Forrest logo
back to the pkgutil tool

pkgutil:tldr:01760

pkgutil: Verify cryptographic signatures of a package file.
$ pkgutil --check-signature ${filenamename-pkg}
try on your machine

The command "pkgutil --check-signature ${filename.pkg}" is used to verify the digital signature of a package file.

Here's a breakdown of the command:

  • "pkgutil": This is the command-line tool used to manipulate packages on macOS.
  • "--check-signature": This option tells pkgutil to check the signature of the specified package file.
  • "${filename.pkg}": This represents the name of the package file that you want to check the signature for. The "${filename.pkg}" can be replaced with the actual file name and extension.

By running this command, pkgutil will examine the digital signature of the package file and provide information about its validity. If the digital signature is valid, it means that the package has not been tampered with and is likely from a trusted source. If the signature is not valid, it could indicate that the package has been modified or is from an untrusted source.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the pkgutil tool