One important requirement for code signatures is with Mojave’s new privacy controls. Are they needed, though?
signature
Testing at the command line, with What’s Your Sign?, and according to the requirements of the signature.
How to perform ad hoc signing, signing with a personal certificate, and set signing up in Xcode.
How can you create your own personal certificate suitable for signing your apps? Uses Certificate Assistant, and free of cost.
Should you use ad hoc signing, or make your own personal certificate? Why would you want to sign a script or app you have made?
Apple Mobile File Integrity is a combination of a KEXT and a LaunchDaemon which check app signatures, entitlements, and provisioning profiles.
The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.
Whenever an app is opened in 10.14.2, its signature is checked asynchronously, often several times. But in many cases, macOS doesn’t act on any errors returned.
Another worthless piece of “security theatre” about bundle signatures. I wouldn’t bother reading it, or downloading the new version of Signet.
Is checking bundle signatures a waste of time once they have passed their ‘first run’ check? Does macOS ever do that?
The Eclectic Light Company 