Skip to content

Instantly share code, notes, and snippets.

@neonichu

neonichu/code-signing.md

Last active April 16, 2023 02:34
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save neonichu/c9297bc68cc43ebf5361 to your computer and use it in GitHub Desktop.
Save neonichu/c9297bc68cc43ebf5361 to your computer and use it in GitHub Desktop.
Download ZIP
A few ways of checking code signatures on OS X.
Raw
code-signing.md

Code Signing

A few ways of checking code signatures on OS X.

Simple

$ /usr/bin/codesign --verify --deep --verbose /Applications/Xcode.app
/Applications/Xcode.app: valid on disk
/Applications/Xcode.app: satisfies its Designated Requirement

Checksum the individual signing certificates

$ /usr/bin/codesign -d --extract-certificates /Applications/Xcode.app
Executable=/Applications/Xcode-7.app/Contents/MacOS/Xcode
$ /usr/bin/shasum -a 256 *
2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32  codesign0
5bdab1288fc16892fef50c658db54f1e2e19cf8f71cc55f77de2b95e051e2562  codesign1
b0b1730ecbc7ff4505142c49f1295e6eda6bcaed7e2c68c5be91b5a11001f024  codesign2

SecAssessment system policy security

$ /usr/sbin/spctl --assess --verbose=4 --type execute /Applications/Xcode.app
/Applications/Xcode.app: accepted
source=Apple System
@KrauseFx
Copy link

For alternative outputs of the spctl command: https://developer.apple.com/news/?id=09222015a

Thanks again for collecting all this @neonichu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment