Skip to content

13_00_code_signing

Purpose

Firmar el plugin para evitar "unsigned developer" warnings en macOS/Windows.

Week 11 Deliverables

Must Have

  • Apple Developer account ($99/year)
  • Windows code signing cert (optional para MVP)
  • Notarization automatizada (macOS)

File Structure

certificates/
  ├── apple_dev_id.cer       # Developer ID Application
  └── provisioning_profile/
scripts/
  ├── sign_mac.sh            # Codesign + notarize
  └── sign_windows.bat       # SignTool (optional)
entitlements/
  └── plugin.entitlements    # macOS permissions

macOS Code Signing

# 1. Sign VST3/AU
codesign --force --sign "Developer ID Application: Your Name" \
  --options runtime \
  --entitlements plugin.entitlements \
  TapeLooper.vst3

# 2. Create DMG
hdiutil create -volname "Tape Looper" -srcfolder ./Build -ov TapeLooper.dmg

# 3. Sign DMG
codesign --force --sign "Developer ID Application: Your Name" TapeLooper.dmg

# 4. Notarize
xcrun notarytool submit TapeLooper.dmg \
  --apple-id your@email.com \
  --team-id TEAMID \
  --password app-specific-password \
  --wait

# 5. Staple
xcrun stapler staple TapeLooper.dmg

Windows Code Signing (Optional para MVP)

# Si tienes budget: EV Code Signing cert ($300-500/year)
signtool sign /f cert.pfx /p password /tr http://timestamp.digicert.com TapeLooper.vst3

Success Criteria

  • macOS: No "unidentified developer" warning
  • Windows: No SmartScreen warning (si firmado)
  • Plugin verifiable: codesign --verify --deep --strict TapeLooper.vst3

Notes

  • macOS es CRÍTICO - sin esto, users no pueden instalar fácil
  • Windows signing es OPCIONAL para MVP (caro)
  • Considerar usar installers (PKG/MSI) pre-firmados