Notarisation for dummies
-
@Lindon said in Notarisation for dummies:
codesign --deep --force --options runtime --sign "Developer ID Application: your-dev-id (your-dev-id-number)" "/Users/lindon/Desktop/your.app"
HERO!!!!
-
@Christoph-Hart said in Notarisation for dummies:
Have you enabled the Hardened Runtime properties in the autogenerated Projucer project?
No. For plugins, my process is this:
Hise Export plugins > Sign plugins > Build installer > Sign installer > Notarize installer > Time stamp installer
For the notarization of apps and plugins, you can follow this updated guide: https://www.kvraudio.com/forum/viewtopic.php?t=531663
-
Yes I did follow the guideline, but forgot to add the
--deep --force --options runtimeflags when signing the standalone app. All works now.Just one minor thing, I couldn't verify the notarisation with Lindons's suggestion, but this approach worked
-
@Christoph-Hart said in Notarisation for dummies:
Yes I did follow the guideline, but forgot to add the
--deep --force --options runtimeflags when signing the standalone app. All works now.Just one minor thing, I couldn't verify the notarisation with Lindons's suggestion, but this approach worked
For codesign checking I use this:
pkgutil --check-signature "/Volumes/Data/My_Installer.pkg"
For notarization checking I use this:
spctl -a -vvv -t install "/Volumes/Data/My_Installer.pkg"If the notarization is ok, you should see "accepted" message.
Both of them should work in your system too.
-
@orange - cool. I will add these to my process...
-
Just another tidbit for those lay-people like me — I recently discovered this third-party app while trying to learn about notarization: DMG Canvas
It's a WYSIWYG builder that automatically notarizes and staples your installer using your Apple ID when you build the DMG file. Super clean!
-
@Christoph-Hart I do the @Lindon way. Almost everything the same. I just staple VSTs and AUs before packaging them into a .pkg and I got the "The validate action worked!" on everyone (files by themselves and installers)
-
@hisefilo You don't need to notarize/staple your plugins. You only need to codesign plugins and notarize/staple the installer.
Libre Wave - Freedom respecting instruments and effects
My Patreon - HISE tutorials
YouTube Channel - Public HISE tutorials -
@d-healey I was loosing my time then!!!! Thanks Dave
-
@d-healey said in Notarisation for dummies:
@hisefilo You don't need to notarize/staple your plugins. You only need to codesign plugins and notarize/staple the installer.
So Only Code Signing The .Component / .VST Or .VST3 Can Let Us To Distribute The Plugin?
Without Installers?So End User Can Drag & Drop The Plugin Into The Folders And Get To Work Right Away?!!!
-
@Natanr No. If you are distributing the binaries only then they need to be codesigned and notarized/stapled, but if you are distributing them in a pkg (or a DMG that contains a pkg) then you only need to notarize the pkg. This is according to the famous KVR post - https://www.kvraudio.com/forum/viewtopic.php?t=531663
-
@d-healey at the risk of a pass for an ignorant, what is the use of notarization? if my .vst or .au plugin is not notarized it will not work? I am under catalina and my plugins are working fine. it's just a legal obligation is it?
-
The end user will see a passive-aggressive popup from macOS that suggests your software is full of viruses unless you notarize.
It isn't a show stopper (AFAIK you can still run the installer by right-clicking and choosing Open from the context menu) but you need to prepare to answer a few more customer support emails than you should have to...
-
@Christoph-Hart however i have already given my plugins and vst to friends to try and they had no problem installing. logic asks that the plugin be checked but we can activate it anyway.
-
@adriano are they using Catalina?
Libre Wave - Freedom respecting instruments and effects
My Patreon - HISE tutorials
YouTube Channel - Public HISE tutorials -
@d-healey - my understanding remains that you need to notarise anything that will "run" on its own - so app or pkg or dmg etc. but plug-ins - that are called from within DAWs only need to be codesigned. Colour me massively unsurprised is this opinion is wrong...
HISE Development for hire.
www.channelrobot.com -
@Lindon Perhaps it is needed for apps, the KVR thread just mentions plugins. I'll see what I can find out!
-
@d-healey yes. And me too
-
@d-healey it also works without problem with the standalone versions. indeed the plugins already have an "Abcd" code for their operation in the daw.
-
@adriano said in Notarisation for dummies:
@d-healey indeed the plugins already have an "Abcd" code for their operation in the daw.
That's not related to notarization.
Have you disabled/bypassed gatekeeper?
