Build and notarize an installer for multiple DAW plugin formats

build_mac_plugin_installer.sh

#!/bin/bash -e

# REQUIREMENTS
#   * jq - Used to extract values from notary service JSON responses
#   * curl - Used to query notary service

signing_identity="Developer ID Installer: Your Name (ID)"
username="user@example.com"
password="@keychain:where-you-stored-your-app-specific-password"
output_dir=~/your_output_directory

# CREATE distribution.xml IN THE DIRECTORY WHERE THIS SCRIPT RUNS
# HERE IS A TEMPLATE:

# <?xml version="1.0" encoding="utf-8"?>
# <installer-gui-script minSpecVersion="1">
#     <title>Your Installer Title</title>

#     <pkg-ref id="com.YourCompany.YourPlugin.component" />
#     <pkg-ref id="com.YourCompany.YourPlugin.vst3" />

#     <options require-scripts="false" customize="always" />

#     <choices-outline>
#         <line choice="com.YourCompany.YourPlugin.component" />
#         <line choice="com.YourCompany.YourPlugin.vst3" />
#     </choices-outline>
    
#     <choice id="com.YourCompany.YourPlugin.component" visible="true" start_selected="true" title="Audio Unit (for Logic, Garageband, etc.)">
#         <pkg-ref id="com.YourCompany.YourPlugin.component" />
#     </choice>
#     <pkg-ref id="com.YourCompany.YourPlugin.component" onConclusion="none">YourPlugin.component.pkg</pkg-ref>
    
#     <choice id="com.YourCompany.YourPlugin.vst3" visible="true" start_selected="true" title="VST3 (for other DAWs)">
#         <pkg-ref id="com.YourCompany.YourPlugin.vst3" />
#     </choice>
#     <pkg-ref id="com.YourCompany.YourPlugin.vst3" onConclusion="none">YourPlugin.vst3.pkg</pkg-ref>
# </installer-gui-script>

mkdir $output_dir/packages || echo "..."

# BUILD INDIVIDUAL PLUGIN PACKAGES

pkgbuild \
    --component ~/Library/Audio/Plug-Ins/Components/YourPlugin.component \
    --install-location '/Library/Audio/Plug-Ins/Components' \
    $output_dir/packages/YourPlugin.component.pkg

pkgbuild \
    --component ~/Library/Audio/Plug-Ins/VST3/YourPlugin.vst3 \
    --install-location '/Library/Audio/Plug-Ins/VST3' \
    $output_dir/packages/YourPlugin.vst3.pkg

# BUILD THE UNIFIED INSTALLER

productbuild \
    --distribution ./distribution.xml \
    --package-path $output_dir/packages \
    --scripts ./scripts \
    --sign "$signing_identity" \
    --timestamp \
    $output_dir/YourPlugin.pkg

# NOTARIZE IT

notarize_upload=$(xcrun altool --notarize-app \
    --primary-bundle-id com.YourCompany.YourPlugin \
    -u $username \
    -p $password \
    --output-format json \
    -f $output_dir/YourPlugin.pkg)

# GET THE UUID OF THE NOTARIZATION REQUEST

uuid=$(echo $notarize_upload | jq -r '.["notarization-upload"]'.RequestUUID)

echo "Uploaded. Request UUID: $uuid"

# POLL FOR THE STATUS OF YOUR NOTARIZATION REQUEST

status='in progress'
while [ "$status" = 'in progress' ]
do
    echo "Polling notary server in 10s..."
    sleep 10
    notarize_info=$(xcrun altool \
        --notarization-info $uuid \
        -u $username \
        -p $password \
        --output-format json)
    status=$(echo $notarize_info | jq -r '.["notarization-info"].Status')
done

# GET AND PRINT THE NOTARY SERVICE LOG OUTPUT

# NOTE: Sometimes when the script succeeds,
#   there may be other problems which prevent users from using the pkg.
#   The warnings in the notary service log may tell you about them.

log_url=$(echo $notarize_info | jq -r '.["notarization-info"].LogFileURL')

echo "Printing notary log output..."

curl $log_url
echo ""

# BAIL OUT IF NOTARIZATION FAILS

if [ $status != 'success' ]; then
    echo "ERROR: Notarization failed with status: $status"
    echo $notarize_info
    exit 1
fi

# SUCCESS! STAPLE THE THE NOTARIZATION TICKET

echo "Notarization succeeded. Attempting to staple ticket.."

xcrun stapler staple -v $output_dir/YourPlugin.pkg

# SUCCESS AGAIN! VALIDATE THE RESULTING NOTARIZED PKG

echo "Stapling ticket succeeded. Validating installer pkg..."

spctl -a -vvv -t install $output_dir/YourPlugin.pkg