Skip to content

Verify Binaries

Jump to bottom
steveclay edited this page Apr 6, 2023 · 3 revisions

Verify macOS Binaries

  • The following command can verify a binary:
    • spctl -a -t open --context context:primary-signature -v <path_to_binary_to_check>
  • Assume you've installed under /usr/local/ibmcloud (default location), then you can run the following commands to verify:
    • To verify ibmcloud: spctl -a -t open --context context:primary-signature -v /usr/local/ibmcloud/bin/ibmcloud
  • You should see the following output:
/usr/local/bin/ibmcloud: accepted
source=Notarized Developer ID

Verify Linux Binaries

  • Download the public key from the IBM web site depending on your CLI release:

    • For the latest IBM Cloud CLI download this file

    • For IBM Cloud CLI release 2.15 or older, download this file

  • Make sure you have openssl installed

  • Signature files should be under bin sub-folder of installation location, e.g /usr/local/ibmcloud/bin (default location).

    • Signature file of ibmcloud: ibmcloud.sig

  • run openssl dgst -sha256 -verify <path_to_public_key> -signature <path_to_signature_file> <path_to_binary_to_check>.

    • For example, you can run the following commands to verify, if you install into the default location.
      • cd /usr/local/ibmcloud/bin
      • openssl dgst -sha256 -verify <path_to_public_key> -signature ibmcloud.sig ibmcloud
    • You should see output like Verified OK

Verify Windows Binaries

Windows binaries are signed and it will be automatically checked the first time you run ibmcloud. No further action is required to verify them.

Clone this wiki locally