Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Faloude

macrumors regular
Original poster
Oct 6, 2018
102
17
So verifying macOS installers (eg: Install macOS Sonoma.app) can be done easily in the terminal like this:
Code:
pkgutil --check-signature /Users/JohnDoe/Desktop/Install\ macOS\ Sonoma.app

However for many older installers (Mavericks and older) this results in:
Code:
Status: package is invalid (checksum did not verify)

I had quite the battle with this in another thread. You can still verify the installer by getting the checksum of this file: Install OS X Mavericks/Contents/SharedSupport/InstallESD.img and comparing that to some unofficial SHA1 checksum listings.

Now I'm trying to do this for this OS X Leopard installer that I got from archive.org but both options are undoable. I mount the iso and copy the install OS X.app which is only 633 kb
  • pkgutil --check-signature returns the "package is invalid" but this is unreliable feedback for older installers
  • The InstallESD.img file is not in the installer .app package
Furthermore, the archive.org file has a checksum which I did not match with the one from the .iso nor the .dmg I converted it into.

Any ideas on how to verify this installer is an authentic OS X Leopard 10.5.6 build 9G66 copy?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.