How to verify a downloaded .pkg on mac terminal?

sebastiancove · February 2

Hi, OP

How can I verify a downloaded .pkg op-cli-install file on a mac terminal?

We're using the op cli for mac in Github action runners and I'd like to verify the downloaded installer before handing it over the keys to the castle.

I'm looking for something like on linux/windows:

gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg --verify op.sig op

The docs only describe how to verify it with the macOS UI (not an option for CI) see https://developer.1password.com/docs/cli/verify

I'm installing it manually as described here https://developer.1password.com/docs/cli/get-started/#install (brew is too slow (~47sec) for CI and not sure if I'd trust that either)

Thanks

1Password Version: CLI 2.13.1
Extension Version: Not Provided
OS Version: macOS 12.6
Browser:_ Not Provided
Referrer: forum-search:verify mac

Jack.P_1P · February 3

Hi @sebastiancove:

Great question. pkgutil --check-signature <path-to-package.pkg> should get you down the right path.

Jack

sebastiancove · February 7

:D Awesome, thanks!

ag_tommy · February 7

On behalf of Jack, you're welcome.

How to verify a downloaded .pkg on mac terminal?

Comments

Leave a Comment