How do I properly code sign an Audio Server PlugIn?

And indeed the _CodeSignature/CodeResources file inside my driver
did not have an entry for the binary.

That’s normal. If your code is packaged within a bundle then the signature for the bundle as a whole is actually held in the code itself. The _CodeSignature/CodeResources file contains hashes for the non-code files. The hash of that file is then rolled into the code directory which is stored within the code’s signature.

It works fine on my development machine. Now I want to distribute it
with the rest of our app.

When you build it for local testing, how it is signed? Specifically, what does this return:

Code Block  
% codesign -d --entitlements :- -vvv /path/to/your.bundle

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This is the output:

Code Block Identifier=com.teamviewer.remoteaudiodriver
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20400 size=996 flags=0x0(none) hashes=24+3 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=d83384726d17e69c79a535ccc8d9e85c1d03d9b8
CandidateCDHashFull sha256=d83384726d17e69c79a535ccc8d9e85c1d03d9b882f95b4f6b65462a1a69725a
Hash choices=sha256
CMSDigest=d83384726d17e69c79a535ccc8d9e85c1d03d9b882f95b4f6b65462a1a69725a
CMSDigestType=2
CDHash=d83384726d17e69c79a535ccc8d9e85c1d03d9b8
Signature size=9101
Authority=Apple Development: schmitt@teamviewer.com (G76JWMDJNT)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Timestamp=24. Mar 2021 at 00:40:32
Info.plist entries=22
TeamIdentifier=LM497G94SC
Sealed Resources version=2 rules=13 files=2
Internal requirements count=1 size=204

This is the SampleCode https://developer.apple.com/documentation/coreaudio/creating_an_audio_server_driver_plug-in
which I used to start our project

This is the SampleCode

Thanks for that.

This is the output:

And that too.

Combined, these confirm that your code is packaged as a bundle with no fancy bells and whistles.

For that I set up the CODE_SIGN_IDENTITY parameter for our Developer
ID Application certificate.

I recommend against tweaking your Xcode project like this. My general advice is that you leave your project configured to use your Apple Development signing identity and then use Xcode’s Product > Archive action. This creates an Xcode archive that you can distribute from.

Unfortunately the Xcode Organizer is not capable of exporting a bundle from an Xcode archive, so you’ll need to write a script to do that. That isn’t too onerous because you also need to create an installer package and then notarise everything, and the same script can do all three steps.

For advice on each of those steps, see my Signing a Mac Product For Distribution.

Once you have a Developer ID signed and notarised plug-in, you should retest with that. If it still fails then I recommend that you opened a DTS tech support incident so that one of my colleagues can dig into this (I know a lot about signing and notarisation but other folks in DTS handle audio stuff).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Finally I found my issue!
It was not on signing issues at all.

In release builds I generally set

Code Block 
GCC_SYMBOLS_PRIVATE_EXTERN = NO

But I forgot to flag all the exported functions with

Code Block 
__attribute__((visibility("default")))

Thanks for you help Quinn