

Hey guys!Â
I am finally using book 2 and feel like I have learnt so much! Today I going to use my personal plugin at the studio computer to give it a good run, but it doesn't show on my mac, only the mac I exported the VST3 on. I signed the file with my developer account as I have one for a iPhone app I am working on commercially.Â
Has anyone run into this issue?
When you compile the plugin after exporting, it will place the VST3 in the mac-specific library for "user plugins" which is:
~/Library/Audio/Plug-Ins/VST3/
On ASPiK VST3 builds for MacOS, a SymLink (shortcut) to the VST3 is automatically placed there, so it shows up instantly in your DAW. The actual plugin is in your:
/project/mac_build/VST3/Debug
or
/project/mac_build/VST3/Debug/Release
folder depending on your configuration.Â
So, to install on a new computer you need to copy the /project/mac_build/VST3/... version into the user's ~/Library/Audio/Plug-Ins/VST3/ folder, or you need to install it to a known (safe) location, then make a SymLink in the /VST3 folder.Â
Notice that there is a second VST3 destination folder:
/Library/Audio/Plug-Ins/VST3/
which is most likely where your commercially purchased plugins reside. When you sell the plugin, you need to create the installer for that part.Â
I use the first one (~/Library/Audio/Plug-Ins/VST3/) because the other is a protected folder that requires a password or your fingerprint to access it, and the build would fail in XCode as this copy is the last step after the validator runs. In addition, the VST3 SDK sample projects are setup the same way and use the same CMake script as the ASPiK plugins.
This information (as well as the details for AU and AAX) is in the ASPiK documentation; for VST3 it is here:
http://aspikplugins.com/sdkdoc.....ugins.html
WillÂ


I believe that the issue is actually on the mac OS side of things, as what you said above works true for the computer I compile it on, where if I take it to another mac it doesn't work. Using codesign reveals that it is an unnotarised Developer ID Signed vst3. So I have submitted it to be notarised as a trial to see if this is the issue.
One thing I have noticed, which maybe a known issue or bug or something. When I compile multiple times, or change settings to prepare for notarisation (the requirement for 10.15) the GUI inside Ableton dis-appears as though it has one no longer. Cleaning the build folder and recompiling failed, as did deleting the entire folder and running cmake inside the mac build again and starting fresh. A complete new export was required from RackAFX. So not sure on this matter, trying to investigate further.Â
Â
Prepare Your Software for Notarisation - https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution
I have not had that issue with any GUI since ASPiK 1.6.3, which did have an issue and it had to do with the bundle name (ID) but that has been fixed for a couple of revisions. ASPiK 1.6.5 (and new RackAFX) also fixed an issue with Release versions but for AU only (having to do with cocoa gui).
Thanks for the apple link!

I'm ready to give up on this whole Apple thing
I bought a Developer ID Application subscription. Learnt how to build different architectures and deep sign the plugins. When I share them with a mate over Skype, he can load them on his Intel Mac (I'm building on an M1 MBP).
codesign --deep --strict --force --verify --verbose --options runtime --sign "$developer_id" --arch $arch $vst3_buildfile --timestamp
Now when I upload a zip file with all my plugins (VST3 or AU, doesn't make any difference) to GitHub, they can't be loaded coz the Mac (even my own) complainsÂ
can’t be opened because Apple cannot check it for malicious software.
Â
This software needs to be updated. Contact the developer for more information.
Â
Safari downloaded this file today at 00:04 from objects.githubusercontent.com.
I'm trying to notarize them now, but can't make head nor tail of the meaning of the parameters or the feedback
xcrun altool --notarize-app --primary-bundle-id "developer.au.autoq.bundleID" --username "(my apple id)" --password "(secret)" --file ~/Documents/Doomsville/Releases/MacOS/AU/x86_64/AutoQ_AU.component.zip
Then I just get
xcrun altool --notarization-history 0 -u (my apple id)) -p (secret)
Â
Notarization History - page 0
Â
Date           RequestUUID             Status Status Code Status Message Â
------------------------- ------------------------------------ ------- ----------- ---------------Â
2022-01-26 02:18:07 +0000 26f66d61-1784-471a-86c9-16f9468c3dfe invalid 2 Â Â Â Â Â Package InvalidÂ
2022-01-26 01:57:21 +0000 3a451285-1e8e-4fa4-b16d-ecf7708beba0 invalid 2 Â Â Â Â Â Package InvalidÂ
2022-01-26 01:20:05 +0000 732db63b-3835-4e51-af0c-943dcb8ed2f2 invalid 2 Â Â Â Â Â Package InvalidÂ
2022-01-26 00:58:38 +0000 a609d052-a2dd-4418-b536-c8c5cac4c2d3 invalid 2 Â Â Â Â Â Package InvalidÂ
2022-01-26 00:54:00 +0000 1c1d087c-9f93-4f41-9c31-1aaa6089c77d invalid 2 Â Â Â Â Â Package InvalidÂ
Â
Next page value: 1643158440000
spctl -vvv --raw --assess --type exec AU/Release/AutoQ_AU.component
objc[58373]: Class SPExecutionPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class AppWrapper is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class AppWrapperPolicyResult is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class AppWrapperPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class SPLog is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class MIS is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class SPExecutionHistoryItem is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class SPExecutionPolicyItem is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class SPDeveloperPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
objc[58373]: Class GKScanResult is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
AU/Release/AutoQ_AU.component: rejected
Â
Â
assessment:authority
Â
assessment:authority:flags
0
assessment:authority:row
13
assessment:authority:source
Unnotarized Developer ID
Â
assessment:originator
Developer ID Application: Steve Dwyer (N535LFYH6S)
assessment:remote
Â
assessment:verdict
Â
Â
origin=Developer ID Application: Steve Dwyer (N535LFYH6S)
I'm at the point where I'm gonna tell people to get with the program and buy a Windows machine.

