tl;dr you need to sign plugins if you want to share them on the latest versions of MacOS. I’ve provided a simple script below that will do this for you once you have Apple credentials.
As most Apple users will know by now, it’s getting harder and harder to distribute software on a Mac that hasn’t be verified by Apple. It means that users wishing to distribute Cabbage plugins on Mac will now need to adhere to Apple’s latest policy regarding signing and notarising of apps. I will also have to start doing the same with Cabbage itself. Anyhow, if you do wish to share plugin bundle with people, you will now need to do the following (take a deep breath…)
Sign up for an Apple developer ID, this will cost 99$ yearly.
Create a Developer ID Certificate.
- Log into your Apple Developer Account and go to Certificates, Identifiers & Profiles .
- In the upper-left corner, click + to add.
- Under Software, select Developer ID then click Continue .
- Click Choose File .
- Select the certificate request file you created earlier (a file with a
certSigningRequestfile extension), then click Choose .
- Click Continue .
- Click Download .
When this is done, you should have in your KeyChain Access a certificate with a name like
"Developer ID Application: R Walsh (4R359YV9BF)
That’s the apple ID stuff taken care of. Now you must do the following for each plugin you will to release.
Generate an application/plugin specific password at https://appleid.apple.com/ Click the generate application password link, give the password a general name, i.e, GranularPlugin, and then generate. It will show you a new password. copy and paste it somewhere. Note you never use your regular Apple password here. It’s also app specific ones you need to use.
Assuming that you have exported your plugin, relink the binaries. These step is explaining in Distributing Plugins on MacOS Part 1. Note that you should really remove everything from the embedded Csound pacakge that you don’t need. In most case I wipe the contents of the Opcode64 folder too. The less binary files you have in there, the less work you have to do.
The next step is to sign and notarise. You must
codesignthe plugin binaries, and the Csound library binaries. Then you prepare a zip file and upload this to Apple for verification. I use the following script to do this. prepareForDistribution.sh (2.1 KB) I call it like this:
sudo ./prepareForDistribution.sh ~/Library/Audio/Plug-Ins/VST/PluginName.vst PluginName "Developer ID Application: R Walsh (4R359YV9BF)" myAppleIdId my_app_password
After the final step, you should get message like this:
No errors uploading ‘MyPlugin.zip’.
RequestUUID = bdsf5b-248dfg6-9fa1-33fdgh1778234
Now you must check that the verification was Ok. To do this, you can pass the RequestUUID to the
xcrun altoolcommand, where
RequestUUIDbelow is the RequestUUID code from above. You will need to pass your app-password at this point.
xcrun altool --notarization-info RequestUUID -u myAppleID
This will cause more information to be printed to the screen:
Date: 2021-09-21 12:34:56 +0000
Status Code: 0
Status Message: Package Approved
If package is approved, great, you’re good to start distributing your plugins. If not, copy and pass the LogFileURL and see where the package failed. It’s usually because some of the binaries have not been code-signed. It will tell you which ones you need to sign. Take a look at the script I provided for details on how to do this.
Finally, I’ve been testing this with a new universal build of Csound which you can get from here. It’s pretty barebones in that not all plugins are supported, but it’s will run natively on an M1 mac which is nice. Because it’s my own build of Csound, the relink script from the previous post will not work. You need to use this one instead.
relinkCsoundMacOS.sh (2.4 KB)
Of course I’m happy to answer any questions. I wish I could make this process easier, but Apple has put everyone in a real tight corner here. I don’t think we have any choice but to play ball.