-1

I have an application that builds into a DMG file (via jpackage). As soon as users download the DMG they tell me it is corrupt and should be deleted.

Now I am unfamiliar with that format and I have no access to any Apple Mac to try myself. Just in case jpackage is really building an invalid package I would like to check that before offering such a download.

Is there any way to validate a DMG on Github's MacOS runner?

Queeg
  • 7,748
  • 1
  • 16
  • 42
  • "corrupt and should be deleted" sounds like a code signing problem. Knowing the exact error message would help clarify this. Also, do the users get that error when mounting the DMG, when running the program, or what? – Gordon Davisson Jun 25 '23 at 19:19
  • I am not entirely sure about the exact message or cause. These users are nontechnical enough, hence asking for validation that I can perform. – Queeg Jun 25 '23 at 19:27
  • I doubt there's any automated validation tool that'd check this sort of thing reliably. I think you have to approach this as something that needs to be debugged, and that's pretty much going to involve running it on a Mac (or having remote access to a user's Mac, or something like that). – Gordon Davisson Jun 25 '23 at 19:31
  • At whoever believes this is not a programming question: The dialog lists "Use this close reason if the question is not about a specific programming problem, a software algorithm, or software tools primarily used by programmers." Packagers to distribute an application are for sure programming tools. So why should not a verification tool be part of it? – Queeg Jun 26 '23 at 12:30

1 Answers1

0

I found this web page https://macwrench.miraheze.org/wiki/Hdiutil which mentions that hdiutil supports a number of commands that are useful for validating a DMG file:

hdiutil verify -verbose <dmg>
hdiutil imageinfo -verbose <dmg>
hdiutil hfsanalyze -verbose <dmg>
hdiutil checksum -type SHA256 -verbose <dmg>
hdiutil info -verbose
hdiutil pmap -verbose <dmg>

The first one already gave me output that ended like this:

hdiutil: verify: checksum of "<dmg>" is VALID
verified   CRC32 $9D7EB279

So with this I can trust my generated file and should look for issues on the download or user side.

Queeg
  • 7,748
  • 1
  • 16
  • 42