I've given up on Notarization - I spent two days on it, read +/- 100 web pages, each either copying the other or with slightly different suggestions. Got my plugins signed, and have now found a workaround for when I've downloaded them from the web to test that: In System Preferences -> Security & Private -> General: Open Anyway. You only need to do it once, then you'll never get bothered again.
I only bought my Mac in November and my Apple Developer Subscription in January, so I have a whole year now to decide whether to discontinue support for Apple in the long run, or maybe I'll get lucky and find a way to notarize plugins, but I'm not going to lose any more sleep over it, I'm already suffering from serious fatigue.

I actually opened a support ticket with Apple Developer for this, as I think they should give developers commands that work. I sent the support staff member output from my auval and spctl. I'm not really hopeful of any groundbreaking progress, but I got two free support tickets with my subscription, so thought I may as well use it.

StevieD said
I actually opened a support ticket with Apple Developer for this, as I think they should give developers commands that work. I sent the support staff member output from my auval and spctl. I'm not really hopeful of any groundbreaking progress, but I got two free support tickets with my subscription, so thought I may as well use it. Â
I only got a 1st-Line response from Apple, with links to pages I'd already visited. Seems I needed to open a Code-Level support ticket, which I thought I'd done. I don't think I shall bother right now.
I have noticed though, that when creating the archive, no "product" is copied into the archive, so the required options to 'distribute' it, an essential step to getting it notarized, aren't availableÂ
I read online that this can be caused by too few, or too many products in the archive, and that this is related to the "Skip install" option on the various targets. I tried every possible permutation of this setting across all the targets, but I always get zero Products in the archive. I also tried a scripted archive & notarization, but the error I get back when running xcodebuild -exportArchive, is indicative of the same, the missing options. It complains that the method developer-is isn't a valid method (with an empty list of methods, {}).
Is there something I can change in the cmake files to get this set up right for the build? I'm pretty new to cmake, but I've bought a book and intended to at least the basics under my belt. I've already spent far too long on this, and do have a workaround https://github.com/DoomyDwyer/ASPiKProjects/blob/main/UserGuides/workaround_macos_notarization.md

