Copy link to clipboard
Copied
Hi All,
We have compiled plug-ins on MAC OS 10.13.6(macOS High Sierra) for Indesign CC2019 and we distribute this set of plug-ins to our client. But some clients facing issue while using this set of plug-ins on MAc OS 10.15.xx (Catalina). They all are gtting an error message "xxx.IndesignPlugin cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware." on loading of InDesgin CC2019 application.
For this issue we have found a post on adobe forum. In this post we have found that, we need to Notarized our plug-ins before distributing to client.
We also followed some steps mentioned on apple support site to notarized plug-ins, but no luck.
Has anyone tried this. If anyone facing same issue and able to successfully notarized indesign plug-in please do let us know.
Thanks in advanced.
Siddhesh
For a quick workaround during development of plugins, you could un-quarantine the file and InDesign should load them correctly, details here https://helpx.adobe.com/in/indesign/kb/indesign-and-macos-catalina.html
sudo xattr -r -d com.apple.quarantine MyCustomPluginName.InDesignPlugin
However this manual approach to un-quarantine binaries is not the best solution when distributing your plugin to customers. Instead, a proper notarization of your plugin binaries/installer is required as described
...Copy link to clipboard
Copied
This guide here should be helpful https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html
Copy link to clipboard
Copied
Hi Alo_Lohrii,
Just a quick question, as mentioned in the example you shared, will the codesign of the plugin file needed now for Catalina or not?
Since its mentioned in the link that hardened runtime entitlement is enabled in InDesign, then is the codesign command actually needed or not. I know i could verify all this at my end, if you have a answer right away that would save me some time. Just being a bit lazy 🙂
-Manan
Copy link to clipboard
Copied
@Manan all binaries needs to be code signed first, otherwise the last notarization steps won't accept the package
Copy link to clipboard
Copied
Hi SiddheshK09,
If even copying and pasting the plugin does not make it run then it seems that you would need to codesign it as well, as per the sample given in the link shared by Alo_Lohrii. You could try signing your plugin and not notarizing it as it should be needed and then see what happens, looking at the error it seems this should work.
-Manan
Copy link to clipboard
Copied
For a quick workaround during development of plugins, you could un-quarantine the file and InDesign should load them correctly, details here https://helpx.adobe.com/in/indesign/kb/indesign-and-macos-catalina.html
sudo xattr -r -d com.apple.quarantine MyCustomPluginName.InDesignPlugin
However this manual approach to un-quarantine binaries is not the best solution when distributing your plugin to customers. Instead, a proper notarization of your plugin binaries/installer is required as described here https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html
Copy link to clipboard
Copied
Hi Alo_Lohrii,
Thank for the reply. Now, I'm able to successfully notarized test plug-in using notarization steps mentioned in the above adobe help link. But I have signed my code using xcode 10 instead of command.
I have one query that, do we need to notarize third party libraries like "openssl", if we used it in our plug-in?
Thanks & Regards,
Siddhesh
Copy link to clipboard
Copied
Yes, all third party binaries needs to be notarized too if not already notarised by the third party binary provider. If not notarized, your call to the third party framework will also fail to execute with similar message as in when trying to load an un-notarized InDesign plugin.
Copy link to clipboard
Copied
(From experience with Acrobat plug-ins, not InDesign plug-ins). Plug-ins need to be notarized. Notatizing is not the same as signing (though it starts with signing). If you can't notarize a plug-in you may need help from Apple, but note that "stapling" will always fail because there is no recognised executable. The notarization is still valid so long as the computer is online. Read notarization reports in detail, and carefully, it may take weeks to track down all the different things you need to solve.
Copy link to clipboard
Copied
The question of whether third party libraries need to be signed is an interesting one. In general they cannot be pre-signed (though this would be useful for authenticity checking) since (as I understand it) most apps require loadable modules to have a matching signature (has to be disabled to load plug-ins!) I sign the third party libraries which I include in the Frameworks of my plug-ins. If you find out any different requirements, I'd like to hear about it.
Copy link to clipboard
Copied
Hi,
I'm using OpenSSl libraries in my project and I have to signed these libraries for mac os Catalina and above versions. Do have any idea about signing process/steps? If yes please do let me know.
Thanks in advanced.
Siddhesh
Copy link to clipboard
Copied
Signing is not enough. You need to notarize, which includes signing but is much more. XCode 10 and above integrate notararizaton into builds. You need a paid-for Apple developer membership.
Copy link to clipboard
Copied
Thanks for the reply. We have Apple developer membership and I know notarization and signing process for InDesign plug-ins. But I also want to know signing process for OpenSSL libraries(third party libraries).
Copy link to clipboard
Copied
The third party libraries are inside your plugin bundle and signed along with everything else. It is a little counterintitive but you sign third party libraries with your own signature, because the signature needs to match on everything inside a notarized bundle.
Copy link to clipboard
Copied
If you use the third-party library it should be easy to codesign it as it will be compiled along with your code and so signed as well in the same way as you have been doing right from the XCode build no extra steps needed.
-Manan
Copy link to clipboard
Copied
Thanks for the reply. I tried the same steps but getting error while notarizing, for OpenSSL libraries. I will re-check all the build setting and try again.
Siddhesh
Copy link to clipboard
Copied
Some time back I created a project that used a library that depended upon Openssl, I compiled these libraries as static libraries and used them. Notarization did not have any issues as far as I can remember(it was a combined job with one other developer at a different location who happened to be the client as well :))
So in my experience notarization should not have an issue
-Manan