A new Universal App version of Signet, which checks signatures on apps and other bundles.
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.
Coming now to Apple Silicon Macs: all ARM-native executable code is required to be signed. Full details of this important change.
Imagine going to open an app which you use daily, only to be told by macOS that it “will damage your computer” and must be trashed. Can we have confidence in Apple?
Where can you see code signatures and notarization tickets, and how can you check them?
Who’s been ghost notarizing other people’s apps, and is Catalina wasting time to check whether shell scripts are notarized?
When you open a four year-old app and discover that someone notarized it in August last year. What’s behind that surprise?
Using Little Snitch, this becomes unresolvable, as the app can’t complete first run checks, and every time you try, it’s translocated to a different folder, causing Little Snitch to block it again.
Checking signatures, notarization, and 64-bit code on different items like apps, command tools, and Installer packages just got much simpler.
A future version of macOS (?10.16) will check code signatures more thoroughly than at present. Here’s what to do to start preparing for that.