Notarisation for dummies
-
Yes I did follow the guideline, but forgot to add the
--deep --force --options runtimeflags when signing the standalone app. All works now.Just one minor thing, I couldn't verify the notarisation with Lindons's suggestion, but this approach worked
-
@Christoph-Hart said in Notarisation for dummies:
Yes I did follow the guideline, but forgot to add the
--deep --force --options runtimeflags when signing the standalone app. All works now.Just one minor thing, I couldn't verify the notarisation with Lindons's suggestion, but this approach worked
For codesign checking I use this:
pkgutil --check-signature "/Volumes/Data/My_Installer.pkg"
For notarization checking I use this:
spctl -a -vvv -t install "/Volumes/Data/My_Installer.pkg"If the notarization is ok, you should see "accepted" message.
Both of them should work in your system too.
-
@orange - cool. I will add these to my process...
-
Just another tidbit for those lay-people like me — I recently discovered this third-party app while trying to learn about notarization: DMG Canvas
It's a WYSIWYG builder that automatically notarizes and staples your installer using your Apple ID when you build the DMG file. Super clean!
-
@Christoph-Hart I do the @Lindon way. Almost everything the same. I just staple VSTs and AUs before packaging them into a .pkg and I got the "The validate action worked!" on everyone (files by themselves and installers)
-
@hisefilo You don't need to notarize/staple your plugins. You only need to codesign plugins and notarize/staple the installer.
Libre Wave - Freedom respecting instruments and effects
My Patreon - HISE tutorials
YouTube Channel - Public HISE tutorials -
@d-healey I was loosing my time then!!!! Thanks Dave
-
@d-healey said in Notarisation for dummies:
@hisefilo You don't need to notarize/staple your plugins. You only need to codesign plugins and notarize/staple the installer.
So Only Code Signing The .Component / .VST Or .VST3 Can Let Us To Distribute The Plugin?
Without Installers?So End User Can Drag & Drop The Plugin Into The Folders And Get To Work Right Away?!!!
-
@Natanr No. If you are distributing the binaries only then they need to be codesigned and notarized/stapled, but if you are distributing them in a pkg (or a DMG that contains a pkg) then you only need to notarize the pkg. This is according to the famous KVR post - https://www.kvraudio.com/forum/viewtopic.php?t=531663
-
@d-healey at the risk of a pass for an ignorant, what is the use of notarization? if my .vst or .au plugin is not notarized it will not work? I am under catalina and my plugins are working fine. it's just a legal obligation is it?
-
The end user will see a passive-aggressive popup from macOS that suggests your software is full of viruses unless you notarize.
It isn't a show stopper (AFAIK you can still run the installer by right-clicking and choosing Open from the context menu) but you need to prepare to answer a few more customer support emails than you should have to...
-
@Christoph-Hart however i have already given my plugins and vst to friends to try and they had no problem installing. logic asks that the plugin be checked but we can activate it anyway.
-
@adriano are they using Catalina?
Libre Wave - Freedom respecting instruments and effects
My Patreon - HISE tutorials
YouTube Channel - Public HISE tutorials -
@d-healey - my understanding remains that you need to notarise anything that will "run" on its own - so app or pkg or dmg etc. but plug-ins - that are called from within DAWs only need to be codesigned. Colour me massively unsurprised is this opinion is wrong...
HISE Development for hire.
www.channelrobot.com -
@Lindon Perhaps it is needed for apps, the KVR thread just mentions plugins. I'll see what I can find out!
-
@d-healey yes. And me too
-
@d-healey it also works without problem with the standalone versions. indeed the plugins already have an "Abcd" code for their operation in the daw.
-
@adriano said in Notarisation for dummies:
@d-healey indeed the plugins already have an "Abcd" code for their operation in the daw.
That's not related to notarization.
Have you disabled/bypassed gatekeeper?
-
@Lindon Seems like we're good to just notarize the pkg
Does notarization apply to a .app contained on a .pkg?
Yep. From my previous post:
The notary service generates a ticket for the top-level file that you specify, as well as each nested file. For example, if you submit a disk image that contains a signed installer package with an app bundle inside, the notarization service generates tickets for the disk image, installer package, and app bundle.Your app must get code signed and get Hardened Runtime enabled,
My exporter tool handles this.
-
@d-healey I don't understand everything in the language of a programmer like you. gatekeeper I don't even know what it is. I distributed a dixiane of plugin to friends under catalina, mainly producers. I created one. pkg with the mac package application, then creates a distribution package. I just told the package to put the .vst and .au plugins in audio / plugin .... and that's it .. no problem whatsoever at the package or vst level. To be sure, I asked my friends if they had any errors and no one reported any problem to me. I did not do any right click manipulation etc ... just we open the pkg and everything works fine. After that maybe to distribute a plugin via the apple store it is necessary but for me, at this moment, everything is fine. I compile under x code latest version, project latest version and catalina latest version
