SYSPOLICY_CHECK(1) | General Commands Manual | SYSPOLICY_CHECK(1) |
syspolicy_check
—
Check if macOS app is ready for notarization or
distribution
syspolicy_check |
notary-submission path
[--verbose ] [--json] |
syspolicy_check |
distribution path
[--verbose ] [--json] |
syspolicy_check |
[notary-submission | distribution] --help |
syspolicy_check
is used to check whether
macOS application bundles are ready for upload to the Apple notary service,
or ready for distribution to users outside of the Mac App Store.
syspolicy_check
combines checks from
multiple parts of macOS, including the frameworks and subsystems exposed by
the existing codesign,
spctl,
and stapler
commands.
syspolicy_check
requires exactly one
subcommand option to determine what action is to be
performed. You can also pass -v or --verbose up to 3 times to get
increasingly verbose output. --json outputs any errors to stdout in json
format.
The subcommands are as follows:
Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components. Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.
For more information on Notarization, please see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution
For more information on triaging common Notarization failures, please see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues
For more information on how macOS determines if an app can run, along with tips for debugging any launch time issues, please see: https://developer.apple.com/forums/thread/706442.
February 7th, 2023 | Mac OS X 12 |