Are Mac OS images (eg. "OS X El Capitan.app") digitally signed? Safe to install from torrent?

digital-signature

Solution 1:

The original macOS installer apps are not distributed as images (i.e. dmg files). So you won't find a digitally signed macOS Installer.dmg, dmg signing is possible though: How to add codesigning to dmg file in mac.

However, you can check the codesigning of the macOS/OS X Installer.app and the sha sum of the InstallESD.dmg (which contains the files which will be installed to your disk later):

codesign -dv --verbose=4 /Volumes/InstallMavericks/Install\ OS\ X\ Mavericks.app

and 

shasum /Volumes/InstallMavericks/Install\ OS\ X\ Mavericks.app/Contents/SharedSupport/InstallESD.dmg

Compare the shasum result with the following list: Apple Installer Checksums. If the checksum is different the dmg is tampered.

The name of the mounted Mavericks.dmg (i.e. InstallMavericks) is just an example - so use the proper path to the macOS/OS X Installer.app.

Related

Can damaged hard drive weaken Mac's security?
How can I install Boot Camp drivers in Windows on an external SSD disk?
How to restore motherboard firmware on an unresponsive MBP mid-2009?
MacBook Hangs on Boot at seemingly different stages each time
Why does finder in some cases show a different directory name than "ls"? [duplicate]
iPad photos missing from folder view in Windows
What cable do I need for 2560 x 1440 resolution on my Mac Air mid 2013? My LG Monitor has HDMI input only
Wi-Fi no longer connecting to the internet
Can I set the sender/reply-to address in iOS mail for an ActiveSync account?
iPhone 4 Won’t Turn On or Wake Up?
Pure Genius Or Pure Stupidity: Does An Old Mac G5 Make A Great BBQ?
When an old iPhone 3 can connect to WiFi but not associated with a Cell Phone carrier, can it still send files?