Highlighted

Plugin notarization, again

New Here ,
Nov 04, 2020

Copy link to clipboard

Copied

No matter what https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html says, it seems the DMG images cannot be processed with productsign. It gives an error, plus the documentation of productsign doesn't mention DMG files at all, plus every resource I can find suggests that DMG files should be signed with the App cert, not the Installer one, and productsign flatly refuses to accept that cert.

 

Did any of you successfully notarize a DMG? Or you all went the PKG route? For twenty years or so my plugin has been simply installed by dragging it into the appropriate folder. Is this not viable any more?

 

(And while we're at it, if someone at Adobe could find the time to fix it, the codesign command segfaults unless --timestamp=none is also provided, at least on Catalina. The bug is discussed on the web in many places).

TOPICS
SDK

Views

67

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Plugin notarization, again

New Here ,
Nov 04, 2020

Copy link to clipboard

Copied

No matter what https://helpx.adobe.com/in/indesign/kb/indesign-plugin-notarization.html says, it seems the DMG images cannot be processed with productsign. It gives an error, plus the documentation of productsign doesn't mention DMG files at all, plus every resource I can find suggests that DMG files should be signed with the App cert, not the Installer one, and productsign flatly refuses to accept that cert.

 

Did any of you successfully notarize a DMG? Or you all went the PKG route? For twenty years or so my plugin has been simply installed by dragging it into the appropriate folder. Is this not viable any more?

 

(And while we're at it, if someone at Adobe could find the time to fix it, the codesign command segfaults unless --timestamp=none is also provided, at least on Catalina. The bug is discussed on the web in many places).

TOPICS
SDK

Views

68

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Nov 04, 2020 0
New Here ,
Nov 04, 2020

Copy link to clipboard

Copied

Besides, sorry, about codesign: the --sign argument has to be provided the last in the command line. It doesn't work otherwise. MacOS singing commands are full of bugs...

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 04, 2020 0
Advisor ,
Nov 04, 2020

Copy link to clipboard

Copied

Codesign of my CC2019 plug-ins worked from within 10.13, Xcode 9.3, no manual step after initial setup of certs.

I'd have to dig deep for more details.

 

For notorisation I succeeded with a zip of several plug-ins.

Xcode 11.7, separate Catalina VM

xcrun altool --notarize-app --type osx --primary-bundle-id "com.example.id" --username "user@example.com" --password "xxxx-xxxx-xxxx-xxxx" --file "example.zip"

That bundle ID is from the info.plist of one plug-in.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 04, 2020 0
New Here ,
Nov 04, 2020

Copy link to clipboard

Copied

Right now I'm experimenting, what I found is that items 4 and 5 are not required with a DMG. But the notarization still returns an invalid result.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 04, 2020 0
djgtram LATEST
New Here ,
Nov 04, 2020

Copy link to clipboard

Copied

OK. Please, Adobe, could you fix the description?
"Certification generation process"
1. Steps 7 and 8 are only required if you use a .pkg installer.
"Notarization steps for .pkg or .dmg files"
1. The timestamp=none was false alarm, sorry. It's not needed, actually, it causes to notarization to fail if included. But the --sign has to go to the end for sure. Also, please, include a small description like this:
"The string you need to pass to the --sign argument is the Common Name of the certificate you use. You don't need to copy the entire string, it's enough to include as many characters as necessary to identify it uniquely in your keychain."
2. Steps 4 and 5 are only required for .pkg files. If you have a .dmg, skip this. In the case of .dmg, you upload that for notarization in step 6.
3. You might mention in step 7 that if you receive anything but a success message, visit the LogFileURL displayed to find out the cause.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 04, 2020 0