Making Sense of Apple’s Notarization

Checking existing software for compatibility

PKGs


$ pkgutil --check-signature <path to pkg>
$ pkgutil --check-signature 1Password-7.3.1.pkgPackage “1Password-7.3.1.pkg”:
Status: signed by a certificate trusted by Mac OS X
Certificate Chain:
1. Developer ID Installer: AgileBits Inc. (2BUA8C4S2C)
SHA1 fingerprint: 3F F5 AB E5 D3 F8 3D FD 81 57 C8 6A 30 19 C7 73 99 BA 0D 25
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
2. Developer ID Certification Authority
SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
$ stapler validate <path to pkg>$ stapler validate 1Password-7.3.1.pkgProcessing: /Users/aduss/Downloads/1Password-7.3.1.pkg
The validate action worked!

DMGs

$ spctl -a -t open --context context:primary-signature -v <path to dmg>$ spctl -a -t open --context context:primary-signature -v Dropbox-76.4.126.dmg./Dropbox-76.4.126.dmg: accepted
source=Developer ID
$ stapler validate <path to dmg>$ stapler validate Dropbox-76.4.126.dmgProcessing: Dropbox-76.4.126.dmg
Dropbox-76.4.126.dmg does not have a ticket stapled to it.

Applications

$ codesign -dv <Path to App>$ codesign -dv /Applications/Spotify.app/Executable=/Applications/Spotify.app/Contents/MacOS/Spotify
[ .. snip .. ]
Signature size=9046
[ .. snip .. ]
$ stapler validate <Path to App>$ stapler validate /Applications/Spotify.appProcessing: /Applications/Spotify.app
Spotify.app does not have a ticket stapled to it.

So how can we fix this?

--

--

--

Web Developer, Marathon Runner, Coffee Drinker.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A list of free and open-source Pagerduty alternatives you can explore

Basics and Benefits of Container Orchestration

Billing System using Spring Boot-Integrating JWT Authorization. Access Token and Refresh Token flow

COVID-19 vs. ROWE (Results Only Work Environment)

Data structures exercise: Array-backed list in Java with TDD

Firebase to the Rescue: Dynamic Routing via Hosting + Functions Integration

Kubernetes Pipelines — Hello, New World!

Learn About the Recent Cassandra 4.0 Release with a New Online Course from DataStax

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andy

Andy

Web Developer, Marathon Runner, Coffee Drinker.

More from Medium

Why Should You Use A Wordmark Logo?

Disclosing a Siri vulnerability- research and exploit (HomeKit)

Home app activates a smart door look

While Rome Runs — 26.2

The Chicago Skyline from Lake Michigan

Top 9 Slack Alternatives for 2022 — BocaExecuSpace