How to mount a disk image with automator or Applescript and without hdiutil

applescriptautomatorfindermount

An Automator workflow that mounts a disk image on when I drag and drop the dmg file onto it is easy: enter image description here

Instead of dragging and dropping the dmg file I want to double click the created workflow and have it mount a specific file. I've tried using "Set Value of Variable" to the path of the dmg, "Open Finder Items", and "Get Selected Folder Items", nothing works.

I can do it with the command line as:

hdiutil mount disk_image_name.dmg

I've also tried with the Applescript: 

    on run {input, parameters}

        tell application "DiskImageMounter"
            open "path/disk_image_name.dmg"
        end tell
    end run

But after mounting the disk image as expected, Automator freezes for about 15 seconds and gives the below Syntax Error.

enter image description here

The reason I want to avoid using hdituil is the disk images are encrypted. When using the Automator mount tool the password is done in Apple's dialog box. Using hdiutil I end up passing the password as stdin. 

printf '%s\0' "$PASSPHRASE" | hdiutil attach $LOCATION -stdinpass

Best Answer

I would use hdiutil ... instead of other methods but with an image protected by a certificate instead of a password. This is similar as to building an encrypted image with a password and a recovery key (based on a cert) - without password though:

  1. Create a temporary cert folder and cd into it:

    mkdir ~/certsecdmg
cd ~/certsecdmg

  2. Create a root CA if you don't have one already:

    openssl genrsa -des3 -out casecdmg.key 4096
openssl req -new -x509 -days 7300 -key casecdmg.key -out casecdmg.crt

    Fill in all proposed fields.

  3. Create a password protected certificate signing request:

    openssl genrsa -des3 -out secdmgbuild.key 4096 
openssl req -new -key secdmgbuild.key -out secdmgbuild.csr

    Fill in all proposed fields.

  4. Create the signed certificate in PEM format

    openssl x509 -req -days 7300 -in secdmgbuild.csr -CA casecdmg.crt -CAkey casecdmg.key -set_serial 01 -out secdmgbuild.crt

  5. Convert the signed certificate to DER format

    openssl x509 -in secdmgbuild.crt -inform pem -out secdmgbuild.der -outform der

  6. Bundle the PEM certificate and private key into a PKCS#12 package

    openssl pkcs12 -export -in secdmgbuild.crt -inkey secdmgbuild.key -out secdmgbuild.p12

  7. Use hdiutil with the -certificate options to create an encrypted volume (example only):

    hdiutil create -type SPARSE -encryption aes-256 -certificate ~/certsecdmg/secdmgbuild.der -fs HFS+J -volname "SecureImage" -size 100m ~/Desktop/SecureImage
  8. Import secdmgbuild.p12 in your keychain
  9. Double-click SecureImage.sparseimage, enter: password of step 3/always allow to always allow access for diskimages-helper.

  10. Create a new Automator workflow, adding a Run Shell Script action with the following command:

    hdiutil mount ~/Desktop/SecureImage.sparseimage

    (please apply paths as needed)

    This simple Automator workflow works as "workflow" and "app".

  11. Add further actions as required.
  12. Save the content of the folder certsecdmg at a secure place and remove it afterwards.
Related Question