ScriptMaster legacy information
The following is documentation in regards to generating custom plugins with ScriptMaster. As generating plugins is no longer a public facing feature, this is for legacy purposes only. If you are looking for the current ScriptMaster documentation, you can fine it here
Mac OS Catalina Changes
Mac OS Catalina (10.15 and later) have introduced a security requirement that requires all executable software to be Notarized by Apple in order to run. Notarization is fairly involved, and is well documented on Apple's developer pages.
This provides a good outline of Notarization: Notarizing Software Before Distribution
This shows how you can use the command line tools to notarize your plugins after you have made them: Customizing Notarization Workflow
Alternatively, if you want to run a plugin on Mac without notarizing it, you can disable the Mac OS Gatekeeper. You can disable Gatekeeper using the instructions here: Enable/Disable Gatekeeper
This does pose a security risk, and if you do decide to do this, it is best if you:
- Disable Gatekeeper
- Launch the plugin, this will "whitelist" it
- Re-enable Gatekeeper
Whitelisting the plugin will allow it to run after you have turned Gatekeeper back on.
Requirements starting in FileMaker 18
FileMaker 18 requires that all plugins come with a signature, which indicates that the software is valid, unchanged, and made by a certain developer. The default store version of ScriptMaster, which you can download at this page here, comes already signed by 360Works. So if you are strictly using ScriptMaster to register modules and execute the RegisterGroovy or the EvaluateGroovy functionalities of the plugin, you can use the store version without issues. However, if you are using ScriptMaster to generate your own plugins, you will need to generate them with an unsigned version of the ScriptMaster plugin, then sign them with your own code signing certificate.
The reason for needing an unsigned version of ScriptMaster to generate plugins, is that ScriptMaster makes plugins by essentially copying itself into the new plugin, along with the functions you have written. If ScriptMaster is signed before this copy happens, it will carry the signature with it. This is unfortunate, because the newly generated plugin does not match the ScriptMaster plugin exactly, and so the signature it has carried with it is now invalid, and the plugin will not be loaded by FileMaker.
To get around this issue, generated plugins should be created using an unsigned version of ScriptMaster, so that this invalid signature does not get written to the newly generated plugin.
To begin, you'll need to use the unsigned version of ScriptMaster, which you can download at this link here. Create your plugins using this version of ScriptMaster. Plugins created in this fashion will work in FileMaker Pro, but your users will see a warning message about "Could not verify the identity of this plugin". If you are ok with this warning you may want to stop here.
Note: Unsigned plugins will not be initialize in FileMaker Server 18 or the Web Publishing Engine. Plugins must be signed to work in these components.
Note: Starting in FileMaker Pro 19.3, the option to "allow anyway" has been removed so unsigned plugins will behave just like in FileMaker Server, they will not show up in Preferences and will not enable. This means that you will not be able to use the unsigned version of ScriptMaster in FileMaker Pro 19.3 or later to generate plugins. You will have to use FileMaker 19.2 or earlier will have to sign your custom plugins if you want to use them in 19.3 or later.
Signing Generated Plugins
On Mac
You will need two things:
- A code signing certificate
- The codesign utility installed (comes with Xcode command line tools)
You will need to enroll in an Apple Developer Account, and set up that account in Xcode on your machine. This should automatically install the codesign utility, and the certificates you need to sign plugins. Troi has some additional information on this here.
Once that is set up, you can sign your plugins by running the command:
- codesign -s "Your Developer Name" /path/to/MyGeneratedPlugin.fmplugin
You can validate the signature by running:
- codesign -v --verbose /path/to/MyGeneratedPlugin.fmplugin
On Windows
On Windows, you will need Microsoft Visual Studio downloaded and installed. Both Troi and FM Plugins have simple writeups of this process here and here respectively. You will need to acquire a code certificate from a Certificate Authority, such as Comodo, as the Apple certificate will not work on Windows. After receiving and preparing your certificate, you'll need to open your generated plugin in Visual Studio, and use the signtool.exe in the Visual Studio Command Prompt. I have also used PowerShell to run this command with good results:
- signtool sign /f "C:\Users\acme\your-code-sign2018.pfx" /p YOUR_PASSFRASE_HERE /tr http://timestamp.comodoca.com "C:\Users\acme\Desktop\PluginName.fmx64