Forum
    • Categories
    • Register
    • Login

    Apple team ID, code sign but ask for security to open the plugin

    Scheduled Pinned Locked Moved General Questions
    36 Posts 7 Posters 9.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      Yannrog @Oli Ullmann
      last edited by

      @Oli-Ullmann ok, thank you. I will try

      1 Reply Last reply Reply Quote 0
      • Y
        Yannrog @David Healey
        last edited by

        @David-Healey Thank you David, ok

        1 Reply Last reply Reply Quote 0
        • Y
          Yannrog @Oli Ullmann
          last edited by

          @Oli-Ullmann By runnnig the signing process again, you mean with the new notary tool?

          Oli UllmannO 1 Reply Last reply Reply Quote 0
          • Oli UllmannO
            Oli Ullmann @Yannrog
            last edited by

            @Yannrog
            I'm not familiar with the new notary tool. I use the commands I showed you above:

            // AU Component (Sign)
            codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.component" --timestamp
            
            // VST3 (Sign)
            codesign -s "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_PLUGIN.vst3" --timestamp
            
            // Installer (Sign)
            codesign --deep --force --options runtime --sign "Developer ID Application: YOUR NAME (YOUR CODE)" "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
            
            // Installer (Notarization)
            xcrun notarytool submit --apple-id "YOUR_MAIL_ADRESS" --password "YOUR_PASSWORD"  --team-id "YOUR_CODE" --wait "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
            
            // Installer (Staple)
            xcrun stapler staple "/Users/YOUR_USERNAME/Desktop/YOUR_INSTALLER.pkg"
            
            

            First, as mentioned, you'll need to remove the signature using this:

            codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.vst3"
            codesign --remove-signature "/Users/YOU_USERNAME/Desktop/YOUR_PLUG-IN.component"
            
            
            Y ustkU 4 Replies Last reply Reply Quote 0
            • Y
              Yannrog @Oli Ullmann
              last edited by

              @Oli-Ullmann Ok , I didn't know about code signing directly from the CLI Thank you so much.
              Sorry, this is already the new notary tool. This is the new command apple recommend with “xcrun notarytool submitt“.

              1 Reply Last reply Reply Quote 0
              • Y
                Yannrog @Oli Ullmann
                last edited by

                @Oli-Ullmann It seems to work. I have status accepted. God bless you.

                1 Reply Last reply Reply Quote 2
                • Y
                  Yannrog @Oli Ullmann
                  last edited by

                  @Oli-Ullmann @David-Healey

                  What is the command to verify if it is code signed ? thank you

                  David HealeyD 1 Reply Last reply Reply Quote 0
                  • David HealeyD
                    David Healey @Yannrog
                    last edited by

                    @Yannrog Can't remember, but there's some useful apps here that will give you the info https://forum.hise.audio/topic/14860/couple-of-handy-free-mac-apps-for-checking-code-signs-and-notarisation

                    Free HISE Bootcamp Full Course for beginners.
                    YouTube Channel - HISE tutorials
                    My Patreon - More HISE tutorials

                    Y 1 Reply Last reply Reply Quote 0
                    • ustkU
                      ustk @Oli Ullmann
                      last edited by

                      @Oli-Ullmann I shouldn't need to remove the old signature prior to signing again.
                      The new codesign process warns you about the existing signature and automatically replaces it.

                      Hise made me an F5 dude, any other app just suffers...

                      Oli UllmannO 1 Reply Last reply Reply Quote 1
                      • Y
                        Yannrog @David Healey
                        last edited by

                        @David-Healey works well 👍

                        1 Reply Last reply Reply Quote 0
                        • Oli UllmannO
                          Oli Ullmann @ustk
                          last edited by

                          @ustk
                          What do you mean by “new codesign process”? The new notary tool?

                          ustkU 2 Replies Last reply Reply Quote 0
                          • ustkU
                            ustk @Oli Ullmann
                            last edited by

                            @Oli-Ullmann no I just mean when you codesign again, the previous signature should be replaced. That's what I do with no issues.

                            Hise made me an F5 dude, any other app just suffers...

                            1 Reply Last reply Reply Quote 0
                            • ustkU
                              ustk @Oli Ullmann
                              last edited by ustk

                              @Oli-Ullmann

                              VST and AU:

                              Running: codesign --deep --force --timestamp --options runtime --sign "Developer ID Application: XXXXXXXXXXX" "/Library/Audio/Plug-Ins/Components/MyPlugin.component" --verbose
                              
                              /Library/Audio/Plug-Ins/Components/MyPlugin.component: replacing existing signature
                              /Library/Audio/Plug-Ins/Components/MyPlugin.component: signed bundle with Mach-O universal (x86_64 arm64) [com.studio427audio.myplugin]
                              

                              And AAX:

                              Warning! This binary has an invalid existing platform digital signature.
                                This situation could happen if you wrapped a binary that was already signed.
                                Regardless, a new signature will be created now, using your specified credentials.
                              

                              Hise made me an F5 dude, any other app just suffers...

                              Oli UllmannO 1 Reply Last reply Reply Quote 1
                              • Oli UllmannO
                                Oli Ullmann @ustk
                                last edited by

                                @ustk
                                I see. Your command looks a little different from mine. I'll try it next time. Maybe it'll work for me then, too. Thanks a lot! :-)

                                dannytaurusD 1 Reply Last reply Reply Quote 0
                                • dannytaurusD
                                  dannytaurus @Oli Ullmann
                                  last edited by

                                  @Oli-Ullmann The --force flag overwrites any existing signature.

                                  Meat Beats: https://meatbeats.com
                                  Klippr Video: https://klippr.video

                                  Oli UllmannO 1 Reply Last reply Reply Quote 2
                                  • Oli UllmannO
                                    Oli Ullmann @dannytaurus
                                    last edited by

                                    @dannytaurus
                                    Thanks for the info! :-)

                                    ustkU 1 Reply Last reply Reply Quote 0
                                    • ustkU
                                      ustk @Oli Ullmann
                                      last edited by

                                      @Oli-Ullmann May the --force be with you light-saber.png

                                      Hise made me an F5 dude, any other app just suffers...

                                      Oli UllmannO 1 Reply Last reply Reply Quote 3
                                      • Oli UllmannO
                                        Oli Ullmann @ustk
                                        last edited by

                                        @ustk
                                        ha ha ha 😂

                                        1 Reply Last reply Reply Quote 0
                                        • ustkU
                                          ustk
                                          last edited by

                                          ChatGPT Image Jun 25, 2026, 01_07_11 PM.png

                                          Hise made me an F5 dude, any other app just suffers...

                                          Y 1 Reply Last reply Reply Quote 2
                                          • Y
                                            Yannrog @ustk
                                            last edited by

                                            @ustk @AchimR @dannytaurus @David-Healey @Oli-Ullmann @Lindon

                                            Hi, everything works perfectly. However, I have an app that wont notarize. It is code signed, I have removed it and re signed it.

                                            I did it for other apps, they have been notarize well.

                                            The app version of the project should have its own bundle identifier? I have the same for the AU, VST, VST3 versions. The app version should have a different bundle ID or it's good if it's the same?

                                            David HealeyD 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            19

                                            Online

                                            2.4k

                                            Users

                                            13.9k

                                            Topics

                                            120.6k

                                            Posts