I am getting confused by many different websites and supporting sites for extensions and plugins everytime I want to add an extension in SU Pro 2018. It has never been easy for me to download an extension due to many restrictions, signed, unsigned, restricted, nonrestricted. Trimble, SketchUcuation, SketchUp extension, and many many others. I have to sign in every single site for downloading a single extension!!
Moreover, after download, they are not loaded in SketchUp or locked or something else. Sorry, but I am losing my faith to SketchUp due to being tired of all confusing sites and restrictions. I miss a smooth flowing software which I can trust and download subsidary functions to work with confidence. Thank you
If anything it has gotten easier to install extensions.
Download the extension
Install the extension within the Extension Manager
I just leave the extensions settings at default that usually works for me.
Some extensions have their own licensing requirements, that may be where you are seeing problems. Each will be slightly different since each developer has employed their own licensing system. It may take you a couple minutes to get familiar with it but usually it is fairly straight forward.
Agreed with @medeekâŚthere are a few extensions still hosted on other sites like SUmustard or SketchUcation (like Fredos)âŚbut more often than not theyâre on the extension warehouse that can be browsed and loaded either directly from within SU or downloaded and installed from drive. I like to download mine first as sometimes Iâm evaluating several at once and having them physically loaded in my Downloads folder makes it easier to manage.
To your point:
I canât even think of an example of one that is perfect. Even Adobe Photoshop can have weird plugins that require ajax lisp routines to install (like 3D Terrain Generator).
Two of the main sources for extensions are the SketchUp Extension Warehouse and SketchUcation.
I can search and install âSketchup Warehouseâ extensions directly within SketchUp as I am automatically logged in to my account from there, so thatâs pretty easy.
As for SketchUcation, rather than going to the site I can install those too from within SketchUp using the plugin store that is installed within SketchUp.
So you can access and install many from within SketchUp. For everything else including older sources and more premium extensions, thereâs the extension manager.
It has got much simpler in recent years from what Iâve seen.
âCurrentâ extensions are usually âsignedâ, and once installed using the Extension Manager > Install Extension button, they should work thereafter.
Older extensions [like some of mine at SketchUcation] are signed but âout of dateâ because changes to newer SketchUp versions can cause that.
It does not mean they wonât work in newer SketchUp versions.
Provided that you only install extensionsâ RBZ files which you had downloaded from trusted reputable sites like EWH, SketchUcation or Smustard [and several known developers own web-sites], then you can be confident in their âsafetyâ even when they say the signature is out of date: to use them simply reset your Extension Manager > Loading policy to âUnrestrictedâ.
When SketchUp restarts theyâll load.
If you get an RBZ from an untrustworthy site and/or it reports in the Extension Manager that the signature is âinvalidâ, then you might be wise to avoid it, and uninstall itâŚ
Having a fully signed extension is actually an illusory security.
It means it meets certain coding regimes, and has been processed by the EWH or the SketchUp-portal [i.e. the non-EWH RBZ files like mine and Fredoâs], if its signing is âout-of-dateâ it has not yet been updated for the newest SketchUp version; if itâs âinvalidâ something broke the signature - i.e. it might have been hacked !
I have made hundreds of extensions/plugins and where they need to be updated for compatibility with newer SketchUp versions they will have been, but if they still work without an update then chances are the signature is reported as âout-of-dateâ, some very old ones might have never have been signed !
SketchUp/Trimble failed to appreciate the admin-overhead that the EWH and the portal-signing process places on prolific authors - especially when their RBZ files are available âfor freeâ.
There is also an issue with the signing process. It signs text files as well as the .rb and .rbs/.rbe files. Unfortunately, my plugins use some of these text files as configuration files or log files, so they get modified by the plugin during normal use. Hence the Extension Manager will report the extensions as having an invalid signature. However, this in no way breaks the functionality or even safety of the plugin(s).
Initially only RB/RBS/RBE files got signed.
During developer testing of SketchUpâs proposed signing-system it became apparent that malicious content could be included by using HTM/HTML/JS/CSS files, so these then got âhashedâ as well.
After developersâ advice SketchUp also changed the âloading orderâ of Ruby files in the subfolder, so malicious RB or RBS files, which otherwise could have been included in a hacked RBZ, and then loaded in preference to the hashed files were sidestepped.
More recently, somewhere in the process SketchUp chose to also hash TXT files - this initially seems illogical, although their contents cannot be invoked unless called via some Ruby code, but then changing [hacking] the TXT file would affect the function of the extension, but I can see how it might be necessary to hash it.
Personally I include [rarely] shipped ancillary data in CSV/DAT/OPTION/SETTING/STRING files, which do NOT get hashed [although I expect that Trimbleâs paranoia will eventually mean ALL file-types in the subfolder will get hashed, and even that any non-hashed/new files in the subfolder, will be spotted and prevent the extension from loading - itâs madness butâŚ]
Preventing all unsigned extensions from ever loading has not been enacted [yet], because it stops users writing their own snippets etc and would greatly limit legit developers âdevelopingâ !!
Yes, the signing issue is an annoyance since users automatically assume something is wrong (installation corrupted) once they see an invalid signature reported. I still do not have a good resolution for this.