Packaging Part 2: Autopkg

Use of Autopkg is mostly done in the command-line. If you are a mostly GUI user then look at the end of this post for AutoPkgr

Autopkg distributed as an installer package, and it's recommended to also install Git for the purpose of installing and updating community recipes. AutoPkg requires 10.6 or later.

Requirement - the above command requires “git" to be installed. Also, Xcode or use the Xcode command line if you don’t need the full 4.47 GB (as of this writing) application suite.

Installing Xcode command line:
Prompt the system to install them simply by typing the git command, or
xcode-select —install.

Note: You must agree to the Xcode license agreement.


Recipes are backbone of autopkg. Recipes can:

  • Find the latest version of a software item.
  • Download pkgs/dmgs.
  • Package (or repackage) downloads).
  • Used to import into software management system (Munki, Jamf Pro, Absolute Manage, etc)

How to find recipes:

Browse recipes repositories

How to add Recipes

Default recipes for autopkg

autopkg repo-add <URL>


autopkg repo-add recipes

Once Autopkg is installed run the following command.

autopkg repo-add recipes

You will receive something similar. I apologize for the formatting. Getting command-line to format properly can be a challenge.

Attempting git pull...
Updating 8332edc..d49d9fe
Adium/                        |  17 +-
Adium/Adium.munki.recipe                           |   4 -
AdobeAIR/                  |   4 +-
AdobeAIR/AdobeAIR.pkg.recipe                       |   4 +-
AdobeAIR/AdobeAir.munki.recipe                     |   4 +-
.../           |   6 +-
.../         |  11 +-
AdobeFlashPlayer/  |   2 +-
AdobeFlashPlayer/AdobeFlashPlayer.install.recipe   |   2 +-
AdobeFlashPlayer/AdobeFlashPlayer.munki.recipe     |   2 +-
AdobeFlashPlayer/AdobeFlashPlayer.pkg.recipe       |   2 +-
AdobeFlashPlayer/          |   2 +-
AdobeReader/AdobeReaderDC.pkg.recipe               |  44 ++++-
AdobeReader/     |   8 +-
AdobeReader/AdobeReaderUpdates.munki.recipe        |   2 +-
AdobeReader/       |  41 +++++
Barebones/BBEdit_Scripts/postinstall               |   2 +-
Evernote/                  |   2 +-
Evernote/Evernote.munki.recipe                     |   2 -
GoogleChrome/GoogleChrome.install.recipe           |   5 +-
GoogleEarth/            |  19 +-
Handbrake/                |   3 +-
MSOfficeUpdates/        |  13 +-
MSOfficeUpdates/MSExcel2016.munki.recipe           |  16 +-
MSOfficeUpdates/  |  23 ++-
.../            |  11 +-
MSOfficeUpdates/MSOffice2011Updates.munki.recipe   |   6 +-
MSOfficeUpdates/MSOffice2011Updates.pkg.recipe     |   9 +-
.../        | 185 ++++++++++++-------
MSOfficeUpdates/      |  13 +-
MSOfficeUpdates/MSOneNote2016.munki.recipe         |  16 +-
MSOfficeUpdates/      |  13 +-
MSOfficeUpdates/MSOutlook2016.munki.recipe         |  16 +-
MSOfficeUpdates/   |  13 +-
MSOfficeUpdates/MSPowerPoint2016.munki.recipe      |  16 +-
MSOfficeUpdates/         |  13 +-
MSOfficeUpdates/MSWord2016.munki.recipe            |  16 +-
Mozilla/                    |  15 +-
Mozilla/                |  15 +-
OmniGroup/               |  16 +-
OmniGroup/OmniFocus2.install.recipe                |  42 +++++
OmniGroup/              |  19 ++
OmniGroup/OmniGraffle.munki.recipe                 |  23 +--
OmniGroup/OmniGraffle.pkg.recipe                   |  23 +--
OmniGroup/             |  33 ++++
OmniGroup/OmniGraffle6.munki.recipe                |  23 +--
OmniGroup/OmniGraffle6.pkg.recipe                  |  23 +--
OmniGroup/           |  19 ++
OmniGroup/OmniGrafflePro.munki.recipe              |  23 +--
OmniGroup/OmniGrafflePro.pkg.recipe                |  23 +--
OmniGroup/        |  19 ++
OmniGroup/OmniGraphSketcher.munki.recipe           |  23 +--
OmniGroup/OmniGraphSketcher.pkg.recipe             |  23 +--
OmniGroup/         |   4 +-
OmniGroup/             |  21 +++
OmniGroup/OmniOutliner.munki.recipe                |  25 +--
OmniGroup/OmniOutliner.pkg.recipe                  |  25 +--
OmniGroup/            |  33 ++++
OmniGroup/OmniOutliner4.munki.recipe               |  50 +++++
OmniGroup/OmniOutliner4.pkg.recipe                 |  85 +++++++++
OmniGroup/          |  21 +++
OmniGroup/OmniOutlinerPro.munki.recipe             |  23 +--
OmniGroup/OmniOutlinerPro.pkg.recipe               |  23 +--
OmniGroup/                 |  21 +++
OmniGroup/OmniPlan.munki.recipe                    |  25 +--
OmniGroup/OmniPlan.pkg.recipe                      |  25 +--
OmniGroup/                |  33 ++++
OmniGroup/OmniPlan3.munki.recipe                   |  50 +++++
OmniGroup/OmniPlan3.pkg.recipe                     |  85 +++++++++
OracleJava/             |   5 +-
OracleJava/OracleJava8.munki.recipe                |   5 +-
OracleJava/OracleJava8.pkg.recipe                  |   5 +-
Panic/                        |   2 +-
Panic/                     |   2 +-
Puppetlabs/                  |  17 +-
Puppetlabs/                  |  17 +-
SampleSharedProcessor/SampleSharedProcessor.recipe |   2 +-
.../              |   2 +-
Silverlight/            |  19 +-
Silverlight/Silverlight.install.recipe             |   9 +-
Silverlight/Silverlight.munki.recipe               |   6 +-
Silverlight/Silverlight.pkg.recipe                 |  25 +--
Skype/                        |   4 +-
Skype/Skype.install.recipe                         |  11 +-
Skype/Skype.munki.recipe                           |   2 +-
Skype/Skype.pkg.recipe                             |   2 +-
Spotify/                    |   2 +-
Spotify/Spotify.munki.recipe                       |   2 -
TextMate/                 |   2 +-
TextMate/TextMate2.munki.recipe                    |   2 +-
TextMate/                    |   2 +-
The Unarchiver/       |  72 +++++---
The Unarchiver/TheUnarchiver.munki.recipe          |  17 +-
The Unarchiver/TheUnarchiver.pkg.recipe            |   7 +-
XQuartz/                    |   4 +-
munkitools/           | 192 --------------------
munkitools/                 |  89 ---------
munkitools/                |  99 ----------
munkitools/munkitools.munki.recipe                 | 201 ---------------------
munkitools/munkitools2-autobuild.munki.recipe      |  41 ++++-
munkitools/munkitools2.munki.recipe                |  43 ++++-
101 files changed, 1263 insertions(+), 1125 deletions(-)
create mode 100644 OmniGroup/OmniFocus2.install.recipe
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/OmniOutliner4.munki.recipe
create mode 100644 OmniGroup/OmniOutliner4.pkg.recipe
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/
create mode 100644 OmniGroup/OmniPlan3.munki.recipe
create mode 100644 OmniGroup/OmniPlan3.pkg.recipe
delete mode 100644 munkitools/
delete mode 100755 munkitools/
delete mode 100644 munkitools/
delete mode 100644 munkitools/munkitools.munki.recipe

