SYSPOLICY_CHECK(1) General Commands Manual SYSPOLICY_CHECK(1)

syspolicy_checkCheck if macOS app is ready for notarization or distribution

syspolicy_check notary-submission path [--verbose] [--json]

syspolicy_check distribution path [--verbose] [--json]

syspolicy_check [notary-submission | distribution] --help

syspolicy_check is used to check whether macOS application bundles are ready for upload to the Apple notary service, or ready for distribution to users outside of the Mac App Store.

syspolicy_check combines checks from multiple parts of macOS, including the frameworks and subsystems exposed by the existing codesign, spctl, and stapler commands.

syspolicy_check requires exactly one subcommand option to determine what action is to be performed. You can also pass -v or --verbose up to 3 times to get increasingly verbose output. --json outputs any errors to stdout in json format.

The subcommands are as follows:

Runs the same checks on an app as the Apple notary service, to make sure the app is ready for uploading to the service.

Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components. Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.

For more information on Notarization, please see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution

For more information on triaging common Notarization failures, please see: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues

Runs the same checks on your app as macOS does when determining if your app can be executed. This includes Gatekeeper checks, XProtect checks, provisioning profile checks, and more.

For more information on how macOS determines if an app can run, along with tips for debugging any launch time issues, please see: https://developer.apple.com/forums/thread/706442.

codesign(1), spctl(8), stapler(1)

February 7th, 2023 Mac OS X 12