Notarisation for dummies
-
@Christoph-Hart said in Notarisation for dummies:
Have you enabled the Hardened Runtime properties in the autogenerated Projucer project?
No. For plugins, my process is this:
Hise Export plugins > Sign plugins > Build installer > Sign installer > Notarize installer > Time stamp installer
For the notarization of apps and plugins, you can follow this updated guide: https://www.kvraudio.com/forum/viewtopic.php?t=531663
-
Yes I did follow the guideline, but forgot to add the
--deep --force --options runtimeflags when signing the standalone app. All works now.Just one minor thing, I couldn't verify the notarisation with Lindons's suggestion, but this approach worked
-
@Christoph-Hart said in Notarisation for dummies:
Yes I did follow the guideline, but forgot to add the
--deep --force --options runtimeflags when signing the standalone app. All works now.Just one minor thing, I couldn't verify the notarisation with Lindons's suggestion, but this approach worked
For codesign checking I use this:
pkgutil --check-signature "/Volumes/Data/My_Installer.pkg"
For notarization checking I use this:
spctl -a -vvv -t install "/Volumes/Data/My_Installer.pkg"If the notarization is ok, you should see "accepted" message.
Both of them should work in your system too.
-
@orange - cool. I will add these to my process...
-
Just another tidbit for those lay-people like me — I recently discovered this third-party app while trying to learn about notarization: DMG Canvas
It's a WYSIWYG builder that automatically notarizes and staples your installer using your Apple ID when you build the DMG file. Super clean!
-
@Christoph-Hart I do the @Lindon way. Almost everything the same. I just staple VSTs and AUs before packaging them into a .pkg and I got the "The validate action worked!" on everyone (files by themselves and installers)
-
@hisefilo You don't need to notarize/staple your plugins. You only need to codesign plugins and notarize/staple the installer.
Libre Wave - Freedom respecting instruments and effects
My Patreon - HISE tutorials
YouTube Channel - Public HISE tutorials -
@d-healey I was loosing my time then!!!! Thanks Dave
-
@d-healey said in Notarisation for dummies:
@hisefilo You don't need to notarize/staple your plugins. You only need to codesign plugins and notarize/staple the installer.
So Only Code Signing The .Component / .VST Or .VST3 Can Let Us To Distribute The Plugin?
Without Installers?So End User Can Drag & Drop The Plugin Into The Folders And Get To Work Right Away?!!!
-
@Natanr No. If you are distributing the binaries only then they need to be codesigned and notarized/stapled, but if you are distributing them in a pkg (or a DMG that contains a pkg) then you only need to notarize the pkg. This is according to the famous KVR post - https://www.kvraudio.com/forum/viewtopic.php?t=531663
-
@d-healey at the risk of a pass for an ignorant, what is the use of notarization? if my .vst or .au plugin is not notarized it will not work? I am under catalina and my plugins are working fine. it's just a legal obligation is it?
-
The end user will see a passive-aggressive popup from macOS that suggests your software is full of viruses unless you notarize.
It isn't a show stopper (AFAIK you can still run the installer by right-clicking and choosing Open from the context menu) but you need to prepare to answer a few more customer support emails than you should have to...
-
@Christoph-Hart however i have already given my plugins and vst to friends to try and they had no problem installing. logic asks that the plugin be checked but we can activate it anyway.
-
@adriano are they using Catalina?
Libre Wave - Freedom respecting instruments and effects
My Patreon - HISE tutorials
YouTube Channel - Public HISE tutorials -
@d-healey - my understanding remains that you need to notarise anything that will "run" on its own - so app or pkg or dmg etc. but plug-ins - that are called from within DAWs only need to be codesigned. Colour me massively unsurprised is this opinion is wrong...
HISE Development for hire.
www.channelrobot.com -
@Lindon Perhaps it is needed for apps, the KVR thread just mentions plugins. I'll see what I can find out!
-
@d-healey yes. And me too
-
@d-healey it also works without problem with the standalone versions. indeed the plugins already have an "Abcd" code for their operation in the daw.
-
@adriano said in Notarisation for dummies:
@d-healey indeed the plugins already have an "Abcd" code for their operation in the daw.
That's not related to notarization.
Have you disabled/bypassed gatekeeper?
-
@Lindon Seems like we're good to just notarize the pkg
Does notarization apply to a .app contained on a .pkg?
Yep. From my previous post:
The notary service generates a ticket for the top-level file that you specify, as well as each nested file. For example, if you submit a disk image that contains a signed installer package with an app bundle inside, the notarization service generates tickets for the disk image, installer package, and app bundle.Your app must get code signed and get Hardened Runtime enabled,
My exporter tool handles this.
