I am getting errors when notarizing such as: “The binary is not signed with a valid Developer ID certificate.” and “The signature does not include a secure timestamp.” This is with a script that has been working for months. The only thing that changed was an update to JUCE 6.1.3. I’m not sure how/why that might affect things, if at all.
Example error:
{
"severity": "error",
"code": null,
"path": "MyPluginInstaller.pkg/MyPlugin_VST3.pkg Contents/Payload/Library/Audio/Plug-Ins/VST3/MyPlugin.vst3/Contents/MacOS/MyPlugin",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
},
I initially thought that codesign was not signing the binary when I gave it the path to the vst3. I updated it to pass in the actual binary path. I still got the same error
My CI script verifies that the codesigning was successful.
Can anyone offer a clue as to what may have gone wrong?
Potentially unrelated, but I would get this kind of error when Apple pushed out changes to their developer T&C’s. It might be worth logging into their Developer portal and seeing if it wants you to agree to anything.
It could well be that. I seem to remember it happening once before… Just checked and there was one agreement I needed to renew relating to Paid Apps, in App Store Connect. Let’s see if that fixes the issue…
This caused my binaries to get signed with an ad-hoc certificate. Which then meant my codesign call did not codesign because the binaries had already been code signed. Adding --force fixed the issue.
I’m wondering what problem this change was aiming to solve? Perhaps being able to test plugins on recent macOS versions?
