Validates a static code object.
- macOS 10.6+
The static code object to be validated.
A code requirement specifying additional conditions the code must satisfy to be considered valid. Specify
NULLif you don’t want to impose any additional requirements. Use the
Requirement Create With String
Secfunction to create a code requirement object. See Code Signing Guide for a discussion of code requirements.
Requirement Create With String And Errors
A result code. See Code Signing Services Result Codes.
This function obtains and verifies the signature on the code specified by the code object. It checks the validity of all sealed components, including resources (if any). It validates the code against a code requirement if one is specified. The call succeeds if all these conditions are satisfactory.
This call is only secure if the code is not subject to concurrent modification, and the outcome is only valid as long as the code remains unmodified. If the underlying file system has dynamic characteristics, such as a network file system, union mount, or FUSE, you must consider how secure the code is from modification after validation.
When checking a universal binary, be sure to include the
k flag. Otherwise the method verifies only one slice of the binary, potentially indicating success without testing all the slices.