LLMpediaThe first transparent, open encyclopedia generated by LLMs

PKG (Apple)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Progressive Web App (packaging) Hop 4
Expansion Funnel Raw 79 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted79
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
PKG (Apple)
NamePKG
DeveloperApple Inc.
Released1999
Latest releasemacOS Installer packages
Operating systemmacOS
Platformx86_64, ARM64
LicenseProprietary

PKG (Apple) PKG is Apple's installer package format used by Apple Inc. for macOS and related platforms. PKG packages encapsulate software payloads, scripts, metadata and digital signatures for distribution through channels such as the Mac App Store, enterprise Jamf, and software update systems like Apple Software Update. PKG interacts with macOS system components including the Installer (macOS), Gatekeeper (macOS security), and System Integrity Protection.

Overview

PKG packages serve as installable archives for applications, frameworks, kernel extensions, fonts, and system updates deployed by entities like Adobe Inc., Microsoft, Oracle Corporation, and Mozilla Foundation. The PKG format is processed by the Installer (macOS), can be created with tools from Apple Developer, and is often distributed through delivery mechanisms such as the Mac App Store, Apple Developer Connection, content delivery network providers operated by companies like Akamai Technologies and Fastly. Administrators in enterprises using Jamf, Munki, IBM BigFix or SCCM adapt PKG packaging for managed deployments on fleets of Mac devices.

File format and structure

A PKG bundle typically appears as a flat file with a .pkg extension or as a bundle directory; its internal layout includes payload archives, package receipts, property lists, and scripts. Components reference standards and technologies like XAR (archiver), CPIO, and gzip or zlib compression; package metadata uses Property List files (.plist) and XML schemas similar to those in CFPropertyList and Foundation (Apple framework). Receipts recorded in the Installer (macOS) receipt database allow tools such as pkgutil and installer(1) to query installed package IDs, versions and file lists. The payload can contain Mach-O binaries linked against XNU and include resources targeted for locations like /Applications or /Library, aligning with conventions established by projects such as Fink, MacPorts, and Homebrew.

Creation and editing tools

Apple provides utilities and frameworks for package creation including ProductBuild, PackageMaker (legacy), and pkgbuild as part of the Xcode and Command Line Tools for Xcode toolchains. Third-party tools and projects such as Packages (pkgbuild GUI), FlatPkg, Ditto (Apple) wrappers, and enterprise suites like Jamf Composer and Munki-pkg extend authoring capabilities. Continuous integration systems such as Jenkins (software), GitHub Actions, and GitLab CI integrate package build steps; version control with Git and artifact storage in systems like Artifactory or Nexus Repository Manager support reproducible builds. Security-focused workflows may incorporate utilities from OpenSSL, LibreSSL, and Apple's codesign tool to prepare signing and notarization.

Distribution and installation

PKG files are distributed via the Mac App Store, direct downloads from vendor websites (e.g., Adobe Systems, Microsoft Corporation), enterprise distribution systems like Jamf Pro, Munki, MunkiWebAdmin, or hosted on Amazon Web Services S3 buckets and CDNs such as Akamai Technologies and Cloudflare. End users install packages with the Installer (macOS), through command-line tools like installer(1), or automated management agents including Munki and Mobile Device Management solutions conforming to the MDM (Apple) protocol. PKG distribution may be wrapped in disk images created with hdiutil or signed installers routed through Apple Business Manager or Apple School Manager for institutional deployment.

Security and code signing

Apple requires PKG signing and notarization for distribution to macOS systems with Gatekeeper (macOS security) enforcement; packages are signed using Developer ID Installer certificates issued via the Apple Developer program and validated by tools like spctl and codesign (macOS). Notarization by Apple Notary Service scans PKG content for malware and attaches attestations, integrating with XProtect and System Integrity Protection. Security assessments reference cryptographic libraries such as CommonCrypto and standards like X.509 certificates and RSA (cryptosystem), with verification performed using openssl or native Apple tooling. Enterprises use MDM (Apple) enrollment profiles, Mobile Device Management restrictions, and Configuration Profiles to enforce installation policies and manage trust anchors.

History and evolution

The PKG format evolved alongside macOS and its predecessors, reflecting shifts from Classic Mac OS installer paradigms to the modern macOS ecosystem. Early package tools like PackageMaker (legacy) gave way to command-line utilities bundled with Xcode and the Developer Tools suite, while distribution models transitioned from physical media to online channels like the Mac App Store, Apple Software Update, and cloud CDNs. Security updates introduced code signing and notarization requirements under macOS Catalina and later, influencing how vendors like Mozilla Foundation, Adobe Inc., and Microsoft prepare installers. Ongoing evolution intersects with initiatives such as Apple Silicon transition, the introduction of System Extensions, and changes to kernel extension policies affecting how PKG payloads install low-level components.

Category:Apple software