Category filter

Script to install unsigned packages on Mac

An unsigned package (PKG) refers to a software package that has not been digitally signed by the developer or a recognized certificate authority. Digital signatures are cryptographic certificates that verify the authenticity and integrity of software. When a package is signed, it indicates that the software comes from a trusted source and has not been tampered with.

Sometimes, IT admins need to deploy specialized development tools in the form of open-source software distributed as packages that may or may not be signed. These tools, such as advanced debugging libraries, specialized testing frameworks, beta software versions, and others, are essential for effective software development. By utilizing the script provided below, IT administrators can install unsigned packages on Mac using Hexnode’s ‘Execute Custom Script’ action.


  • The sample scripts provided below are adapted from third-party open-source sites.
  • Installing unsigned packages might compromise security, as the absence of a digital signature makes it challenging to verify the software’s authenticity and integrity. Exercise caution while deploying unsigned packages.

Deploy unsigned PKG on Mac

The script provided below will deploy and install an unsigned package on a Mac:

The script utilizes the ‘curl’ command to download a macOS package from a specified URL and saves it in the ‘/tmp’ directory. Replace with the name the downloaded unsigned package should be saved as. Subsequently, the ‘installer’ command is employed with administrative privileges to install the downloaded package on the Mac. ‘-verboseR’ is used to provide detailed information during the installation process. The ‘-target /’ option specifies the root directory as the installation location, indicating that the package will be installed system-wide.

The detailed information, such as installation progress, will be displayed during the installation of the unsigned package on Mac

What happens at the device end?

After executing the script, the unsigned application package will be silently installed on the Mac and the app icon will appear in the Applications folder in Finder.


  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository