objective-see
Notarized mode not blocking as expected
I've tried out BlockBlock Notarization Mode with app called Protégé, and with the command line executable for Neovim.
Expected behavior: for BlockBlock to block the launch, hoped for both the app and command line executable to be blocked.
Actual behavior: both app and command line executable launch unimpeded by BlockBlock. No messages show up in BlockBlock Helper app.
Testing with spctl shows both test objects are not notarized:
block@BlockTests-Virtual-Machine ~ % spctl -a -t exec -vvv /Users/block/Desktop/VirtualBuddyShared/VirtualBuddySharedFolder/Protege-5.6.5\ -\ un-quarantined/Protégé.app
/Users/block/Desktop/VirtualBuddyShared/VirtualBuddySharedFolder/Protege-5.6.5 - un-quarantined/Protégé.app: rejected
source=no usable signature
block@BlockTests-Virtual-Machine ~ % spctl -a -t exec -vvv /Users/block/Desktop/VirtualBuddyShared/VirtualBuddySharedFolder/nvim-macos-arm64/bin/nvim
/Users/block/Desktop/VirtualBuddyShared/VirtualBuddySharedFolder/nvim-macos-arm64/bin/nvim: rejected
codesign -dv shows both test objects are signed as flags=0x20002(adhoc,linker-signed).
Protegé is a Java app with Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64:Mach-O 64-bit executable arm64] and nvmim is a Mach-O thin (arm64).
Tested on macOS version 26.01 Tahoe, and on a fresh install of 26.0 VM with no other 3rd party software in VirtualBuddy. On arm64.
Currently (by design) BlockBlock only blocks user-downloaded files that have the quarantine attribute (com.apple.quarantine) set.
(You can check with xattr -p <path to file). So, if those files aren't quarantined BB will allow them ...
Ah thanks, that is not what I was expecting as Gatekeeper is already doing that task to a large extent when set to App Store and known developers.
I was looking to monitor/report for non-notarised and later maybe block if desired if our users download executables without the quarantine attribute set using (command line) tools or if they remove the quarantine attribute. (edited to correct spelling and terminology)