Apple sent the following message out to developers yesterday: Dear Developer, We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the App Store or outside of it, is signed or notarized by Apple. With the public release of macOS 10.14.5, we require that all developers creating a Developer ID certificate for the first time notarize their apps, and that all new and updated kernel extensions be notarized as well. This will help give users more confidence that the software they download and run, no matter where they get it from, is not malware by showing a more streamlined Gatekeeper…
-
-
Who Signed My OS X App?
The codesign command is used to sign apps and check the signature of apps. Apps need to be signed more and more and more these days. So, you might need to loop through your apps and verify that they’re signed. You might also choose to stop trusting given signing authorities if one is compromised. To check signing authorities, you can use codesign -dv --verbose=4 /Applications/Firefox.app/ 2>&1 | sed -n '/Authority/p' The options in the above command: -d is used to display information about the app (as opposed to a -s which would actually sign the app) -v increases the verbosity level (without the v’s we won’t see the signing “Authority”) –verbose=4 indicates the level of verbosity…