So, today I wanted to check how my plugin and its installer are behaving in Catalina.
This is my context:
- the last official plugin release was built at the end of 2018 (before Catalina existed) with XCode 10.x (or perhaps even 9.x; would need to look it up)
- my installer package (created with Packages) is code-signed
- the VST and AU plugins inside the .pkg are NOT signed
- the AAX plugin inside the .pkg is signed with the Eden tools from PACE
- the installer .pkg file was NOT submitted to Apple for notarization
- I didnāt do anything regarding āhardened run-timeā (feel free to explain how this impacts plugins and what I should do)
- the software is distributed outside the app store (installer package download from my site)
- Iāve been an official (paying) Apple developer for several years
So I cloned my 10.14 system to an external USB drive and then upgraded that clone to 10.15 (Catalina).
I removed all traces of my plugin from the system, and then ran the installer as-is.
Results:
- Apart from the usual āInstaller is trying to install new softwareā dialog where you have to type your password to allow this, the installation worked fine as before.
- When activating the plugin (from inside the plugin itself, which contacts my activation server) everything worked fine as well (an activation response file gets written to the userās disk).
- I activated my plugin from within the latest version of Logic Pro X and also tested the plugin in GarageBand and Plogue Bidule, and found no issues so far (didnāt test Pro Tools yet, but given that they donāt currently support Catalina, that can wait).
But what does this mean?
I was under the impression things would no longer work without changes to the signing process / adding notarization / making settings for hardened run-timeā¦
So, what gives? Is this just a temporary thing for a few months as a ātransition windowā?
Is it because the installer was already signed months ago and my developer ID already exists for years and I got lucky?
This is what I see on the command line:
KTMacBookPro:SampleSumo ktanghe$ spctl --assess -vvv --type install SaltyGrainInstaller_1.1.3_20181228.pkg
SaltyGrainInstaller_1.1.3_20181228.pkg: accepted
source=Developer ID
origin=Developer ID Installer: SampleSumo (PV86PQRTGE)
KTMacBookPro:SampleSumo ktanghe$ stapler validate SaltyGrainInstaller_1.1.3_20181228.pkg
Processing: /Users/ktanghe/InstallSources/Sound/SampleSumo/SaltyGrainInstaller_1.1.3_20181228.pkg
SaltyGrainInstaller_1.1.3_20181228.pkg does not have a ticket stapled to it.
I read this thread: Apple Gatekeeper notarised distributables , but Iām still not sure if it is expected that I didnāt have to change anything at all, if this is only for standalone software apps, if this is because I was using an upgraded OS (vs. a fresh install), or if itās just a temporary thing.
Could anyone explain this behavior Iām seeing? Thanks!
PS
I saw Apple will be present at ADC, so it would be good if they could make a clear presentation of what all this means for audio plugin developers.