Reputation: 2855
How to check whether an app or dmg is signed or not?
I have created app and dmg for a Java application. I am signing as well as verifying dmg and app via codesign.
codesign -s "mycomapany name" myproduct.dmg/myproduct.app
Verifying both using following command -
codesign -v myproduct.dmg/myproduct.app
On executing this command for app and dmg separately it is not giving any message to confirm whether they are signed or not?
Like executing command - jarsigner -verify -certs myproduct.jar returns that "jar verified."
How can I verify that dmg and app are signed properly.
Thanks
Upvotes: 4
Views: 8451
Answers (1)
Reputation: 14524
To get more output from the codesign command, add a second -v argument after the first one:
codesign -v -v myproduct.dmg/myproduct.app
This is equivalent to:
codesign --verify --verbose myproduct.dmg/myproduct.app
The codesign command also has an exit value that you can use to get its result:
Examples for signed app:
codesign -v myproduct.dmg/myproduct.app
echo $?
Output: 0
codesign -v myproduct.dmg/myproduct.app && echo SIGNED!
Output: SIGNED!
codesign -v myproduct.dmg/myproduct.app || echo UNSIGNED!
No output
Examples for unsigned app:
codesign -v myproduct.dmg/unsigned.app
echo $?
Output: 1
codesign -v myproduct.dmg/unsigned.app && echo SIGNED!
No output
codesign -v myproduct.dmg/unsigned.app || echo UNSIGNED!
Output: UNSIGNED!
Upvotes: 10
Related Questions
- How to check if a file has a digital signature
- how to check if a file is signed or not?
- Check signature of an apk
- Android N - how to check if apk is signed with schema v2
- How to find out which signature verison an APK file has?
- NDK application Signature Check
- Self-checking an APK's signature
- java code for checking if jar file are signed or not
- Is there a way to check if an app signature is debug or published?
- How to know programmatically if an app is signed with a Debug or Export certificate?