I apologize if this has been covered -- with the new forum setup, searches for existing posts are nearly futile.
I write plugins for Illustrator. Some Mac users said that after installing macOS 10.15 Catalina, when launching Illustrator CC 2019 they would get errors stating that my plugins "cannot be opened because the developer cannot be verified." Can anybody please tell me what is the solution for this? Many thanks in advance!
All downloaded software in Catalina must be “notarized” by Apple - signed, uploaded, approved. This applies to apps and plugins alike. Welcome to the future of software development.
Awesome screen name!
Thanks, I had a feeling it had much to do with notarizing (and thus the Gatekeeper per Monika) or at least signing somehow. Unfortunately, notarizing requires Xcode 10 or above and since I use Hot Door's CORE libraries, I can't use Xcode above 9.4.1, and have to wait/hope for an update that addresses this. Thanks for putting me on the right path!
Certainly xcode 10 is needed and certainly there will be no updates to xcode 9. However, you do not need to build with xcode 10. It includes command line tools (including "altool") that can drive the notarization process for binaries you already made.
Ah, this may be a game changer! I apologize for the ambiguity, I meant an update to CORE, which typically happens a few weeks after each new release of Illustrator. Thanks for pointing me in the right direction!
I'd like to ask for a bit more guidance, if I may -- writing Illustrator plugins is a bit different from writing apps, which is addressed everywhere else on the web. Would I need a separate app-specific password for each plugin I write, or will one password work for all of them? The CORE way of compiling plugins creates a separate build for each version of Illustrator (so CS6 through CC 2019 makes 8 variations for Mac alone). I presume I'll need to notarize each version as well as each minor update as they occur. Thanks!
In Catalina, Xcode code signing is no longer optional, but it's not as easy as Apple's developer site would have us believe, likely because we're not creating iPhone apps. Surely many others here have figured this out. Any help would ve very much appreciated!
Must I subscribe to the Apple Developer paid membership program? I have been registered as an Apple developer for over 20 years but never a need for the paid program.
In Xcode Preferences > Accounts:
In my project:
Once I can build a signed plugin, then I'll move on to notarizing.
Key points include
- yes, you must join the paid for developer program in order to be able to add the kind of signature needed to prepare for notarization; the kind of free signature needed formerly to pass gatekeeper is no use. There are high standards of proving your identity, so Apple aren't just notarizing for people with unproven identity.
- there are very specific standards needed to prepare for notarization as to SDK level, entitlements and more
- no idea what the reference to "app password" is
- if you don't use xcode 10 but have a lot of notarizations to manage it may be worth investing a few weeks in a system to track, log, etc the command line process. I did (but cannot share further details). I create a different kind of Adobe product plug-in.
Very little of what you need to do is specific to creating Illustrator plug-ins, I recommend an Apple Developer forum if you need help.
One more thing, then I pretty much have to give up this thread.
Pay VERY close attention to ALL the requirements in the document I linked to (e.g. SDK level, entitlement, signature type). Apple relaxed some requirements but only for a few months. If you muddle through rather than meeting all the requirements, you will hit a wall when they remove the relaxation, and still find yourself with weeks of study and frustration all over again... https://developer.apple.com/news/?id=09032019a
Thanks for the info! Knowing I need the paid Apple Developer membership is essential.
The app-specific password I mentioned is described here: https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_...
Maybe having the paid developer membership gives another Apple ID to which to add the app-specific password, one that's separate from the one I use to buy my personal music and HBO subscriptions, etc. That part just seems weird.
In Xcode under Signing > Code Signing Identity is a popup with at least 9 options. Only "Don't Code Sign" allows a successful build, but of course breaks under Catalina. Even narrowing the choice to either the Automatic or Keychain groups would be helpful.
I hope this will be covered in more detail in the final SDK for the next release of Illustrator.
For users, a more secure environment is great, but for a small developer with a full-time job along with freelance, this is a formidable hurdle. Thank you for providing some clarity and direction, for me as well as for many others!
Ah, "app specific password" is not a specific password for each of the apps you make, or even for each of the apps you run. This is a security method that I see a number of companies using.
The idea is this: your login password is important and secret, and needs to be protected. So you can't use it in insecure ways (like putting it in a script). So how to use the service which needs a password? You apply for a special password which allows you to use it in this particular context. The "app" here can be thought of as altool, if that helps.
Signing should work, and you're going to need to solve this. However, if you are going to work with xcode 9, you will probably need to sign at command line level, and using the new signature you'll get from Apple.