SketchUp Extensions


#1

Hello,

I am getting confused by many different websites and supporting sites for extensions and plugins everytime I want to add an extension in SU Pro 2018. It has never been easy for me to download an extension due to many restrictions, signed, unsigned, restricted, nonrestricted. Trimble, SketchUcuation, SketchUp extension, and many many others. I have to sign in every single site for downloading a single extension!!

Moreover, after download, they are not loaded in SketchUp or locked or something else. Sorry, but I am losing my faith to SketchUp due to being tired of all confusing sites and restrictions. I miss a smooth flowing software which I can trust and download subsidary functions to work with confidence. Thank you


#2

If anything it has gotten easier to install extensions.

  • Download the extension
  • Install the extension within the Extension Manager
  • I just leave the extensions settings at default that usually works for me.
  • Some extensions have their own licensing requirements, that may be where you are seeing problems. Each will be slightly different since each developer has employed their own licensing system. It may take you a couple minutes to get familiar with it but usually it is fairly straight forward.

#3

Agreed with @medeek…there are a few extensions still hosted on other sites like SUmustard or SketchUcation (like Fredos)…but more often than not they’re on the extension warehouse that can be browsed and loaded either directly from within SU or downloaded and installed from drive. I like to download mine first as sometimes I’m evaluating several at once and having them physically loaded in my Downloads folder makes it easier to manage.

To your point:

I can’t even think of an example of one that is perfect. Even Adobe Photoshop can have weird plugins that require ajax lisp routines to install (like 3D Terrain Generator).


#4

Two of the main sources for extensions are the SketchUp Extension Warehouse and SketchUcation.

I can search and install “Sketchup Warehouse” extensions directly within SketchUp as I am automatically logged in to my account from there, so that’s pretty easy.

As for SketchUcation, rather than going to the site I can install those too from within SketchUp using the plugin store that is installed within SketchUp.
https://sketchucation.com/plugin-store-free-download

So you can access and install many from within SketchUp. For everything else including older sources and more premium extensions, there’s the extension manager.

It has got much simpler in recent years from what I’ve seen.


#5

‘Current’ extensions are usually ‘signed’, and once installed using the Extension Manager > Install Extension button, they should work thereafter.

Older extensions [like some of mine at SketchUcation] are signed but ‘out of date’ because changes to newer SketchUp versions can cause that.
It does not mean they won’t work in newer SketchUp versions.
Provided that you only install extensions’ RBZ files which you had downloaded from trusted reputable sites like EWH, SketchUcation or Smustard [and several known developers own web-sites], then you can be confident in their ‘safety’ even when they say the signature is out of date: to use them simply reset your Extension Manager > Loading policy to ‘Unrestricted’.
When SketchUp restarts they’ll load.
If you get an RBZ from an untrustworthy site and/or it reports in the Extension Manager that the signature is ‘invalid’, then you might be wise to avoid it, and uninstall it…

Having a fully signed extension is actually an illusory security.
It means it meets certain coding regimes, and has been processed by the EWH or the SketchUp-portal [i.e. the non-EWH RBZ files like mine and Fredo’s], if its signing is ‘out-of-date’ it has not yet been updated for the newest SketchUp version; if it’s ‘invalid’ something broke the signature - i.e. it might have been hacked !

I have made hundreds of extensions/plugins and where they need to be updated for compatibility with newer SketchUp versions they will have been, but if they still work without an update then chances are the signature is reported as ‘out-of-date’, some very old ones might have never have been signed !
SketchUp/Trimble failed to appreciate the admin-overhead that the EWH and the portal-signing process places on prolific authors - especially when their RBZ files are available ‘for free’.


#6

There is also an issue with the signing process. It signs text files as well as the .rb and .rbs/.rbe files. Unfortunately, my plugins use some of these text files as configuration files or log files, so they get modified by the plugin during normal use. Hence the Extension Manager will report the extensions as having an invalid signature. However, this in no way breaks the functionality or even safety of the plugin(s).


#7

Initially only RB/RBS/RBE files got signed.
During developer testing of SketchUp’s proposed signing-system it became apparent that malicious content could be included by using HTM/HTML/JS/CSS files, so these then got ‘hashed’ as well.
After developers’ advice SketchUp also changed the ‘loading order’ of Ruby files in the subfolder, so malicious RB or RBS files, which otherwise could have been included in a hacked RBZ, and then loaded in preference to the hashed files were sidestepped.
More recently, somewhere in the process SketchUp chose to also hash TXT files - this initially seems illogical, although their contents cannot be invoked unless called via some Ruby code, but then changing [hacking] the TXT file would affect the function of the extension, but I can see how it might be necessary to hash it.
Personally I include [rarely] shipped ancillary data in CSV/DAT/OPTION/SETTING/STRING files, which do NOT get hashed [although I expect that Trimble’s paranoia will eventually mean ALL file-types in the subfolder will get hashed, and even that any non-hashed/new files in the subfolder, will be spotted and prevent the extension from loading - it’s madness but…]
Preventing all unsigned extensions from ever loading has not been enacted [yet], because it stops users writing their own snippets etc and would greatly limit legit developers ‘developing’ !!


#8

Yes, the signing issue is an annoyance since users automatically assume something is wrong (installation corrupted) once they see an invalid signature reported. I still do not have a good resolution for this.