Skip to main content

⚠️ Please note that this topic or post has been archived. The information contained here may no longer be accurate or up-to-date. ⚠️

Signing a plugin for distribution on macOS

Matthieu Kopp

hi

We are currently developing a plugin and encounter an issue when installing the plugin on some machines as the os sends us a "...can't be opened because Apple cannot check it for malicious software"

What is the best way to sign the plugin for distribution ? Has anyone encountered the issue ? 

Matthieu

0

Comments

3 comments

Date Votes
  • Matthieu Kopp

    I am adding the required steps here, simply to facilitate the process in case someone run into the same issues. I hope it helps

    Matt 

    ---

    Notarizing the plugin

    We will do all the notarisation in the Terminal since Xcode cannot be used to notarize a Bundle. This is adapted from this article

    * create app specific password for your AppleID = <app-password> (this is done on the appleid.com website. see https://support.apple.com/en-gb/102654)

    * create the credentials

     xcrun notarytool store-credentials "notarytool-password" --apple-id "your-apple-is" --team-id <your team id> --password <app-password>

    * Zip your plugin to be able to submit it.

    * submit to Apple and note the <id of submission>

        xcrun notarytool submit <your zip file> --keychain-profile "notarytool-password"    

    * check the logs

        xcrun notarytool log  <id of submission> --keychain-profile "notarytool-password" developer_log.json 

    This will produce a developer_log.json file where you can see the progress and check if the notarisation is complete (it should be completed in a minute or under)

    * once processed, staple the .coplugin file

        xcrun stapler staple <your-plugin> 

    <your plugin> is the path of your .coplugin plugin (not the zip file)

        This will add the staple into the .coplugin. The staple is used by Gatekeeper when there is no internet connection.

    * check everything

        codesign -dvv <your-plugin>

        

    In my particular example (<your-plugin> = COPeaktoPlugin.coplugin) I get this

    ```

    Executable=/Users/matthieu/Library/Developer/Xcode/Archives/2024-04-08/COPeaktoPlugin 08-04-2024, 15.44.xcarchive/Products/Library/CaptureOnePlugin/COPeaktoPlugin.coplugin/Contents/MacOS/COPeaktoPlugin

    Identifier=io.cyme.COPeaktoPlugin

    Format=bundle with Mach-O universal (x86_64 arm64)

    CodeDirectory v=20400 size=826 flags=0x0(none) hashes=19+3 location=embedded

    Signature size=8957

    Authority=Developer ID Application: CYME (xxxxx)

    Authority=Developer ID Certification Authority

    Authority=Apple Root CA

    Timestamp=8 Apr 2024 at 15:44:06

    Notarization Ticket=stapled

    Info.plist entries=24

    TeamIdentifier=xxxx

    Sealed Resources version=2 rules=13 files=2

    Internal requirements count=1 size=216

    ```

     

    1
  • Brian Jordan
    • Edited

    Matthieu Kopp Matthieu, this is a community support forum.  There may be someone here who can assist you but I'd suggest opening a ticket directly with Capture One. 

    Jack W Is there a more appropriate place Mattieu can request assistance?

    0
  • Matthieu Kopp

    Hi. Thanks for answering. I finally found the answer myself. While Xcode cannot notarize such a bundle, it is possible to do it manually from the command line. After the notarization is done and the .coplugin is stapled it will install correctly.
    Thanks.
    Matt

    0

Post is closed for comments.