You may be surprised to learn that SIP or XProtect are disabled, that the SSV isn’t working, or that your security systems are way out of date.
spctl
Despite its lack of security release notes, the 11.5.2 update contains new versions of several important security executables, including spctl, sandboxd and syspolicyd.
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.
Validating signatures isn’t straightforward. GUI apps are limited, and command tools confusing and prone to user error.
Yesterday, I explained how you can ensure that macOS 10.15 Catalina will open an app which doesn’t meet […]
Now can check apps (bundles with the extension .app) to determine whether they’re notarized, from Apple, App Store, etc.
It took 5 apps, 4 command tools in 6 commands, 2 developer certificates and an app-specific password for 260 lines of code.
Notarization is already required for some kernel extensions and apps, even in 10.14.5. So how do you tell whether an app or code bundle is notarized?
Testing at the command line, with What’s Your Sign?, and according to the requirements of the signature.
How to perform ad hoc signing, signing with a personal certificate, and set signing up in Xcode.