I am attempting to determine the sign/notarize status of an app
the two commands I am using are
spctl -a -vv -t exec '<app_path>'
xcrun stapler validate '<app_path>'
the spctl command takes up to 30 seconds to run (seems the larger the bundle the longer it takes)
the results for the Xojo 2024 bundle is
spctl -a -vv -t exec '/Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app'
/Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Xojo, Incorporated (6MG2NQJ3FZ)
xcrun stapler validate '/Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app'
Processing: /Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app
Xojo.app does not have a ticket stapled to it.
which tells me it IS notarized, but NOT stapled, meaning it calls the Apple Server to verify
spctl -a -vv -t exec '/Volumes/Drive #3/Applications/UltraEdit.app'
/Volumes/Drive #3/Applications/UltraEdit.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: IDM Computer Solutions, Inc. (2T4C9Y59FF)
xcrun stapler validate '/Volumes/Drive #3/Applications/UltraEdit.app'
Processing: /Volumes/Drive #3/Applications/UltraEdit.app
The validate action worked!
this is another commerical app the indicates it is NOTARIZED, and STAPLED
and finally
spctl -a -vv -t exec '/Users/davidsisemore/Desktop/Builds - df.xojo_xml_project/OS X 64 bit/df.app'
/Users/davidsisemore/Desktop/Builds - df.xojo_xml_project/OS X 64 bit/df.app: rejected
source=no usable signature
this says NOT NOTARIZED
all the above are correct, but does anyone know a FASTER way to do this, it takes almost as long for spctl to run as it does for the entire rest of the script. What I DO NOT want to do is attempt to process a file that already is Notarized (since I have no way of know who/what/where or when it might have been done)