How to verify a downloaded .pkg on mac terminal?

Question

Hi, OP

How can I verify a downloaded .pkg op-cli-install file on a mac terminal?

We're using the op cli for mac in Github action runners and I'd like to verify the downloaded installer before handing it over the keys to the castle.

I'm looking for something like on linux/windows:

gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg --verify op.sig op

The docs only describe how to verify it with the macOS UI (not an option for CI)  see https://developer.1password.com/docs/cli/verify

I'm installing it manually as described here https://developer.1password.com/docs/cli/get-started/#install (brew is too slow (~47sec) for CI and not sure if I'd trust that either)

Thanks

1Password Version: CLI 2.13.1
Extension Version: Not Provided
OS Version: macOS 12.6
Browser:_ Not Provided
Referrer: forum-search:https://1password.community/search?Search=verify%20mac

jack_p_1p · Answer

Hi @sebastiancove:

Great question. pkgutil --check-signature &lt;path-to-package.pkg&gt; should get you down the right path.

Jack

Answer

:D Awesome, thanks!

1p_tommy · Answer

On behalf of Jack, you're welcome.

Forum Discussion

How to verify a downloaded .pkg on mac terminal?

3 Replies

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Severe slowdown in Chrome with 1Password extension 8.11.12.27 on pages with many inputs

Educational: TypeScript implementation of 1Password's security model + interactive explainer

OpenSSH Agent like putty

op completion zsh hangs forever

1Password CLI vulnerability?