Updated search path:

If we know the recipe name we are looking for then we don’t need to browse the repos. In this example, I am searching for a recipe you will probably use later: fetch


daniel$ autopkg search fetch

If we know the recipe name we are looking for then we don’t need to browse the repos. In this example, I am searching for a recipe you will probably use later: fetch
daniel$ autopkg search fetch

I broke down and took a screenshot.

I broke down and took a screenshot.

Notice the command comes back with different names often referred to as recipe variants


Fetch.install.recipe    -   To fetch and install the searched for recipe

screenFetch.munki.recipe   -  Specific to using Munki

Fetch.jss.recipe    -   you guessed it. Specific to using Jamf’s JSS

Fetch.pkg.recipe   - I often use this to to extract/create/recreate an Installer package

At this stage it’s becoming obvious that we can download and recreate packages in various ways. However, it’s important to have a common place to store these packages to retrieve for later use. It’s important to have a repo for this purpose. Munki is a great option for cost and support purposes. It’s open source and has a large community supporting it. If your organization has the money to roll with JAMF then autopkg has progressively improved their support for Casper.

For Munki, it’s recommended you have macOS Server app purchased/installed. Documentation for setup is at

Keep it simple and demonstrate creating a package:

Ok. I hear you. To receive the latest package of Firefox type the following in Terminal.

autopkg run Firefox.pkg

Processing Firefox.pkg...

The following packages were built:

    Identifier               Version  Pkg Path                                                                                  

    ----------               -------  --------                                                                                  

org.mozilla.firefox.pkg  49.0.2   /Users/daniel/Library/AutoPkg/Cache/com.github.autopkg.pkg.Firefox_EN/Firefox-49.0.2.pkg  

The following new items were downloaded:

    Download Path                                                                                

    -------------                                                                               /Users/daniel/Library/AutoPkg/Cache/com.github.autopkg.pkg.Firefox_EN/downloads/Firefox.dmg

Using Finder I can follow the path to view the package that was built:


Firefox-49.0.2.pkg - is a flat package that we can use for deployment.

