Despite its lack of security release notes, the 11.5.2 update contains new versions of several important security executables, including spctl, sandboxd and syspolicyd.
spctl
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.
Validating signatures isn’t straightforward. GUI apps are limited, and command tools confusing and prone to user error.
Yesterday, I explained how you can ensure that macOS 10.15 Catalina will open an app which doesn’t meet […]
Now can check apps (bundles with the extension .app) to determine whether they’re notarized, from Apple, App Store, etc.
It took 5 apps, 4 command tools in 6 commands, 2 developer certificates and an app-specific password for 260 lines of code.
Notarization is already required for some kernel extensions and apps, even in 10.14.5. So how do you tell whether an app or code bundle is notarized?
Testing at the command line, with What’s Your Sign?, and according to the requirements of the signature.
How to perform ad hoc signing, signing with a personal certificate, and set signing up in Xcode.
How can you create your own personal certificate suitable for signing your apps? Uses Certificate Assistant, and free of cost.
The Eclectic Light Company 