Checking download containers for consistency

All Noto releases consist of a signed DMG container. You can check the signature of a signed DMG by running the command below in the terminal:

$ codesign --verify --verbose ~/Downloads/noto-1.0.dmg

If the DMG file is signed correctly, you should see the output below:

> noto-1.0.dmg: valid on disk
> noto-1.0.dmg: satisfies its Designated Requirement

If the DMG is not signed properly, you will see a different output depending on the problem. For example, if the DMG has no signature:

> noto-1.0.dmg: code object is not signed at all

You can also check the SHA256 signature of the DMG by running the command below in the terminal:

$ shasum -a 256 ~/Downloads/noto-1.0.dmg
> 55f95e113e45c6881fc7a743e91f0e4fa1556e3d251958d9a1043ecfb77c33af  noto-1.0.dmg

You can find the correct SHA256 for the specific release container you wish to verify in the list below:

All previous releases

• Noto 1.2 (828) — Jan 13, 2018 20:50

  noto-1.2.dmg (8.0 MB)

  SHA256: b7fc339543e08374b673e84293bf9819271c8bcc66003ca5c0834bca396949f3

• Noto 1.1.1 (799) — Oct 5, 2017 01:52

  noto-1.1.1.dmg (6.7 MB)

  SHA256: 4e12d318a61ebf8be1a0c8c9fde715fc1c17f18fdfa8baaf4b991da3187bac1e

• Noto 1.1 (797) — Sep 17, 2017 01:27

  noto-1.1.dmg (6.7 MB)

  SHA256: e98257a473cc625e627d7ddd575a7091bec849dfb55c07b26bfae01062a27d06

• Noto 1.0 (793) — Jun 4, 2017 18:52

  noto-1.0-793.dmg (5.8 MB)

  SHA256: e05d9a83c5e50e25afebfaa7cb5591bc5e2106f911f4d33bdbf0dd5168d6f630

• Noto 1.0 (792) — Jun 4, 2017 05:03

  noto-1.0.dmg (5.8 MB)

  SHA256: 55f95e113e45c6881fc7a743e91f0e4fa1556e3d251958d9a1043ecfb77c33af