Worklet: Enable Gatekeeper on macOS

Gatekeeper is a built-in security feature of macOS—originally introduced in Mac OS X Lion (10.7.3)—that enforces code signing and verifies downloaded applications before allowing them to run. This worklet ensures that Gatekeeper is always enabled on a macOS system.

Evaluation:

#!/bin/bash

# helper function to check if a command exists
function command_exists {
    type "$1" &> /dev/null
}

# only evaluate if the spctl command is available
if command_exists spctl; then
    # check if gatekeeper is enabled
    spctl --status | grep -q "assessments enabled"

    # yay? or nay?
    exit $?
fi

# spctl command not available, move along
exit 0

Remediation:

#!/bin/bash

# enable gatekeeper for all users
spctl --master-enable

# did we succeed?
exit $?
3 Likes

Type is a shell built in. It maybe return something other than an executable program. Why not use which instead and get the executable path from that?