I've done some tweaking of my project, but, despite now having a Product in the Products directory of the xcode archive file, XCode is still only seeing this as a "Generic XCode Archive". Here are the contents of my archive, including the .component. Does anyone have any ideas or experience with similar issues?
total 8
drwxr-xr-x 6 stevedwyer staff 192 31 Jan 01:13 .
drwxr-xr-x 4 stevedwyer staff 128 31 Jan 01:13 ..
-rw-r--r-- 1 stevedwyer staff 395 31 Jan 01:13 Info.plist
drwxr-xr-x@ 3 stevedwyer staff  96 31 Jan 01:12 Products
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:13 SCMBlueprint
drwxr-xr-x 2 stevedwyer staff  64 31 Jan 01:13 dSYMs
Â
./Products:
total 0
drwxr-xr-x@ 3 stevedwyer staff  96 31 Jan 01:12 .
drwxr-xr-x 6 stevedwyer staff 192 31 Jan 01:13 ..
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:13 Memento_AU.component
Â
./Products/Memento_AU.component:
total 0
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:13 .
drwxr-xr-x@ 3 stevedwyer staff  96 31 Jan 01:12 ..
drwxr-xr-x 7 stevedwyer staff 224 31 Jan 01:12 Contents
Â
./Products/Memento_AU.component/Contents:
total 16
drwxr-xr-x 7 stevedwyer staff  224 31 Jan 01:12 .
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:13 ..
-rw-r--r-- 1 stevedwyer staff 1832 31 Jan 01:12 Info.plist
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:13 MacOS
-rw-r--r-- 1 stevedwyer staff   8 31 Jan 01:12 PkgInfo
drwxr-xr-x 4 stevedwyer staff  128 31 Jan 01:12 Resources
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 _CodeSignature
Â
./Products/Memento_AU.component/Contents/MacOS:
total 7928
drwxr-xr-x 3 stevedwyer staff    96 31 Jan 01:13 .
drwxr-xr-x 7 stevedwyer staff   224 31 Jan 01:12 ..
-rwxr-xr-x 1 stevedwyer staff 4059088 31 Jan 01:13 Memento_AU
Â
./Products/Memento_AU.component/Contents/Resources:
total 920
drwxr-xr-x 4 stevedwyer staff   128 31 Jan 01:12 .
drwxr-xr-x 7 stevedwyer staff   224 31 Jan 01:12 ..
drwxr-xr-x 3 stevedwyer staff   96 31 Jan 01:12 Memento_AU.bundle
-rw-r--r-- 1 stevedwyer staff 469591 31 Jan 01:12 PluginGUI.uidesc
Â
./Products/Memento_AU.component/Contents/Resources/Memento_AU.bundle:
total 0
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 .
drwxr-xr-x 4 stevedwyer staff 128 31 Jan 01:12 ..
drwxr-xr-x 6 stevedwyer staff 192 31 Jan 01:12 Contents
Â
./Products/Memento_AU.component/Contents/Resources/Memento_AU.bundle/Contents:
total 16
drwxr-xr-x 6 stevedwyer staff  192 31 Jan 01:12 .
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 ..
-rw-r--r-- 1 stevedwyer staff 1159 31 Jan 01:12 Info.plist
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 MacOS
-rw-r--r-- 1 stevedwyer staff   8 31 Jan 01:12 PkgInfo
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 _CodeSignature
Â
./Products/Memento_AU.component/Contents/Resources/Memento_AU.bundle/Contents/MacOS:
total 208
drwxr-xr-x 3 stevedwyer staff   96 31 Jan 01:12 .
drwxr-xr-x 6 stevedwyer staff   192 31 Jan 01:12 ..
-rwxr-xr-x 1 stevedwyer staff 106256 31 Jan 01:12 Memento_AU
Â
./Products/Memento_AU.component/Contents/Resources/Memento_AU.bundle/Contents/_CodeSignature:
total 8
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 .
drwxr-xr-x 6 stevedwyer staff  192 31 Jan 01:12 ..
-rw-r--r-- 1 stevedwyer staff 2200 31 Jan 01:12 CodeResources
Â
./Products/Memento_AU.component/Contents/_CodeSignature:
total 8
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:12 .
drwxr-xr-x 7 stevedwyer staff  224 31 Jan 01:12 ..
-rw-r--r-- 1 stevedwyer staff 3616 31 Jan 01:12 CodeResources
Â
./SCMBlueprint:
total 8
drwxr-xr-x 3 stevedwyer staff  96 31 Jan 01:13 .
drwxr-xr-x 6 stevedwyer staff  192 31 Jan 01:13 ..
-rw-r--r-- 1 stevedwyer staff 2269 31 Jan 01:13 Memento_UNIVERSAL.xcscmblueprint
Â
./dSYMs:
total 0
drwxr-xr-x 2 stevedwyer staff  64 31 Jan 01:13 .
drwxr-xr-x 6 stevedwyer staff 192 31 Jan 01:13 ..
stevedwyer@Steves-MacBook-Pro Memento_AU 31-01-2022, 01.13.xcarchive %Â

