How to Use the Command `pkgutil` (with Examples)

How to Use the Command `pkgutil` (with Examples)

  • Osx
  • December 17, 2024

pkgutil is a versatile command-line tool available in macOS that allows users to query and manipulate installer packages and receipts. It’s a handy utility for managing installed packages, checking digital signatures, and extracting files from packages. It is often used by developers, system administrators, and advanced users who need to ensure the integrity of installations or who wish to inspect package contents without installing them.

Use Case 1: List Package IDs for All Installed Packages

Code:

pkgutil --pkgs

Motivation:

The need to list all the package IDs associated with installed packages often arises when you want to take stock of the software installed on your system. By identifying these packages through their IDs, you can perform more targeted queries, administrative tasks, or troubleshooting to keep your system’s software environment under control.

Explanation:

  • pkgutil: The main command used to interact with installer packages and receipts.
  • --pkgs: An option that informs pkgutil to output a list of all installed package IDs on the system.

Example Output:

com.apple.pkg.Core
com.microsoft.Word
org.python.python
...

This output lists each installed package by its unique identifier, providing a succinct view of software installations on your system.

Use Case 2: Verify Cryptographic Signatures of a Package File

Code:

pkgutil --check-signature path/to/filename.pkg

Motivation:

Verifying the cryptographic signature of a package is crucial because it helps ascertain the legitimacy and security of a package file. This step ensures that the package has not been tampered with and is genuinely from the source it claims to represent. This is particularly important for developers distributing software and for users who wish to install third-party packages safely.

Explanation:

  • pkgutil: Invokes the utility to interact with packages.
  • --check-signature: This option requests pkgutil to verify the digital signature of a specified package file.
  • path/to/filename.pkg: The file path to the package whose signature you wish to check. Replace this with your actual package path.

Example Output:

Package "filename.pkg":
   Status: Signed by a recognized authority
   Certificate Chain:
    1. Developer ID Installer: [Developer Name]
    2. Apple Worldwide Developer Relations Certification Authority
    3. Apple Root CA

This output provides information about the signature of the package, including its status and the certificate chain that signed it.

Use Case 3: List All the Files for an Installed Package Given Its ID

Code:

pkgutil --files com.microsoft.Word

Motivation:

Listing the files associated with an installed package can be incredibly useful for tracking down issues, ensuring that a package’s components are intact, or when you need to clean up unneeded files left behind by an uninstalled package. This granular level of inspection allows for precise package management.

Explanation:

  • pkgutil: The command-line tool to interact with packages.
  • --files: This option directs pkgutil to enumerate all files installed by a particular package.
  • com.microsoft.Word: The unique identifier for the package whose files you want to list. You should replace this with the ID of the package you are interested in.

Example Output:

Applications/Microsoft Word.app/Contents/...
Library/Preferences/com.microsoft.Word.plist
...

The output lists paths to all files installed by the specified package, helping users understand the full impact of the installation process on their file system.

Use Case 4: Extract the Contents of a Package File into a Directory

Code:

pkgutil --expand-full path/to/filename.pkg path/to/directory

Motivation:

There are scenarios where a user might want to inspect the contents of a package without installing it. This is useful for developers intending to confirm the contents and structure of a package or for security audits where understanding what a package contains is necessary before giving it access to a system.

Explanation:

  • pkgutil: Command utility for package management.
  • --expand-full: This instructs pkgutil to expand the entire contents of a package file, recreating symbolic links and scripts into a specified directory.
  • path/to/filename.pkg: Indicates the path to the package file you wish to extract. Replace with your package file’s location.
  • path/to/directory: Denotes the destination directory for the extracted contents. You should specify where you want to see the files.

Example Output:

Directory: path/to/directory
    filename/
        PackageInfo
        Resources/
        Scripts/
        ...

Here, the output signifies that the package contents have been successfully unpacked into the destination directory structure. The files and scripts are readily available for inspection or debugging.

Conclusion:

The pkgutil command is a powerful and versatile tool for managing macOS packages. Through its variety of options, users are equipped to query, investigate, and extract package-related information and files, ensuring efficient package management and enhanced system security. Whether listing installed package IDs, verifying digital signatures, inspecting individual file installations, or extracting package contents, pkgutil offers users significant insights and control over their package environment.

Related Posts

How to use the command 'duperemove' (with examples)

How to use the command 'duperemove' (with examples)

The duperemove command is a utility designed to optimize your file system by identifying and optionally deduplicating duplicate filesystem extents.

Read More
How to use the command 'loadtest' (with examples)

How to use the command 'loadtest' (with examples)

The loadtest command is a robust utility designed to perform load testing on web services, specifically HTTP and WebSockets URLs.

Read More
How to use the command 'ximtoppm' (with examples)

How to use the command 'ximtoppm' (with examples)

The ximtoppm command is part of the Netpbm suite, a collection of graphics programs and libraries that facilitate the manipulation of various image formats.

Read More