I have a dmg file in my portal.After downloading it,when i try to open it is showing a message indicating that opening package is insecure. i am able to add codesign through command line using codesign command and also able to check whether it is added or not. but still when i click to open my dmg file insecure message is coming
Double-click the DMG file to make its content available (the name will show up in the Finder sidebar), and a window generally opens also showing the content. Drag the application from the DMG window into the Applications directory to install (you may need an administrator password). Wait for the copy process to finish.
As of macOS 10.11.5 you can now sign disk images, .dmg
, files using the codesign
tool:
codesign -s <identity> --keychain <full-path-to-keychain> <path-to-disk-image>
There's 3 ways to do this. In the terminal on OS X 10.11.5 or newer. Note: you can code sign DMGs on earlier OS versions, however Sierra only likes them from 10.11.5 or newer.
codesign --force --sign "Developer ID Application: <identityIdentifier>" <pathToDMG>
Verification is done via (requires macOS Sierra).
spctl -a -t open --context context:primary-signature -v <pathToDMG>
Araelium have updated DMG Canvas (v2.3), so it will code sign DMGs when it builds.
DropDMG has been updated to code sign DMG image files too (v3.4).
There's also (a tool I developed) called App Wrapper (3.6), which can code sign DMG files.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With