Using the 'spctl' terminal command

I am attempting to determine the sign/notarize status of an app

the two commands I am using are

spctl -a -vv -t exec '<app_path>'
xcrun stapler validate '<app_path>'

the spctl command takes up to 30 seconds to run (seems the larger the bundle the longer it takes)

the results for the Xojo 2024 bundle is

spctl -a -vv -t exec '/Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app'
/Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Xojo, Incorporated (6MG2NQJ3FZ)

xcrun stapler validate '/Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app'
Processing: /Volumes/Drive #3/Xojo 2024 Release 3.1/Xojo.app
Xojo.app does not have a ticket stapled to it.

which tells me it IS notarized, but NOT stapled, meaning it calls the Apple Server to verify

spctl -a -vv -t exec '/Volumes/Drive #3/Applications/UltraEdit.app'
/Volumes/Drive #3/Applications/UltraEdit.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: IDM Computer Solutions, Inc. (2T4C9Y59FF)

xcrun stapler validate '/Volumes/Drive #3/Applications/UltraEdit.app'
Processing: /Volumes/Drive #3/Applications/UltraEdit.app
The validate action worked!

this is another commerical app the indicates it is NOTARIZED, and STAPLED

and finally

spctl -a -vv -t exec '/Users/davidsisemore/Desktop/Builds - df.xojo_xml_project/OS X 64 bit/df.app'
/Users/davidsisemore/Desktop/Builds - df.xojo_xml_project/OS X 64 bit/df.app: rejected
source=no usable signature

this says NOT NOTARIZED

all the above are correct, but does anyone know a FASTER way to do this, it takes almost as long for spctl to run as it does for the entire rest of the script. What I DO NOT want to do is attempt to process a file that already is Notarized (since I have no way of know who/what/where or when it might have been done)

Apple servers can be slow sometimes.
You might want to run this in a non blocking way.

1 Like