If you were to strip unwanted code from a Universal App, would it still pass Big Sur’s strict security checks?
codesign
If you have no other option and can be certain there’s no danger in doing so, you can remove a signed app’s signature. But it may not be so simple.
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.
Coming now to Apple Silicon Macs: all ARM-native executable code is required to be signed. Full details of this important change.
Who’s been ghost notarizing other people’s apps, and is Catalina wasting time to check whether shell scripts are notarized?
Validating signatures isn’t straightforward. GUI apps are limited, and command tools confusing and prone to user error.
An unexpected behaviour in the codesign command could cause the app to crash when examining certain app. Now fixed, plus several new features.
It took 5 apps, 4 command tools in 6 commands, 2 developer certificates and an app-specific password for 260 lines of code.
Notarization is already required for some kernel extensions and apps, even in 10.14.5. So how do you tell whether an app or code bundle is notarized?
Testing at the command line, with What’s Your Sign?, and according to the requirements of the signature.
