Few weeks ago I've installed a CLI application from Homebrew that wasn't signed or notarised (what's Apple calls from an "unidentified developer").
To run this application I've followed the well know steps from Apple and called it a day.
Now I want to revoke this exception to be able to test the new version of the same CLI application that will come signed and notarised by the developer.
I've tried to follow the instruction from posts that suggest the change Gatekeeper rules using spctl like this question without success.
It looks like the rules managed using spctl are not involved in this context, because I've tried to do:
$ spctl --reset-default
$ spctl --list > list.before.txt
and then I've authorised the app to run using System Preferences > Security & Privacy > 'Allow'
$ spctl --list > list.after.txt
and after run a compare between the two:
$ diff list.before.txt list.after.txt
(no differences)
The CLI app continue to run no matter what I do with the spctl utility.
How can I revert the permission to run to this unidentified developer's CLI app? ?
Best Answer
The permission is actually persisted by removing a specific attribute from the file's metadata.
You mentioned in comments that you were having this problem with jtool from Homebrew Cask. When you install that program, you'll see the attributes listed by running:
It will display something like this:
You can remove that attribute with the following command:
Now you won't get the prompt.
Add the attribute again to restore the prompt: