Struggling to Notarize a JUCE Plugin Installer

Hi there, I've been working on a JUCE audio plugin project and have created an installer for the demo to release to the public outside of the App Store.

I have built the various forms of the plugin in Xcode (standalone, AU, vst3) and have the automatic signing set up with a Developer ID Application certificate. I have been using WhiteBox Packages to create the installer to install the AU component and the vst3 on a user's computer. I can successfully sign the installer with a Developer ID Installer certificate but when I submit it for notarization, the status returns as "invalid". When looking at the Notarytool log, it says that the binary is not signed with a valid Developer ID certificate for all versions of the plugin (for AU & vst3, and both architectures, arm64 & x86_64, as well).

I can use codesign and pkgutil to confirm that the files and installer are both signed including the contents within both the AU and vst3 bundles, but the notarization still fails. I have tried to notarize just a zipped version of the plugin but that fails too. In the Customizing The Notarization Workflow documentation, it is mentioned that custom third-party installers need two rounds of notarization. I'm assuming Packages is a custom third-party installer but I don't see how two rounds of notarization is possible when I can't even notarize a zipped version of the plugin.

I am still new to Xcode and Apple Developer so there is a possibility that it's something I missed or didn't do. I've read through quite a few other posts on both this forum and the JUCE forum about similar problems but I haven't found a solution that has worked so if anyone has any ideas on how to potentially get my installer notarized, I'd greatly appreciate the advice. Thanks.

I have tried to notarize just a zipped version of the plugin but that fails too.

This is an important diagnostic test, because it rules out all the complications of your installer. The notary service is not happy with your code for some reason. So, let’s fix that before you deal with the installer.

When you tried to notary your zip archive, what errors did the notary log report?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This is the output of the Notary Log Report

  "logFormatVersion": 1,
  "jobId": "2a30b849-cc09-4d1d-b29f-092c2b230bc0",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip",
  "uploadDate": "2024-08-10T01:45:51.207Z",
  "sha256": "1ec7c7d8ce4ce7c96ce03a60a07433cbf83124ba6ae6021f42524849cc6dc90a",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip/TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive/Products/Users/NAME/Library/Audio/
Plug-Ins/VST3/TradeMarkEQ.vst3/Contents/MacOS/TradeMarkEQ",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/
resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip/TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive/Products/Users/NAME/Library/Audio/Plug-Ins/VST3/TradeMarkEQ.vst3/
Contents/MacOS/TradeMarkEQ",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/
resolving_common_notarization_issues#3087721",
      "architecture": "arm64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip/TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive/Products/Users/NAME/Library/Audio/Plug-Ins/Components/TradeMarkEQ.component/
Contents/MacOS/TradeMarkEQ",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/
resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip/TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive/Products/Users/NAME/Library/Audio/Plug-Ins/Components/TradeMarkEQ.component/
Contents/MacOS/TradeMarkEQ",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/
resolving_common_notarization_issues#3087721",
      "architecture": "arm64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip/TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive/Products/Applications/TradeMarkEQ.app/Contents/MacOS/TradeMarkEQ",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/
resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive.zip/TradeMarkEQ - All 8-9-24, 8.42\u202fPM.xcarchive/Products/Applications/TradeMarkEQ.app/Contents/MacOS/TradeMarkEQ",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/
resolving_common_notarization_issues#3087721",
      "architecture": "arm64"
    }
  ]
}

When I check the signatures for the plugin via codesign -vvv --deep --strict MyApp.app, it says it's valid.

/Users/NAME/tmprogramming/TradeMarkEQ/Builds/MacOSX/build/TradeMarkEQ - All 2024-08-09 20-42-47/TradeMarkEQ - All 8-9-24, 8.42 PM.xcarchive/Products/Users/NAME/Library/Audio/Plug-Ins/Components/TradeMarkEQ.component/Contents/MacOS/TradeMarkEQ: valid on disk
/Users/NAME/tmprogramming/TradeMarkEQ/Builds/MacOSX/build/TradeMarkEQ - All 2024-08-09 20-42-47/TradeMarkEQ - All 8-9-24, 8.42 PM.xcarchive/Products/Users/NAME/Library/Audio/Plug-Ins/Components/TradeMarkEQ.component/Contents/MacOS/TradeMarkEQ: satisfies its Designated Requirement
Struggling to Notarize a JUCE Plugin Installer
 
 
Q