@sudara, thanks for your work on this - I have been struggling with DMG distribution as well. I still like the DMG installer method, so the user has some control over what’s being done to their computer. At least with a pkg, you can inspect it with good ol’ Suspicious Package to see what’s going on. (Unlike .app installers.)
So now I distribute a DMG with the plugins (but no symlinks), a readme and a pkg inside. However this is still not without issue…
After a lot of testing, VMs, and some emails with Rob from Avid, I have found that Gatekeeper blocks notarized AAX plugins distributed alongside a notarized pkg containing that same AAX. This is somehow related to the non-standard plist entry I mention here.
So, if you are distributing an AAX alongside your pkg, you can use Projucer to override the plist entry in AAX and Gatekeeper will not block it if distributed with a pkg.
1 Like