Previous Next  Up  Table of Contents  DropDMG 3.4.5 Manual  Technical Support

5.1.9   Signing

Apple recommends that Mac applications be distributed on disk images that are signed. The signature allows the customer to verify that the downloaded disk image is exactly as you created it, that it has not been maliciously modified, and that it was created by a valid Mac developer registered with Apple’s Developer ID program. If the disk image is not signed, an application stored on it will be subject to Gatekeeper Path Randomization.

Secure signing requires access to Apple’s trusted timestamp server, so your Mac must be connected to the Internet.

Signed Disk Images

To have DropDMG sign your disk image, select the appropriate signing identity from the Signing pop-up menu in the Configurations preferences. This is probably one whose name begins with Developer ID Application. In the event that you have multiple identities with the same name, DropDMG will show a tooltip that shows the SHA1 hash for the identity.

To remove or change the signing on a disk image, use the Convert Image/Archive… feature.

Signed disk images can be created on macOS 10.11.5 and later (and mounted on earlier versions). macOS 10.12 and later automatically verify the signature when mounting a disk image. Only read-only disk images in .dmg format can be signed.

Verifying a Signature

You can verify the signature of a disk image or archive, and see who signed it, using the Verify Signature… command.

“Detritus” Errors

Creating a signed disk image on macOS 10.12 or later may fail and report this error:

resource fork, Finder information, or similar detritus not allowed

This means that one or more of the files that you asked DropDMG to copy to the disk image contained extended attributes (xattrs), which macOS signing disallows for security reasons. In most cases, the xattrs are not actually needed, so you can simply remove them.

You can use Terminal command such as:

find . \( -xattrname -o -xattrname \) -print0 | xargs -0 xattr

to find all the files with Finder info or resource forks in the current directory.

You can use a Terminal command such as:

xattr -cr .

to remove all the extended attributes from all the files in the current directory.

Previous Next  Up  Table of Contents  DropDMG 3.4.5 Manual  Technical Support