Security & Privacy issues

Mors

Everytime i test an exported plugin on Mac i get the security & privacy message that i need to allow the plugin before it can open, not that much of a big deal but how do you get past this?

Also does the same thing when i'm testing on different machines and downloading the files, i have to accept the download as it's seen as 'suspicious'.

d.healey

@Mors said in Security & Privacy issues:

how do you get past this?

You need to codesign and notarize the plugin.

aaronventure

Unsigned apps get assigned attributes that the Gatekeeper reads and it fires a warning when trying to launch it.

You should sign and notarize.

If you deploy a plugin in pkg, the plugins itself won't get any attributes assigned, but the pkg will.

You can clear any attributes using xattr -c in the terminal if you don't have a developer account. Then gatekeeper won't pick up anything.

iamlamprey

welcome to codesigning hell

Mors

@d-healey Any good websites/videos to show the process?

d.healey

@Mors

The first thing you need is an Apple developer account.

Here's Apple's guide for codesigning - https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW7

This for notarizing: https://www.kvraudio.com/forum/viewtopic.php?t=531663

I also have this video on Patreon - https://www.patreon.com/posts/osx-codesign-and-65785381

In it I show a script that does everything for you. However... don't use the script unless you know what it does, which means you need to learn how to do it manually first. Also the codesigning stage in that script is now out of date as we've changed from altool to the notary tool. You can look at the script though and follow it line by line like a set of instructions (because that's what it is).

Mors

@d-healey thank you! Am I right in thinking that that kvr audio link actually shows how to codesign AND notarise?

d.healey

@Mors Yep looks like it