Mac OS X,  Mac Security,  Mass Deployment

Restoring the Default Gatekeeper Database

As I’ve mentioned previously, spctl is the command line tool to manage signing for Gatekeeper. This file edits the information stored in /var/db/SystemPolicy. Regrettably, this information can become corrupted (like all information in a database. And when it does, Apple has done us a favor by making a hidden default database with this information in the same directory, called .SystemPolicy-default.

To restore the default database, we just copy it over the top of the old one. Here, we’ll rename the old one first:

mv /var/db/SystemPolicy /var/db/SystemPolicyOLD

And then we’ll copy the defaults to make it the production database:

cp /var/db/.SystemPolicy-default /var/db/SystemPolicy

Then reboot and you should be good to go.