[Article] How to code sign and notarize macOS audio plugins in CI

I wrote up an article on how to code sign macOS plugins in CI. It doesn’t cover absolutely everything about macOS code signing (I still need to write up some more details on .pkg vs. .dmg) but hopefully it can help someone navigate some of the weeds.

The Windows counterpart is here.

20 Likes

This is amazing, I wish I had read your article a couple of years ago. I’ve had to pick up a lot of scattered information to get to what you have there in such a clean and organized matter.

1 Like

Great article!

1 Like

Thanks, you guys!

Oh man, I’ve been sitting on this one for some weeks, as it sorta starts off “it’s easy!” and then there’s a clutter of small details under every section — kept feeling like it could somehow be better collated — happy to hear it reads helpfully!

2 Likes

Cool! Please consider adding AUV3 bundling to it in the future … :wink:

1 Like

Great article, thanks for collecting all this information!

I have only one remark regarding the --options=runtime flag:
I don’t think that its necessary to use the flag to pass notarization- if I understood correctly then the plugin will inherit the entitlements of the DAW, which in turn need to have the correct entitlements.
We’re not using the hardened runtime options for building/signing our plugins and never faced an issue!

Inspired by my question?

I have 0 experience with AUv3, but if someone can share how they have it setup, I’ll add it to the article.

Thanks for bubbling this up. I recall trying to remove hardening (on an AU) and running into trouble, I’ll have to dig back in to figure out what it was (or maybe someone else can chime in).

Inspired by my own wrestling! Writing things down is the only way future-me can manage to remember how the heck things worked…

2 Likes

Great article. I found my way through all this a while ago, but forgot half of the details in the meantime. Having it written down like this is extremely helpful! And especially the hint regarding notarytool was an important detail to me, wasn’t aware that altool will be discontinued next year, so it seems like a good idea to update my own workflows sooner or later…

3 Likes

Sudara - maybe this is of interest:

Given your style, I’d love to see you address this issue too.