Copy link to clipboard
Copied
Hi,
This may possibly be a beaten down question, but somehow I am not clear about what notarization means in context of InDesign Plugins.
From the link https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html, it appears that InDesign plugins need to be signed (and only signed) and the containing dmg/pkg needs to be both signed and notarized.
However, the above article seems to be confusingly worded. Specifically,
"Hence, there arises the need to notarize plugin installers/binaries even though InDesign plugins do not require any notarization or code sign."
What exactly is meant by "binaries" part in installers/binaries above? I have tried notarizing .InDesignPlugin extension files but they give error saying it is a directory and not an app.
Can I please get some clarification on this matter?
Also, I have noticed that .InDesignPlugin files get quarantined, which I believe happens if not signed. This is not necessarily due to notarization. Is that correct understanding?
Thanks,
Copy link to clipboard
Copied
Hi @asaxena,
So here is what I have understood based on my experimentations.
I hope this makes sense. These are my personal observations/inferences, I may be wrong on some points and am all ears to someone who wants to share their story.
P.S.:- I also concur that Adobe documentation would have been more helpful if they added some more explanation or context to it.
P.P.S:- Don't try too much time understanding whether this is needed or not, because I am quite sure Apple will sooner or later make it increasingly difficult to bypass this. So it's better to sign/notarise it and get it over with
-Manan
Copy link to clipboard
Copied
Hi @asaxena ,
I'm curious if you received an answer that satisfies your question. I'm running into similar confusion as to what exact steps are needed to notarize and sign multiple plug-ins that get zip'd for transfer to a customer. I've built and signed on one Mac and can use them on that Mac since they were signed using it. But when I copy them to another Mac through an internal connection, whether as plug-in or as a zip'd file containing the plug-in it complains that they aren't valid. While I've worked with InDesign plug-ins for quite a while it has primarily been using PCs and not as versed in necessary steps to do proper natorizing and signing for M1 Mac development using Xcode or command line functions. I've read the document you referenced but as you stated, "seems to be confusingly worded" and the things I've tried have not been successful.
I'm hoping you or someone else can offer a clearer step-by-step process of how to notarize and code sign plug-ins directly and/or the zip file in which they are placed for Macs in order to avoid being flagged for quarantine.
Looking forward to anyone's reply to this.
Thanks
Copy link to clipboard
Copied
Hi @bprieb,
Did you read my post above? That should clear out some confusion for you, if not then list specifically what aspects are unclear/confusing to you I will see if I know the answers to it else someone else would possibly chime in.
Now regarding the steps to use, I follow the following steps and it has not troubled me so far.
hdiutil create -srcFolder source MyPlugin.dmg
codesign --sign "Developer ID Application: <you full id>" --timestamp ./MyPlugin.dmg
xcrun altool --notarize-app --primary-bundle-id com.testplugin.xx --username <Username> --password <password> -f ./MyPlugin.dmg
xcrun stapler staple MyPlugin.dmg
This should give you the dmg that you can now ship to other MAC's and it should work fine without any warnings.
-Manan