submit --apple-id "YOUR_MAIL_ADRESS" --password "YOUR_PASSWORD"  --team-id "YOUR_CODE" --wait "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
                                      
                                      // Installer (Staple)
                                      xcrun stapler staple "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
                                      
                                      

                                      First, as mentioned, you'll need to remove the signature using this:

                                      codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.vst3"
                                      codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.component"
                                      
                                      
                                      Y ustkU 4 Replies Last reply Reply Quote 0
                                      • Y
                                        Yannrog @Oli Ullmann
                                        last edited by

                                        @Oli-Ullmann Ok , I didn't know about code signing directly from the CLI Thank you so much.
                                        Sorry, this is already the new notary tool. This is the new command apple recommend with “xcrun notarytool submitt“.

                                        1 Reply Last reply Reply Quote 0
                                        • Y
                                          Yannrog @Oli Ullmann
                                          last edited by

                                          @Oli-Ullmann It seems to work. I have status accepted. God bless you.

                                          1 Reply Last reply Reply Quote 2
                                          • Y
                                            Yannrog @Oli Ullmann
                                            last edited by

                                            @Oli-Ullmann @David-Healey

                                            What is the command to verify if it is code signed ? thank you

                                            David HealeyD 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            14

                                            Online

                                            2.4k

                                            Users

                                            13.8k

                                            Topics

                                            120.5k

                                            Posts