Skip to content

Notarization Guide

p0nce edited this page Nov 28, 2023 · 18 revisions

This is a tutorial to explain how to notarize your macOS installer.
Important: In order to notarize your software for macOS distribution, you need to have an installer in the first place.

Step 1

You can only notarize plug-ins that have been codesigned with an Apple certificate.

See the Dplug Installer Guide for how to codesign plug-ins and get these certificates.

Step 2

Create app-specific passwords for altool and stapler. Add these passwords to your keychain.

Follow this tutorial below:

Step 3

Add 3 keys to your plugin.json.

  • vendorAppleID is your Apple ID identifier, used for notarization services:
  • appSpecificPassword-altool is the App Specific Password created with the method in Step 3, for altool.
  • (deprecated) appSpecificPassword-stapler is the App Specific Password created with the method in Step 3, for stapler. The two passwords can eventually be the same if configured that way.

Example:

    "vendorAppleID": "[email protected]",
    "appSpecificPassword-altool": "zegz-tyui-azpr-soln"

Alternatively, you can use a single "keychainProfile-osx" key in you plugin.json that replaces the above 3 keys. This will use the --keychain-profile flag.

Step 4

Build your Mac plug-ins normally with dplug-build, using both the --installer and --notarize switches.

REQUIREMENTS

Notarization requires at a minimum:

  • Xcode 10 or superior,
  • Dplug v9.0.2 or superior,
  • PACE Eden Tool v5 or superior (if you want AAX support).

References: