Hello,
I tried to notarize my plugins to use with Catalina. Followed this topic on KVR but not worked.
https://www.kvraudio.com/forum/viewt...?f=33&t=531663
Then talked with Apple support. They were really fast!
Here is my steps for signing and notarizing plugins and pkg files...
First, we need Apple Developer ID, keychains for signing (Developer ID Application), altool password for notarization. (I guess, you already have...)
I'm using Mojave 10.14.6 and Xcode 10.3.
As i said, i followed KVR topic but no luck.
In Xcode type "--timestamp" in "Build Settings -> Other Code Signing Flags".
According to KVR topic, Packages app should already add timestamp with your certificate but it can't. So, we need to add it inXcode. (At least, i had to do that like this)
Then, use your "Developer ID Application" certificate to sign plugins in Xcode. In "Target's General" tab, you can set your "Team" and "Signing Certificate", manually. It must be Developer ID Application" cert. Also, if you select "Automatic Signing", Xcode will use your "Mac Developer" and it won't work.
Now, our Xcode settings are ready.
After building, plugins will be signed but needs to be notarized.
Then, use this command to notarize your zip files if you share your plugins with zip file. (Same as KVR topic)
Code:
xcrun altool --notarize-app --primary-bundle-id "com.company.vst.plugin" --username "USERNAME" --password "PASSWORD" --asc-provider "SHORT_PROVIDER_NAME" --file plugin.zip
But, if you use .pkg, notarization will be little different.
I'm using WhiteBox Packages to build pkg files. Imported my "DEVELOPER ID INSTALLER" certificate but no luck. No timestamp or codesign in Packages app.
So, i used it to create pkg files, only.
After creating pkg file, need to sign it, manually. To do that, use this command;
Code:
codesign -s "Developer ID Application: XXX" "XXX.pkg"
Actually, looks like it must be "Developer ID Installer". But, when i use it, it says "this identity cannot be use for signing code". So, i have to use "Developer ID Application".
Now, we signed out pkg files. Time to notarize...
Notarization section same as KVR. Just use this command;
Code:
xcrun altool --notarize-app -f "/Users/home/Desktop/Install.pkg" --primary-bundle-id com.yourapp.pkg --username "YourAppleID" --password "YourAltoolPassword"
Note: This section is annoying cause altool takes really long time to upload and notarize your app. My pkg file is just 50MB but uploading takes around 1 hour...
Anyway, after notarization you will get an email from Apple. If your app is notarized, no worry. But if not, check you REQUEST IDENTIFIER to check errors. Shows really clear and easy to understand.
After notarization, you can follow same steps in KVR topic.
As i said, that's it at least for me.
There are some minor differences than KVR topic but i solved like this.
No idea about why Packages can't use my certificate to sign and can't use timestamp. But, manually possible to do these steps.
Actually, it's really easy...
Hope, someone find this topic useful.
Thanks.