How to verify a downloaded .pkg on mac terminal?

sebastiancove

Hi, OP

How can I verify a downloaded .pkg op-cli-install file on a mac terminal?

We're using the op cli for mac in Github action runners and I'd like to verify the downloaded installer before handing it over the keys to the castle.

I'm looking for something like on linux/windows:

gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg --verify op.sig op

The docs only describe how to verify it with the macOS UI (not an option for CI) see https://developer.1password.com/docs/cli/verify

I'm installing it manually as described here https://developer.1password.com/docs/cli/get-started/#install (brew is too slow (~47sec) for CI and not sure if I'd trust that either)

Thanks

---

1Password Version: CLI 2.13.1
Extension Version: Not Provided
OS Version: macOS 12.6
Browser:_ Not Provided
Referrer: forum-search:verify mac

Jack.P_1P

Hi @sebastiancove:

Great question. pkgutil --check-signature <path-to-package.pkg> should get you down the right path.

Jack

sebastiancove

:D Awesome, thanks!

ag_tommy

On behalf of Jack, you're welcome.