In Apple’s TN2206, “macOS Code Signing in Depth”, there’s a section about “Checking Gatekeeper Compliance”.

  • Package your program the way you ship it, such as in a disk image.

  • Download it from its website, or mail it to yourself, or send it to yourself using AirDrop or Message. This will quarantine the downloaded copy. This is necessary to trigger the Gatekeeper check as Gatekeeper only checks quarantined files the first time they’re opened.

  • Drag-install your app and launch it.

I figured jumping through a “download” or “send” step was overkill. Surely there’s a way to get the same effect programmatically, right?