We started implementing Homebrew packages in our deployments.

and there are permissions needed for them to run smoothly. 

When I try get the CDHASH for the binary, they report as not signed.
 

codesign --display -vvvvvv <binary>

code object is not signed at all

when running tccprofile on our test computer, (tccprofile) it reports cdhash for binary

<dict>
						<key>Authorization</key>
						<string>Allow</string>
						<key>CodeRequirement</key>
						<string>cdhash H"5703c8d7d913bc20bb2e219173cd89267b200400"</string>
						<key>Identifier</key>
						<string>/usr/local/Cellar/restic/0.18.0/bin/restic</string>
						<key>IdentifierType</key>
						<string>path</string>
					</dict>

my question is how to get the cdhash , or how does apple get it when its not signed?