OSX Notarization : Apple finally decommissioned the altool

Just a PSA — Apple finally decommissioned the altool that many of have been using to notarize Cabbage plugins. This means that notarization will fail. Unless someone gets to it before me, I will provide an updated script for notarizing and distributing Cabbage plugins on OSX soon.

You’re in luck, I’ve made this recently . The script is for packaging the plugins and presets into a .pkg file, alongside signing, notarizing and stapling.

#!/bin/bash  
echo ""
echo "=============================================================================================================="
echo "====              Code signing and notarisation script                                                    ===="
echo "=============================================================================================================="
echo "====                                                                                                      ===="
echo "====     Usage:                                                                                           ===="
echo "====     sh ./createPkgs.sh PluginName DeveloperID TeamID AppleID AppPass Identifier Version              ===="
echo "====                                                                                                      ===="
echo "====     PluginName = Plugin name without any extension - will try to create pkgs for VST/VST3/AU         ===="
echo "====     Developer ID = \"Your Name (NNNNNNNNNN)\"                                                        ===="
echo "====     Team ID = NNNNNNNNNN                                                                             ===="
echo "====     Apple ID = emailaddress@somewhere.com                                                            ===="
echo "====     AppPass = app-specific password generated at https://appleid.apple.com/                          ===="
echo "====     Identifier  = com.MyCompany.PluginName                                                           ===="
echo "====     Version  = version number, i.e, 1.0.1                                                            ===="
echo "=============================================================================================================="
echo ""

if [[ $# -lt 7 ]]; then
    echo "Error: Illegal number of parameters..."
    echo ""
    exit
fi

PLUGIN_NAME=$1
DEVELOPER_ID=$2
TEAM_ID=$3
APPLE_ID=$4
APP_PASS=$5
IDENTIFIER=$6
VERSION=$7

#use pkgbuild to build the plugin installers - and sign with Apple Developer ID
codesign -s "Developer ID Application: $DEVELOPER_ID" "$PLUGIN_NAME".component --timestamp --force --deep
pkgbuild --install-location /Library/Audio/Plug-Ins/Components --identifier "$IDENTIFIER".au --version "$VERSION" --scripts Scripts --component "$PLUGIN_NAME.component" "$PLUGIN_NAME"_au.pkg

codesign -s "Developer ID Application: $DEVELOPER_ID" "$PLUGIN_NAME".vst --timestamp --force --deep
pkgbuild --install-location /Library/Audio/Plug-Ins/VST --identifier "$IDENTIFIER".vst --version "$VERSION" --component "$PLUGIN_NAME".vst "$PLUGIN_NAME"_vst.pkg

codesign -s "Developer ID Application: $DEVELOPER_ID" "$PLUGIN_NAME".vst3 --timestamp --force --deep
pkgbuild --install-location /Library/Audio/Plug-Ins/VST3 --identifier "$IDENTIFIER".vst3 --version "$VERSION" --component "$PLUGIN_NAME".vst3 "$PLUGIN_NAME"_vst3.pkg

pkgbuild --root Presets --identifier "$IDENTIFIER".presets --version "$VERSION" --install-location /Users/Shared/*COMPANY*/"$PLUGIN_NAME"/Presets Presets.pkg

# Build installer
productbuild --synthesize --package "$PLUGIN_NAME"_au.pkg --package "$PLUGIN_NAME"_vst.pkg --package "$PLUGIN_NAME"_vst3.pkg --package Presets.pkg distribution.xml
productbuild --distribution distribution.xml --resources Resources/ "$PLUGIN_NAME".pkg

# Codesign, notarize and staple installer
productsign --sign "Developer ID Installer: $DEVELOPER_ID" "$PLUGIN_NAME".pkg "$PLUGIN_NAME"_installer.pkg
xcrun notarytool submit "$PLUGIN_NAME"_installer.pkg --apple-id $APPLE_ID --password $APP_PASS --team-id $TEAM_ID --wait
xcrun stapler staple "$PLUGIN_NAME"_installer.pkg

# Remove all files except installer
rm "$PLUGIN_NAME"_au.pkg
rm "$PLUGIN_NAME"_vst.pkg 
rm "$PLUGIN_NAME"_vst3.pkg 
rm "$PLUGIN_NAME".pkg 
rm Presets.pkg 
rm distribution.xml

echo "Installer was successfully built, signed and notarized"

I also have a postinstall script to ensure that users can edit and save new presets. If you’re not allowing users this, then this is not necessary:

#!/bin/bash

chown -R $USER:staff "/Users/Shared/*COMPANY*/*PLUGIN_NAME*"

exit 0

Guide to create the postinstall script file: https://stackoverflow.com/a/48768265

When you’ve successfully set the postinstall script up, the console should log this when running the installation script:
pkgbuild: Adding top-level postinstall script

Replace the COMPANY and PLUGIN_NAME in asterisk (*) with your actual company and plugin names

Ahhh — excellent! I’m really glad you beat me to it
Will try it out next week… Thank you!

@hdale94 just trying this out and it looks great. I am getting some errors though — I think related to the script…

I will try it again later but perhaps you know the issue offhand. Is this line correct?

pkgbuild --install-location /Library/Audio/Plug-Ins/Components --identifier "$IDENTIFIER".au --version "$VERSION" --scripts Scripts --component "$PLUGIN_NAME.component" "$PLUGIN_NAME"_au.pkg

What is the script that is alluded to here? I am getting these errors:
pkgbuild: error: Cannot write package to "Coil_au.pkg". (The file “Scripts” couldn’t be opened.)

--scripts Scripts

This is a relative path to the folder called Scripts, which is inside the same folder you are running the installer from. If you have no postinstall script, you should be able to remove it from the line.

This script works great. Love that it notarizes the installers too — something I never did before but received a bunch of support emails about. Think I’ll modify it to run a batch on all the installers. Thank you!