Notarizing Adobe InDesign Plugins

Explorer ,
Apr 29, 2022 Apr 29, 2022

Copy link to clipboard

Copied

Hi,

 

This may possibly be a beaten down question, but somehow I am not clear about what notarization means in context of InDesign Plugins.

 

From the link https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html, it appears that InDesign plugins need to be signed (and only signed) and the containing dmg/pkg needs to be both signed and notarized.

 

However, the above article seems to be confusingly worded. Specifically,

"Hence, there arises the need to notarize plugin installers/binaries even though InDesign plugins do not require any notarization or code sign."

 

What exactly is meant by "binaries" part in installers/binaries above? I have tried notarizing .InDesignPlugin extension files but they give error saying it is a directory and not an app.

Can I please get some clarification on this matter?

 

Also, I have noticed that .InDesignPlugin files get quarantined, which I believe happens if not signed. This is not necessarily due to notarization. Is that correct understanding?

 

Thanks,

TOPICS
How to , SDK

Views

95

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 29, 2022 Apr 29, 2022

Copy link to clipboard

Copied

LATEST

Hi @asaxena,

So here is what I have understood based on my experimentations.

  • Notarisation is done to avoid getting the file getting quaratined(which is just a file attribute) when the file is downloaded from the internet.
  • So if a file is not notarised it is quarantined when you download it and then all sorts of issues popup with the Gatekeeper.
  • InDesign plugins don't need to be signed per se(I have not been able to test it to be totally sure). Since the normal mode of transferring the file from one machine to another is via the network/browser download it gets quarantined if not notarised.
  • If you use something like curl to transfer the plugin from one machine to another, you should be able to run your unsigned plugin as well. Although I have not tried this due to limited availiblity of no. of MAC's to me.
  • Notarisation can only be done on a signed entity
  • So now you sign the plugin, but notarisation can't be done on folder it can only be done on pkg, dmg or zip's. So in turn you create one of these. Barring zip you again will have to sign it before notarisation and for that you use a different signing certificate.
  • So the crux is everything inside the pkg, dmg, zip needs to be signed. Then the pkg, dmg needs to be signed and then they are notarised to bypass the Gatekeeper check.
  • Signing is needed because notarisation can't proceed without it.
  • If you want to avoid all this rigmarole of signing/notarisation avoid using browsers to download your installers/plugins and you should be good.

I hope this makes sense. These are my personal observations/inferences, I may be wrong on some points and am all ears to someone who wants to share their story.

P.S.:- I also concur that Adobe documentation would have been more helpful if they added some more explanation or context to it.

P.P.S:- Don't try too much time understanding whether this is needed or not, because I am quite sure Apple will sooner or later make it increasingly difficult to bypass this. So it's better to sign/notarise it and get it over with

-Manan

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines