How to check quarantine, 64-bit, signature, and notarization for almost anything

Lots of things can now go wrong with apps and other items such as Installer packages, even command tools. If you’ve upgraded to Catalina, you’ll know what I mean.

First, there’s the obvious issue of whether the app is thoroughly 64-bit. That’s now much easier to check using Go64 or my own 32-bitCheck, but then there is the question of command tools and more. And it only takes a single component buried within an app to be 32-bit-only for the whole app to be incompatible.

When you’ve got past that, you’ll be aware that more recent versions of macOS are getting to be sticklers over signatures, particularly if the quarantine flag is set on the app. This gets more fraught when dealing with Apple’s installers, a great many of which now have expired certificates and won’t work at all.

Both Mojave and Catalina require certain executable bundles to be notarized too, if they aren’t signed by Apple or supplied by the App Store. Again, if that bundle picks up a quarantine flag somewhere along the line, you could find it being rejected, or having to use the Open command in Finder’s contextual menu. Then there are command tools which need to be notarized too, and signed AppleScripts which can get their signatures broken when passed through iCloud.

So here’s a new version of ArchiChect which I have completely rewritten to make checking easier. It looks specifically at four areas:

  • Whether all executable code is fully 64-bit. If there are still 32-bit dependencies, then it isn’t going to work on Catalina.
  • Whether the quarantine flag is set. If it is, then that item is going to have to go through a ‘first run’ Gatekeeper check.
  • Whether the signature is valid. This picks up signature problems in signed AppleScripts, command tools, apps, Apple’s old Installer packages, and anything else you care to drop on it.
  • Whether it has been notarized, or was signed by Apple or delivered through the App Store. This determines what you’ll need to do to get it through its first run in Catalina, for example, or whether a kernel extension will install in Mojave or Catalina.

Here are some examples.


This is what you want: four blue ticks down the left, and one green tick in the view below. This literally ticks all the boxes for an app.


Here’s our old friend Aperture, with a load of 32-bit dependencies although the app itself is 64-bit. It also has a signature problem because of its age, and of course isn’t notarized.


Here’s one of Apple’s recently expired Installer packages: although it does contain installable executable code, ArchiChect doesn’t check whether that is 64-bit. But the certificates on its signature have expired, as has the whole package.


Here’s a signed AppleScript. It isn’t executable code in this sense, so the question of 64-bit doesn’t arise. ArchiChect recognises and checks the signature which is stored in the file’s extended attributes, and they are fine.

You can drop pretty well anything onto ArchiChect now, and it will run as many of these tests as appropriate. It will tell you whether a plain text document has a quarantine flag set, for example.

ArchiChect 2.0 is now available from here: archichect20
from Updates above, and from its Product Page.

I hope that you find it is useful, even if you have no intention of upgrading to Catalina just yet.