So verifying macOS installers (eg: Install macOS Sonoma.app) can be done easily in the terminal like this:
However for many older installers (Mavericks and older) this results in:
I had quite the battle with this in another thread. You can still verify the installer by getting the checksum of this file: Install OS X Mavericks/Contents/SharedSupport/InstallESD.img and comparing that to some unofficial SHA1 checksum listings.
Now I'm trying to do this for this OS X Leopard installer that I got from archive.org but both options are undoable. I mount the iso and copy the install OS X.app which is only 633 kb
Any ideas on how to verify this installer is an authentic OS X Leopard 10.5.6 build 9G66 copy?
Code:
pkgutil --check-signature /Users/JohnDoe/Desktop/Install\ macOS\ Sonoma.app
However for many older installers (Mavericks and older) this results in:
Code:
Status: package is invalid (checksum did not verify)
I had quite the battle with this in another thread. You can still verify the installer by getting the checksum of this file: Install OS X Mavericks/Contents/SharedSupport/InstallESD.img and comparing that to some unofficial SHA1 checksum listings.
Now I'm trying to do this for this OS X Leopard installer that I got from archive.org but both options are undoable. I mount the iso and copy the install OS X.app which is only 633 kb
- pkgutil --check-signature returns the "package is invalid" but this is unreliable feedback for older installers
- The InstallESD.img file is not in the installer .app package
Any ideas on how to verify this installer is an authentic OS X Leopard 10.5.6 build 9G66 copy?