The Mac Admins community has long produced open source tools of incredible value to its members, but there hasn’t been a way to provide strong code signing resources to use when signing and notarizing binaries and installer packages for those tools. Starting today, Mac Admins Open Source is launching with the support of the Mac Admins Foundation. Mac Admins can apply for and receive secure codesigning support free of charge.

Why do Mac Admins need codesigning and notarization? Why is it important?

Codesigning and notarization ensures that an application or script hasn’t been modified since it was signed. Codesigning and notarization are also required to pass through Apple’s Gatekeeper security system at launch and at run time. Signed code helps mitigate bad actors attempting to pass off malicious code as something it’s not, under the guise of an existing tool. Notarization ensures that Apple has passed the signed code through an automated scanning process and verified that the signed code is free of malicious content. For more information about Gatekeeper and Apple’s codesigning process, please review Apple’s documentation.

How does having this functionality help Mac Admins?

As macOS has matured and grown over the years, codesigning has become a core pillar of the security model. As a result of these changes, having signed code allows a Mac Admin to grant privileges to applications and processes which cannot be granted to unsigned code, such as full disk access, managed Login Items, and more.

How will Mac Admins gain access to these signing identities?

The Mac Admin Open Source organization will work with open-source project owners who want to sign their code. All projects will go through a standard vetting process to ensure that the repository is configured in a secure fashion, good coding practices are applied, and there is a plan to maintain the project going forward. After all the criteria are met, a secure signing process will be integrated with the project’s Git repository on the Mac Admins Github.

How is the Mac Admins Foundation involved?

The Mac Admins Foundation sponsored and supported the founding of the Mac Admins Open Source organization, a non-profit registered with the state of Pennsylvania in the US. As a result, the Mac Admins Open Source organization has acquired an Apple Developer account for code signing, among other helpful services, to be administered through the Mac Admins GitHub organization. For more information, please visit #macadmins-opensource on the Mac Admins slack or macadmins.io.

Mac Admins Open Source and the Mac Admins Foundation wish to convey their deepest thanks to the following individuals who lent a hand during this process: Christos Drosos, Ashley Carroll, Tom Adcox, and Jeremy Butcher.