If you prefer to use .dmg for deployment purposes then look in “downloads”



Too much command-line for you? Ok. Let's talk about using the a tool created by The Linde Group.

To use AutoPkgr, you will need to have the following pre-requisites:

1. OS X 10.9.x or higher

2. Xcode and/or the Xcode Command Line Tools installed

3. Acceptance of the Xcode license agreement.

4. A logged-in user to run the AutoPkgr application in. This user can be a standard user or have admin rights. As of macOS 10.12.1, AutoPkgr will not install properly when double-clicking to launch the app. This is mostly likely due to Apple's tightening control of what is able to be launched using System Integrity Protection. If you are an admin, simply right-click the application and select "Open". However, it may be the VM I'm working on.

"Install" You can (it's required) to install "git" and the latest version of Autopkg.

"Repos & Recipes" search in specific repos for recipes you want to include. It the repo is not pre-populated in the list then you add in manually.

In "Schedule" you can select how you want to check and install for the most up-to-date packages. This is very important and keep you from having to manually search each application's site for the latest version. Also, allow the app using autopkg to notify you via email when the newest packages are available.

"Folders & Integration". I recommend you stick with the default folders unless you have good reasons not to. This pane allows you to select "Munki" integration. Also, you will see the ability to integrate using "Casper Suite Integration" recently renamed "JAMF Pro". Select which "Distribution Point" you need to use. As a side note, you must have either an on-site JSS or cloud-based JSS set-up for this to be an option.

My sincere hope is this helps you on the journey to understand the power of packaging and some great tools created to better manage them. Check back for a dive into macOS default tool "pkgutil".


Packaging Part 1: What is Packaging?

Packaging is a big deal. It is the basis of software deployment in macOS. There are times that going back to the basics is important in understanding the workflow you employee. The basics remind you the importance in doing things properly going forward.

Let me share with you some basics of packaging.

There are two type of packages used in macOS.

1. Bundle - become increasingly rare in deployment. I encounter is mostly with Adobe's Creative Cloud.
2. Flat - Introduced with macOS X 10.5. Instead of being a directory like a bundle, flat packages are compressed into a single file.

For the example I downloaded the latest Adobe Reader.

Download the .dmg from Adobe's site. Double click the .dmg file. The package I am working with is inside. Take the package out of the .dmg container.


An example of a bundle package is be right clicking the package

A flight package is illustrated when right clicking the package.

Notice there is not an option to open "Package contents"

Pkgutil is built-in to macOS. It is accessed using the command-line. It queries and manipulates macOS Installer packages and receipts.

For further investigation I created a tmp folder on my Desktop. Also, I could use /tmp/ to ensure the OS will automatically clean up the files.

Now it's time to convert a flat package into a bundle package. It's time to expand.

pkgutil --expand 

Ex. pkgutil --expand /Users/daniel/Desktop/AcroRdrDC_1502020039_MUI.pkg /tmp/AcroRdrDC_1502020039_MUI.pkg

By right clicking the .pkg, I now receive the option to "Show Package Contents"

The directory of the package:

We can gleam some important information by examining the Distribution file.

cat /Users/daniel/Desktop/tmp/AcroRdrDC_1502020039_MUI.pkg/Distribution

I will only list a few items for space purposes that are contained in Distribution.

<title>Adobe Acrobat Reader DC (Continuous)</title>

    <pkg-ref id="com.adobe.RdrServicesUpdater" installKBytes="18294">
            <bundle CFBundleVersion="15.020.20039" id="com.adobe.AdobeRNAWebInstaller" path=""/>

The package reference id and size.
    <pkg-ref id="" installKBytes="1160" packageIdentifier="">

We get a peak into what the package scripts will be doing:


    <installation-check script="InstallationCheck()">

        <ram min-gb="1"/>


    <volume-check script="VolumeCheck()">


            <os-version min="10.9"/>




        var gOSMinimumVersion = '10.9';

A minimum of macOS 10.9 is required with a minimum of 1 GB of RAM.

It's time to look deeper into the package archives. A sub-package in our pkg can be opened. Right click the "application.pkg" and select "Show Package Contents".

It's time to examine the build-of-materials file .bom file.

Be aware that the .bom file cannot be opened in a text editor or cat in CLI. Apple's provides a tool in the form of lsbom.

lsbom - The lsbom command interprets the contents of binary bom (bom(5)) files. For each file in a bom, lsbom prints the file path and/or requested information.

The archive contains information about location, kind, owner, group, and mode of each file and directory. 
lsbom /Users/daniel/Desktop/tmp/AcroRdrDC_1502020039_MUI.pkg/application.pkg/Bom

4 - means it’s a directory and 775 is the permission. read/write/execute for the owner. read/execute for group and other.
0/0 next the circle means it will be installed by root with the wheel group.

There is much more information to retrieve but let's keep a high overview. It's time toget more information regarding what is in the package payload. It's time for pkgutil. Remember, pkgutil expands a flat package.

pkgutil --payload

pkgutil --payload /Users/daniel/Desktop/AcroRdrDC_1502020039_MUI.pkg

Want to repackage the pkg file from a bundled package to a flat pkg?

pkgutil —flatten

I'm going to change the package name to include "AdobeReader". 

pkgutil --flatten /Users/daniel/Desktop/tmp/AcroRdrDC_1502020039_MUI.pkg ~/Desktop/adobereader_1502020039_MUI.pkg

I now have a flattened package with my customer name added in the name. 

Be aware that if you alter the package contents including the name then you loose the signed package content.

On that note:

To check the signed signature

pkgutil —check-signature

pkgutil --check-signature /Users/daniel/Desktop/adobereader_1502020039_MUI.pkg
Package "adobereader_1502020039_MUI.pkg":
   Status: no signature

Compared to my original Adobe Reader package that I downloaded and extracted the pkg from the .dmg which does have a signature.

pkgutil --check-signature /Users/daniel/Desktop/AcroRdrDC_1502020039_MUI.pkg
Package "AcroRdrDC_1502020039_MUI.pkg":
   Status: signed by a certificate trusted by Mac OS X
   Certificate Chain:
    1. Developer ID Installer: Adobe Systems, Inc.
       SHA1 fingerprint: 9D 75 C9 20 01 4A 65 04 94 A7 63 95 E3 91 93 47 04 E8 57 DF
    2. Developer ID Certification Authority
       SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86
    3. Apple Root CA
       SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

This demonstrates the original package that was downloaded has not be tampered.

More uses for pkgutil?

Want to list out the packages currently installed?

pkgutil —packages

Yep. It list some interesting packages that catch the eye. 

CustomVoice_en_US_nicky - Did I download a voice to read the news for me? Honestly, I don't remember.


Gatekeeper and XProtect are macOS's built-in tools to quarantine content such as malware that may be harmful to your Mac.

This is the first post of several that I plan on writing to help you understand packaging. "Watch for Part 2: Packing and Autopkg".








What a Git

Git has been an industry buzz word for several years. What is “Git”? If you have read British books such as the Harry Potter series then the word will be familiar. It’s a noun for an unpleasant or contemptible person. Of course, that is not what I am referring to.

The Git I am referring to is a modern version control system that is incredibly popular. It’s a open-source tool used for tracking changes to projects big and small. Git’s function is to provide a framework for developers/script writers to collaborate on project. I will not go into the specifics. Needless to say there is a reason for it’s popularity.

I learned and continue to use Git from the command line. Once you understand how it works then the procedures for installation and use are workable. However, what if you are intimidated by the command line? You may a visual oriented individual that prefers a graphic based design. This is for you.

The following are GUI based front-ends for Git. Perhaps one of these will help you learn and implement Git into your organization or workflow.


Release the kraken! If you find yourself in a cross-platform environment such as Windows, macOS and Linux then GitKraken is a good client to start. It’s has one of the nicest design for a Git client.


Touted features include: 

  • Visual interaction and hints
  • 100% standalone
  • Supports multiple profiles
  • Supports single-click undo and redo functions
  • Built-in merge tool
  • A fast and intuitive search tool
  • Easily adapts to a user’s workspace and also supports submodules and Gitflow
  • Integrates with a user’s GitHub or Bitbucket account
  • Keyboard shortcuts plus lots more.



Another popular client for macOS, Windows, and Linux. Users can use it with their own repos or other providers. Features include:

  • Supports Git pull requests and comments
  • Supports SVN repositories
  • Comes with Git-flow, SSH-client and file compare/merge tools
  • Integrates strongly with GitHub, BitBucket and Atlassian Stash
  • Supports Git pull requests and comments
  • Supports SVN repositories
  • Comes with Git-flow, SSH-client and file compare/merge tools
  • Integrates strongly with GitHub, BitBucket and Atlassian Stash


For Linux and Windows, GitForce is a dead simple design that will allow you to manage projects without needing to drop into the command line. Be aware that GitForce requires having .NET support (or Mono runtime on Unix) and the actual git command line tool.


Giggle isn’t that attractive and has limited functionality at first look. It supports most Linux distros. Be aware Giggle has moved to GNOME infrastructure. This client is good at tracking Git content. It’s worth a look.

If you are looking for more then check out Techmint's article "11 Best Graphical Git Clients and Git Repository Viewers for Linux".