How to Codesign OSX Plugins:

Outline:

Now that you have finished your plugin and you are trying to distribute it to new versions of MacOS, the first step is to code sign the binary of the plugin and the assets (ie wavetables and sprite sheets). After you will then use a provided shell script to bundle your plugin into a zip file for submission to Apple for approval. This process requires an Apple Developers Certificate (~100$ per year). Thanks to Rory for helping me through this so I will try to be very explicit in what I learned and hopefully ease this process for others.

Step 1: Getting familiar with command line interface

The first step will be to build your plugin and then right click the vst or component and open it up. There will be a contents folder and in it you should likely create a folder titled "Resources" and place all of your assets in this folder.
Open up your terminal application and change directory to your folder with your plugin:

cd /Documents

then run this line with your plugin’s name replacing the example text:

xattr -cr plugin.vst3

Now cd into your new Resources folder :

cd /Documents/plugin.vst3/contents/Resources

I typically then use ls to provide me a text read out of the resources folder for organizational purposes which I copy to a plain text document like atom vs code or notepad:

A.wav B.wav logooff.png logoon.png

I then format the text like so to use the codesign command on each item in the folder so i can easily run it again if there is an issue:

codesign -s - A.wav --timestamp --deep --force
codesign -s - B.wav --timestamp --deep --force
codesign -s - logoon.png --timestamp --deep --force
codesign -s - logooff.png --timestamp --deep --force

After this you will need to cd into your macOS folder of the plugin:

cd /Documents/plugin.vst3/contents/MacOS

then you will need to codesign the binary (the only file in the MacOS folder):
codesign -s - plugin --timestamp --deep --force

If everything went well then you should be able to load the plugin and assets in your DAW will appear normally

Step 2: Getting an Apple Developer Certificate and Apple ID account

You now need to setup and pay for your [Apple Developer Certificate](https://developer.apple.com). Essentially just follow the steps they provide into creating a developer account then do the following to make a Developer Certificate:

1. Log into your Apple Developer Account and go to Certificates, Identifiers & Profiles .
2. In the upper-left corner, click + to add.
3. Under Software, select Developer ID then click Continue .
4. Click Choose File .
5. Select the certificate request file you created earlier (a file with a certSigningRequest file extension), then click Choose .
6. Click Continue .
7. Click Download .

You should now have in the Apple Keychain Access a certificate like:
Developer ID Application: Deborah Smith (XCT8C398FK)

now log into your Apple id and make an app specific password, the real trick here is to copy the password so its handy, it should look like some random character version of this:
nghm-pfio-nmlg-nvac

next download this shell script Rory made to build the zip for Apples approval to distribute your plugin:

prepareForDistribution.sh (1.7 KB)

next cd into your plugin folder via the terminal and add this shell script there. Add all of your plugin details like below with your Developer ID Application and the app specific password in this format then run the script, the result should make a zip in the directory mentioned in the script

sudo ./prepareForDistribution.sh /Documents/plugin.vst3 plugin "Developer ID Application: Deborah Smith (XCT8C398FK)" plugin nghm-pfio-nmlg-nvac

note you will have to add your computer password due to sudo
additional note is that you should really be careful with copy and pasting as character formatting can ruin the command line process if theres sneaky html or unicode symbols in the text

Step 3: Submitting to Apple

Now that you have your nice lil zip file ready to send off for beta testing with your friends who own new Macbooks, you will then run this command in the command line with your Apple id and the app specific password you created earlier:
xcrun altool --notarize-app --username deb@gmail.com --password nghm-pfio-nmlg-nvac --file plugin.vst3.zip --verbose

granted this is all correct you should start to see the verbose logging in the terminal and then if it says 100% done you should get an email tied to your apple id saying “Hey congrats your app was approved” and you can now share the contents of that zip with other new Mac users and look professional

otherwise you will see the specific errors in the verbose logging and then your detective work begins with the above information. I hope this was helpful and again cheers to Rory for the hard work of helping me through this as well

Thanks for this @euglossine4ever! The more info we have on this the better. Note that the $100 Apple tax is ONLY if you want to notarise your plugins. If not you can just ask your plugin users to sign the plugin themselves. Well, this is my understanding at least.