I did finally get this working, so I shall put the steps below, to help anyone else struggling with this.
I'm releasing a zip file to GitHub, not an Apple package, so archiving the product and using the Organizer to distribute it isn't appropriate for this type of distribution.
Also, it appears that Apple have changed the notarization process at some point. Websites such as KVR Audio mention executing the
xcrun altool --notarize-app ...
command, but I could never get this working. A possibly newer? Apple page mentions using
xcrun notarytool submit ...
I've created a number of build scripts, batch files for building VST3s on Windows, and zsh scripts for building VST3 & AUs on MacOS (I'm on an M1 Silicon Mac running Big Sur) and I'm building for both Apple architectures. I'm also building multiple plugins and packaging those into 1 zip file. I shall however try to distill the steps executed in my script to the essential steps for building, signing & notarizing.
It's also quite plausible that steps are being executed which aren't strictly speaking necessary, all I can say is, that this works for me. One user downloaded my archive of arm64 Audio Units from my GitHub page, and could unpack the zip file into her ~/Library/Audio/Plug-Ins/Components directory and load them in GarageBand, without the OS raising any warnings, so I'm assuming that this notarization has worked.
These are the steps I take to build, sign & notarize my plugins. Firstly, building & signing. The essential commands are in bold:
...
# Build VST3 and AU plaugins, for the required configuration (Debug or Release) and the required platform (x86_64 or arm64)
xcodebuild -target ${project}_VST -configuration $configuration -arch $arch $extra_args
xcodebuild -target ${project}_AU_CocoaUI -configuration $configuration -arch $arch $extra_args
xcodebuild -target ${project}_AU -configuration $configuration -arch $arch $extra_args
vst3_buildfile=VST3/$configuration/$vst3file
au_buildfile=AU/$configuration/$au_file
au_bundlefile=AU/$configuration/${project}_AU.bundle
# Sign the AU bundle prior to copying it - only bother with Release builds
if [[ "$configuration" == "Release" ]] then
developer_id=$(cat ../../developer_id.txt)
echo "Signing $au_bundlefile as $developer_id"
codesign --deep --force --verify --verbose --options runtime --sign "$developer_id" --arch $arch $au_bundlefile --timestamp
# Validate signing
codesign -d --deep -vvv $au_bundlefile
fi
# Copy bundle into component directory
echo Adding bundle file $au_bundlefile to Component $au_buildfile
cp -Rp $au_bundlefile $au_buildfile/Contents/Resources
# Only bother signing Release builds
if [[ "$configuration" == "Release" ]] then
developer_id=$(cat ../../developer_id.txt)
echo "Signing $vst3_buildfile as $developer_id"
codesign --deep --force --verify --verbose --options runtime --sign "$developer_id" --arch $arch $vst3_buildfile --timestamp
# Validate signing
codesign -d --deep -vvv $vst3_buildfile
echo "Signing $au_buildfile as $developer_id"
codesign --deep --force --verify --verbose --options runtime --sign "$developer_id" --arch $arch $au_buildfile --timestamp
# Validate signing
codesign -d --deep -vvv $au_buildfile
fi
echo Copying $vst3_buildfile to $vst3_targetdir
sudo cp -Rp $vst3_buildfile $vst3_targetdir
# Delete symbolic link to VST3 created during build
vst3_linkdir=~/Library/Audio/Plug-Ins/VST3/
vst3_linkfile=${vst3_linkdir}$vst3file
echo "Deleting symbolic link $vst3_linkfile"
rm -R $vst3_linkfile
echo Copying $au_buildfile to $au_targetdir
sudo cp -Rp $au_buildfile $au_targetdir
echo "Waiting for 6 seconds for file copy to complete prior to AU validation..."
read -t 6
auval -v $plugintype $pluginsubtype $pluginmanufacturer
...
Zip up the VST3 or AU plugin, then submit the zip file for notarization:
archivefile=$1
keychain_profile=$(cat keychain-profile.txt)
echo Notarizing artefacts present in ${archivefile}...
xcrun notarytool submit $archivefile --keychain-profile "$keychain_profile" --wait
Then, according to my findings at least, the notarized zip file needs to be unzipped, the plugin "stapled", then, if you wish to distribute it as a zip file, zipped back up again. The for loop is present in my script because I have multiple plugins in the zip file which was submitted for notarization:
pushd $(dirname ${archivefile})
zipdirname=$(basename $archivefile)
zipdirname="${zipdirname%.*}"
unzip -q ${archivefile} -d $zipdirname
for file in "${zipdirname}"/*
do
xcrun stapler staple $file
done
echo Rebuilding $archivefile with stapled and validated artefacts...
pushd $zipdirname
zip -rq $archivefile *
popd
rm -Rf $zipdirname
The zip file created from this process can be hosted on the Internet, and any user can download it, unpack it & load the plugins without any security prompts being raised.
It may seem a bit cumbersome having to unzip the notarized archive, staple each individual plugin, then zip them up again, and it's possible that this process could be done more efficiently, but I struggled to find other MacOS users who were willing to put in any time to help me to test this. The above process does however work for me, and so I consider it good enough, for now at least...
Sources:
Most Users Ever Online: 294
Currently Online:
3 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chaes: 56
Skyler: 48
StevieD: 46
Derek: 46
Frodson: 45
Peter: 43
TheSmile: 43
Nickolai: 43
clau_ste: 39
jeanlecode: 37
Member Stats:
Guest Posters: 2
Members: 795
Moderators: 1
Admins: 6
Forum Stats:
Groups: 13
Forums: 42
Topics: 862
Posts: 3400
Newest Members:
AP, Liv, Wojciech Jakóbczyk, markb, marcTark, Jon_1, John Thursday, JK, kyrandian, F_MarchalModerators: W Pirkle: 706