So, today I wanted to check how my plugin and its installer are behaving in Catalina.
This is my context:
- the last official plugin release was built at the end of 2018 (before Catalina existed) with XCode 10.x (or perhaps even 9.x; would need to look it up)
- my installer package (created with Packages) is code-signed
- the VST and AU plugins inside the .pkg are NOT signed
- the AAX plugin inside the .pkg is signed with the Eden tools from PACE
- the installer .pkg file was NOT submitted to Apple for notarization
- I didn’t do anything regarding “hardened run-time” (feel free to explain how this impacts plugins and what I should do)
- the software is distributed outside the app store (installer package download from my site)
- I’ve been an official (paying) Apple developer for several years
So I cloned my 10.14 system to an external USB drive and then upgraded that clone to 10.15 (Catalina).
I removed all traces of my plugin from the system, and then ran the installer as-is.
- Apart from the usual “Installer is trying to install new software” dialog where you have to type your password to allow this, the installation worked fine as before.
- When activating the plugin (from inside the plugin itself, which contacts my activation server) everything worked fine as well (an activation response file gets written to the user’s disk).
- I activated my plugin from within the latest version of Logic Pro X and also tested the plugin in GarageBand and Plogue Bidule, and found no issues so far (didn’t test Pro Tools yet, but given that they don’t currently support Catalina, that can wait).
But what does this mean?
I was under the impression things would no longer work without changes to the signing process / adding notarization / making settings for hardened run-time…
So, what gives? Is this just a temporary thing for a few months as a “transition window”?
Is it because the installer was already signed months ago and my developer ID already exists for years and I got lucky?
This is what I see on the command line:
KTMacBookPro:SampleSumo ktanghe$ spctl --assess -vvv --type install SaltyGrainInstaller_1.1.3_20181228.pkg SaltyGrainInstaller_1.1.3_20181228.pkg: accepted source=Developer ID origin=Developer ID Installer: SampleSumo (PV86PQRTGE) KTMacBookPro:SampleSumo ktanghe$ stapler validate SaltyGrainInstaller_1.1.3_20181228.pkg Processing: /Users/ktanghe/InstallSources/Sound/SampleSumo/SaltyGrainInstaller_1.1.3_20181228.pkg SaltyGrainInstaller_1.1.3_20181228.pkg does not have a ticket stapled to it.
I read this thread: Apple Gatekeeper notarised distributables , but I’m still not sure if it is expected that I didn’t have to change anything at all, if this is only for standalone software apps, if this is because I was using an upgraded OS (vs. a fresh install), or if it’s just a temporary thing.
Could anyone explain this behavior I’m seeing? Thanks!
I saw Apple will be present at ADC, so it would be good if they could make a clear presentation of what all this means for audio plugin developers.