Created
February 3, 2014 21:32
-
-
Save blakefrantz/8792830 to your computer and use it in GitHub Desktop.
Determines the state of Gatekeeper on OSX 10.8 and 10.9. Differentiates between three modes: "Mac App Store", "Mac App Store and identified developers", and "Anywhere",
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Determines the state of Gatekeeper on OSX 10.8 and 10.9. Differentiates between three modes: | |
# | |
# - Mac App Store | |
# - Mac App Store and identified developers | |
# - Anywhere | |
# | |
# DEV_REQ_[12] are certificate requirements stored in the SystemPolicy sqlite database. | |
# Each certificate requirement is disabled/enabled persuant to the 'disabled' field in | |
# the 'requirements' table. | |
# | |
# When the aforementioned certificate requirements are enabled, | |
# while Gatekeeper status is enabled, it means Gate Keeper will permit software signed | |
# by only the Mac App store and identified developers. | |
# | |
# When the aforementioned certificate requirements are disabled, | |
# while Gatekeeper status is enabled, it means Gatekeeper will permit software signed | |
# by only the Mac App store. | |
# | |
# [email protected] | |
# | |
SPCTL=/usr/sbin/spctl | |
SQLITE=/usr/bin/sqlite3 | |
SYSTEM_POLICY_PATH=/var/db/SystemPolicy | |
if [ ! -r $SYSTEM_POLICY_PATH -o ! -x $SPCTL -o ! -x $SQLITE ]; then | |
echo "Error: Ensure the permissions and path to spctl, sqlite3, and SystemPolicy are sane." | |
exit | |
fi | |
STATUS=$($SPCTL --status); | |
DEV_REQ_1="anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists" | |
DEV_REQ_2="anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and (certificate leaf[field.1.2.840.113635.100.6.1.14] or certificate leaf[field.1.2.840.113635.100.6.1.13])" | |
SQL="select requirement, disabled from authority where (requirement = '$DEV_REQ_1' or requirement = '$DEV_REQ_2') and disabled = 1;" | |
OUTPUT=$($SQLITE $SYSTEM_POLICY_PATH "$SQL") | |
if [ "$STATUS" == "assessments enabled" ]; then | |
if [ "$OUTPUT" == "" ]; then | |
echo "Gate Keeper is enabled and in 'Mac App Store and identified developers' mode" | |
else | |
echo "Gate Keeper is enabled and in 'Mac App Store' mode" | |
fi | |
else | |
echo "Gate Keeper is disabled and in 'Anywhere' mode" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment