Signing binaries bundled with default plugin to work on macOS

To implement default plugins support on the desktop app, we are bundling some plugins with the app.

In case of @JackGruber 's, Simple Backup plugin, there are unsigned 7zip binaries that are bundled with the plugin. And in order to use these binaries on macOS, they should be signed. If not signed, we get these errors.

To solve this, I could find 3 options:

  1. Signing with Apple Developer ID, which is paid, if I am not wrong.
  2. Signing with open source tool like PGP or GPG.
  3. Avoiding bundling the binary for macOS

But after a bit of searching, I found that to pass Gatekeeper on macOS, we must have a code signing certificate, which is signed with your Apple Developer ID.

If you have any suggestions, please let me know.

Since I have 0 experience with Apple builds and use of a MAC (The last one I use is 8 Years ago).

  • Does the backup plugin when downloaded normally on MAC currently not work because of the same error?
  • Otherwise, why does the plugin with the binaries currently work on MAC without signing?

I don't have a mac either. I am mainly using Ubuntu.
If I have to guess, I would say its because user are chossing to install the plugin. But here, we are trying to auto-install Simple backup plugin and run the binaries.

So I don't see how I can help here. I think someone else must help here.
Since I'm not familiar with macOS and software development and I'm not likely to get an code signing certificate and a Apple Developer ID.

1 Like

No problem. But if we don't find any other solution to this, then maybe we can try avoiding bundling 7zip binary with the plugin by downloading it after the plugin gets installed. Not totally sure about this, though.

But it would be great if anyone can suggest something here.

I find this idea absolutely not great. If so, then a extra plugin release only for macOS default Plugin should be made. But then there is the problem that the plugin only works with internet access out of the box ...

1 Like

Do any of the other developers have a MAC and can support here?

For sure, it wouldn't be reasonable to expect developers to go through the horrendous Apple notarisation process, just for a plugin! We need to find a better solution.

In fact doesn't Node includes some ZIP-related utilities that could be used instead of bundling an executable?

There's also 7z-wasm which, if it works, would allow you to bundle just one package and in fact it should work more reliably on all platforms (since there's no need to worry about dependencies).