How to Inspect an OS X Package File (PKG) Without Installing

_____________________

Application Packages

First, I need to backtrack for a minute.

As OS X users, we're familiar with the fact that applications are actually complex folders in disguise—packages in developer lingo. OS X recognizes application packages and knows how to give them their unique icon. There is a contextual menu item, “Show Package Contents” that allows one to drill into the guts of an application and view all its resources.

Sow Package Contents on an app. 
Right click for contextual menu.

Inspecting Installer Packages

One might think, at first, that the OS X command “Show Package Contents” will work on another package file, an installer that ends in .pkg or .mpkg. That may or may not work depending on how the package file is constructed.

Note that .mpkg files are meta-packages that may contain .pkg files inside them that may be amendable to Show Package Contents.

However, if Show Package Contents isn't provided as a contextual menu option for either type of installer, don't despair. A different kind of tool is needed to analyze it. In this case, one can use a nifty OS X command line tool called pkgutil. It extracts the contents of the package file into its component pieces and can write it all out to a folder for inspection.

The easiest way to get started is to do a simple expand option and write it out to a named folder. The “man” page, of course, shows all the options. In the simplest case, the terminal commands would be:

pkgutil --expand package-name.pkg destination-folder
pkgutil --expand package-name.mpkg destination-folder

In these examples, the destination folder will be in the same folder as the package file, but one could define a path to somewhere else.

Here's what a dump looks like for one of my .mpkg files.

Sample dump of a .mpkg file.

In researching this command, I discovered a nice GUI utility called Pacifist (OS X 10.8 or later) that can drill into, amongst others, .dmg and .pkg files. It's $20 shareware, and if one works in the above mode a lot, it could well be worth the investment. But for casual inspection, the pkgutil command is nice to know about.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.