Just a PSA — Apple finally decommissioned the altool
that many of have been using to notarize Cabbage plugins. This means that notarization will fail. Unless someone gets to it before me, I will provide an updated script for notarizing and distributing Cabbage plugins on OSX soon.
OSX Notarization : Apple finally decommissioned the altool
You’re in luck, I’ve made this recently . The script is for packaging the plugins and presets into a .pkg file, alongside signing, notarizing and stapling.
#!/bin/bash
echo ""
echo "=============================================================================================================="
echo "==== Code signing and notarisation script ===="
echo "=============================================================================================================="
echo "==== ===="
echo "==== Usage: ===="
echo "==== sh ./createPkgs.sh PluginName DeveloperID TeamID AppleID AppPass Identifier Version ===="
echo "==== ===="
echo "==== PluginName = Plugin name without any extension - will try to create pkgs for VST/VST3/AU ===="
echo "==== Developer ID = \"Your Name (NNNNNNNNNN)\" ===="
echo "==== Team ID = NNNNNNNNNN ===="
echo "==== Apple ID = emailaddress@somewhere.com ===="
echo "==== AppPass = app-specific password generated at https://appleid.apple.com/ ===="
echo "==== Identifier = com.MyCompany.PluginName ===="
echo "==== Version = version number, i.e, 1.0.1 ===="
echo "=============================================================================================================="
echo ""
if [[ $# -lt 7 ]]; then
echo "Error: Illegal number of parameters..."
echo ""
exit
fi
PLUGIN_NAME=$1
DEVELOPER_ID=$2
TEAM_ID=$3
APPLE_ID=$4
APP_PASS=$5
IDENTIFIER=$6
VERSION=$7
#use pkgbuild to build the plugin installers - and sign with Apple Developer ID
codesign -s "Developer ID Application: $DEVELOPER_ID" "$PLUGIN_NAME".component --timestamp --force --deep
pkgbuild --install-location /Library/Audio/Plug-Ins/Components --identifier "$IDENTIFIER".au --version "$VERSION" --scripts Scripts --component "$PLUGIN_NAME.component" "$PLUGIN_NAME"_au.pkg
codesign -s "Developer ID Application: $DEVELOPER_ID" "$PLUGIN_NAME".vst --timestamp --force --deep
pkgbuild --install-location /Library/Audio/Plug-Ins/VST --identifier "$IDENTIFIER".vst --version "$VERSION" --component "$PLUGIN_NAME".vst "$PLUGIN_NAME"_vst.pkg
codesign -s "Developer ID Application: $DEVELOPER_ID" "$PLUGIN_NAME".vst3 --timestamp --force --deep
pkgbuild --install-location /Library/Audio/Plug-Ins/VST3 --identifier "$IDENTIFIER".vst3 --version "$VERSION" --component "$PLUGIN_NAME".vst3 "$PLUGIN_NAME"_vst3.pkg
pkgbuild --root Presets --identifier "$IDENTIFIER".presets --version "$VERSION" --install-location /Users/Shared/*COMPANY*/"$PLUGIN_NAME"/Presets Presets.pkg
# Build installer
productbuild --synthesize --package "$PLUGIN_NAME"_au.pkg --package "$PLUGIN_NAME"_vst.pkg --package "$PLUGIN_NAME"_vst3.pkg --package Presets.pkg distribution.xml
productbuild --distribution distribution.xml --resources Resources/ "$PLUGIN_NAME".pkg
# Codesign, notarize and staple installer
productsign --sign "Developer ID Installer: $DEVELOPER_ID" "$PLUGIN_NAME".pkg "$PLUGIN_NAME"_installer.pkg
xcrun notarytool submit "$PLUGIN_NAME"_installer.pkg --apple-id $APPLE_ID --password $APP_PASS --team-id $TEAM_ID --wait
xcrun stapler staple "$PLUGIN_NAME"_installer.pkg
# Remove all files except installer
rm "$PLUGIN_NAME"_au.pkg
rm "$PLUGIN_NAME"_vst.pkg
rm "$PLUGIN_NAME"_vst3.pkg
rm "$PLUGIN_NAME".pkg
rm Presets.pkg
rm distribution.xml
echo "Installer was successfully built, signed and notarized"
I also have a postinstall script to ensure that users can edit and save new presets. If you’re not allowing users this, then this is not necessary:
#!/bin/bash
chown -R $USER:staff "/Users/Shared/*COMPANY*/*PLUGIN_NAME*"
exit 0
Guide to create the postinstall script file: https://stackoverflow.com/a/48768265
When you’ve successfully set the postinstall script up, the console should log this when running the installation script:
pkgbuild: Adding top-level postinstall script
Replace the COMPANY and PLUGIN_NAME in asterisk (*) with your actual company and plugin names
Ahhh — excellent! I’m really glad you beat me to it
Will try it out next week… Thank you!
@hdale94 just trying this out and it looks great. I am getting some errors though — I think related to the script…
I will try it again later but perhaps you know the issue offhand. Is this line correct?
pkgbuild --install-location /Library/Audio/Plug-Ins/Components --identifier "$IDENTIFIER".au --version "$VERSION" --scripts Scripts --component "$PLUGIN_NAME.component" "$PLUGIN_NAME"_au.pkg
What is the script that is alluded to here? I am getting these errors:
pkgbuild: error: Cannot write package to "Coil_au.pkg". (The file “Scripts” couldn’t be opened.)
--scripts Scripts
This is a relative path to the folder called Scripts, which is inside the same folder you are running the installer from. If you have no postinstall script, you should be able to remove it from the line.
This script works great. Love that it notarizes the installers too — something I never did before but received a bunch of support emails about. Think I’ll modify it to run a batch on all the installers. Thank you!