No matter what https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html says, it seems the DMG images cannot be processed with productsign. It gives an error, plus the documentation of productsign doesn't mention DMG files at all, plus every resource I can find suggests that DMG files should be signed with the App cert, not the Installer one, and productsign flatly refuses to accept that cert.
Did any of you successfully notarize a DMG? Or you all went the PKG route? For twenty years or so my plugin has been simply installed by dragging it into the appropriate folder. Is this not viable any more?
(And while we're at it, if someone at Adobe could find the time to fix it, the codesign command segfaults unless --timestamp=none is also provided, at least on Catalina. The bug is discussed on the web in many places).
Besides, sorry, about codesign: the --sign argument has to be provided the last in the command line. It doesn't work otherwise. MacOS singing commands are full of bugs...
OK. Please, Adobe, could you fix the description? "Certification generation process" 1. Steps 7 and 8 are only required if you use a .pkg installer. "Notarization steps for .pkg or .dmg files" 1. The timestamp=none was false alarm, sorry. It's not needed, actually, it causes to notarization to fail if included. But the --sign has to go to the end for sure. Also, please, include a small description like this: "The string you need to pass to the --sign argument is the Common Name of the certificate you use. You don't need to copy the entire string, it's enough to include as many characters as necessary to identify it uniquely in your keychain." 2. Steps 4 and 5 are only required for .pkg files. If you have a .dmg, skip this. In the case of .dmg, you upload that for notarization in step 6. 3. You might mention in step 7 that if you receive anything but a success message, visit the LogFileURL displayed to find out the cause.
4
Replies
AdChoices