Signing a plugin for distribution on macOS
hi
We are currently developing a plugin and encounter an issue when installing the plugin on some machines as the os sends us a "...can't be opened because Apple cannot check it for malicious software"
What is the best way to sign the plugin for distribution ? Has anyone encountered the issue ?
Matthieu
-
Matthieu Kopp Matthieu, this is a community support forum. There may be someone here who can assist you but I'd suggest opening a ticket directly with Capture One.
Jack W Is there a more appropriate place Mattieu can request assistance?
0 -
Hi. Thanks for answering. I finally found the answer myself. While Xcode cannot notarize such a bundle, it is possible to do it manually from the command line. After the notarization is done and the .coplugin is stapled it will install correctly.
Thanks.
Matt0 -
I am adding the required steps here, simply to facilitate the process in case someone run into the same issues. I hope it helps
Matt
---
Notarizing the plugin
We will do all the notarisation in the Terminal since Xcode cannot be used to notarize a Bundle. This is adapted from this article
* create app specific password for your AppleID = <app-password> (this is done on the appleid.com website. see https://support.apple.com/en-gb/102654)
* create the credentials
xcrun notarytool store-credentials "notarytool-password" --apple-id "your-apple-is" --team-id <your team id> --password <app-password>
* Zip your plugin to be able to submit it.
* submit to Apple and note the <id of submission>
xcrun notarytool submit <your zip file> --keychain-profile "notarytool-password"
* check the logs
xcrun notarytool log <id of submission> --keychain-profile "notarytool-password" developer_log.json
This will produce a developer_log.json file where you can see the progress and check if the notarisation is complete (it should be completed in a minute or under)
* once processed, staple the .coplugin file
xcrun stapler staple <your-plugin>
<your plugin> is the path of your .coplugin plugin (not the zip file)
This will add the staple into the .coplugin. The staple is used by Gatekeeper when there is no internet connection.
* check everything
codesign -dvv <your-plugin>
In my particular example (<your-plugin> = COPeaktoPlugin.coplugin) I get this
```
Executable=/Users/matthieu/Library/Developer/Xcode/Archives/2024-04-08/COPeaktoPlugin 08-04-2024, 15.44.xcarchive/Products/Library/CaptureOnePlugin/COPeaktoPlugin.coplugin/Contents/MacOS/COPeaktoPlugin
Identifier=io.cyme.COPeaktoPlugin
Format=bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20400 size=826 flags=0x0(none) hashes=19+3 location=embedded
Signature size=8957
Authority=Developer ID Application: CYME (xxxxx)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=8 Apr 2024 at 15:44:06
Notarization Ticket=stapled
Info.plist entries=24
TeamIdentifier=xxxx
Sealed Resources version=2 rules=13 files=2
Internal requirements count=1 size=216
```
1
Please sign in to leave a comment.
Comments
3 comments