• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Notarizing and Signing Mac plugins for release? (SDK)

Engaged ,
Oct 14, 2024 Oct 14, 2024

Copy link to clipboard

Copied

Hi gang;

 

I am primarily a Windows developer and I have released a few AE plugins in the past. 

 

For those that I also released Mac versions for, I purchased a second-hand Mac, setup XCode and compiled my plugins. I released them like that and never really had any issues from Mac users about notarization since I suppose it's pretty common to allow un-notarized apps to run on Mac.

 

I now see in this update: https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution that all plugins must now be notarized before release. I guess this means now adding an extra step. My understanding is that it involves running the notarization tool locally. Is that correct? Is this a required step for plugins that you want to upload to the app store or is it also required for someone like myself that simply wants to distribute them online?

 

Next, I see that all Apple software also now needs to be signed. I see that here: https://support.apple.com/en-ca/guide/security/sec3ad8e6e53/web It seems this is for both software intended for the app store and outside of it, is that correct? And upon further reading, it says in order to sign you must pay a yearly fee of $99: "These certificates can only be obtained by joining the Apple Developer Program, which costs $99 per year." 

 

So just to be perfectly and 100% clear:

 

To release my plugins for Windows, I simply compile them and release.

 

To release my plugins for Mac, I need to compile them. Then notarize them with the notarization tool which I need to download. Then make an account and purchase a Mac developer certificated for $99 every year. Then sign the plugins following these steps: https://sslinsights.com/how-to-use-code-signing-in-macos/ 

 

If someone who knows the Mac process could confirm this, I would appreciate it. If this is really the required process for releasing Apple software, unfortunately I'm going to dump Mac support as I'm not really interested in wasting time and resources as well as jumping through hoops for Apple.

 

Thanks,

-Richard

TOPICS
SDK

Views

211

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Participant , Oct 14, 2024 Oct 14, 2024

Hi Richard,

 

Yes, you’ll need to do the following to distribute your Mac plugins:

 

1) Get a $99 Apple Developer account.

 

2) Sign your plugins. You’ll set this up once, and Xcode will handle it automatically from then on.

 

3) Notarize your plugins using Apple’s notarization tool. It’ll probably take you a couple of hours do this the first time, just to get familiar with the process. After that it’ll take about 10 minutes of your time whenever you’re ready to distribute a new version.

 

The steps above

...

Votes

Translate

Translate
Community Expert ,
Oct 14, 2024 Oct 14, 2024

Copy link to clipboard

Copied

I don't remember all the details, but in the past you could just ship your compiled mac plugin as is, then apple started blocking unsigned components, but the user could opt to install unsigned compoenents when prompted. then apple stepped it up a notch, and removed the prompt. it was then possible to install unsigned components only by explicitly allowing that in the system settings.

this is where my memory get a bit hazy, but i think apple has removed that option as well.

 

anyhow, now all plug-in vendors need to have their software signed.

since the process is a 3 parter, where you need to :
1. sign the compiled component within xcode.

2. upload the code for notorization.

3. staple (yes, staple) the gotten certificate to your component.

i set up a bash script to automate it all.

 

on windows you sign the installer file. on mac i think (if i reacll correctly) that you sign the component, and not the installer itself...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 30, 2024 Dec 30, 2024

Copy link to clipboard

Copied

LATEST

I had a similar process but now stapler says: 
Stapler is incapable of working with After Effects Format Plug-in files. 

This process worked wonderfully for me in the past so I'm not sure what has changed. 

ALSO I was going to upload my own scripts to Github to share with others - if you'd like to compare notes and see if maybe you thought of some things I did not or vice-versa, I'm always down to collaborate to help others. I've navigated a lot of code-signing/similar processes in my career and Apple's is by far the most opaque and maddening.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 14, 2024 Oct 14, 2024

Copy link to clipboard

Copied

Hi Richard,

 

Yes, you’ll need to do the following to distribute your Mac plugins:

 

1) Get a $99 Apple Developer account.

 

2) Sign your plugins. You’ll set this up once, and Xcode will handle it automatically from then on.

 

3) Notarize your plugins using Apple’s notarization tool. It’ll probably take you a couple of hours do this the first time, just to get familiar with the process. After that it’ll take about 10 minutes of your time whenever you’re ready to distribute a new version.

 

The steps above are not technically required. However, they are highly recommended. If you distribute unnotarized plugins, then your customers won’t be able to use the plugins unless they know how to disable certain security features on the Mac. Most people don’t disable the security, so I think you would get a lot of tech support calls if you didn’t notarize.

 

The same rules apply no matter how the plugin is distributed, either through the App Store, or some other online distribution method. Basically, the Mac is checking all software for notarization, no matter how it was installed.

 

Yeah…I know it’s pain to do this the first time. However, it’s not too bad once you’ve done it a couple of times. Although this causes developers some extra work, I can see why Apple does it. It dramatically improves security on macOS.

 

Here’s a related thread that might help you get started with notarization:

 

https://community.adobe.com/t5/after-effects-discussions/notarizing-an-adobe-after-effect-c-plugin/m...

 

James

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 30, 2024 Dec 30, 2024

Copy link to clipboard

Copied

I built a set of shell scripts for exactly this (code signing, notarizing, and stapling the notarization to the ZIP to be distributed) and even distributed a few of our plugins with it.  Now when I try to notarize my plugins, the stapler executable returns a message about : 

`Stapler is incapable of working with After Effects Format Plug-in files.` 



Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines