Determining The Files That An Update Installed

/ 1 July 2008

When Apple releases any software updates one question I always have (either before or after the installation) is what files/ folders were actually modified. After the files are written to the disk in a Software Update or Installer installation a “receipt” is written to disk to tell the installation system (both Installer and Software Update) what versions of what software is currently installed on your system. These receipts are saved to the /Library/Receipts folder. The /db subfolder in that folder contains the database that the installdb process reads to actually know the software that’s installed. The root of that folder and the /boms subfolder both contain the actual receipt files. These are the files to examine to know what files a software update or normal software installation has installed. But, the trick is that just double-clicking the files won’t work (the .pkg files in the root of this folder open like the original installers and quits saying that the installer you launched is a receipt, and the .bom files in the /boms subfolder open in as random, unreadable, text). So, to be able to read them in a sensible way you need to install the Suspicious Package QuickLook plugin. This will allow you to simply press the spacebar when you have a receipt selected and a simple-to-use interface will pop up in QuickLook that lets you browse the filesystem of files that will get (or got) installed onto your system. From there you can view that same tree in a Finder window to make sure that it did in fact install the file. It is a useful way to understand what Apple is actually updating when, say, the 10.5.4 update is downloaded onto your Mac (or what was updated if you QL the receipt after installation). Enjoy, Alex.