Last Week on My Mac: Begging from Apple

Whenever Apple releases macOS updates, one of my most tedious tasks is to track down its standalone installer(s). These are separately downloadable packages which the Installer app can use to perform local updates. Maybe I should be glad that task might be over, as Apple hasn’t provided such packages for either update to Big Sur.

As I revealed here, following an exchange of tweets with Mr Macintosh and others, we established that Apple didn’t intend releasing any more standalone installer packages for Big Sur’s updates, although it eventually posted those for the concomitant security updates to Catalina and Mojave. The reason is that, with Big Sur’s new Sealed System Volume (SSV), producing any form of standalone updater has become more complex.

I’ll be looking in more detail at how Big Sur changes the way that software updates work in a future article here. For the moment, it’s clear that the old Installer packages can never work with the new SSV.

As we all knew, installing updates prior to Big Sur has been a bit of a gamble. Most of the time, everything went to plan and our System volumes ended up much as Apple intended. But there were a significant number of failed updates, and those which seemed generally OK but had some quirks. Among the more than 50,000 files which now make up the System volume, a few minor errors weren’t uncommon.

If the same were to happen with a Big Sur update, few would ever have a seal which matched that required by Apple. The result would be a goodly proportion of updates would fail to seal properly, and have to be repeated until they finally came right, or abandoned without being sealed. We’d quickly tire of the SSV, and there’d be headlong rush back, even to the likes of Catalina, in search of sanity.

In theory, at least, successful Big Sur updates should be totally reliable. If the new System seal doesn’t match that provided by Apple for that version of macOS, then your Mac won’t boot from it. So at least ‘delta’ and Combo updaters should be more consistent and reliable. They’d be starting from a tightly defined system in which not one byte can be out of place, and have a single destination. How many Macs would make that journey successfully for their new seal to match that prescribed for the next version is a matter for speculation.

There are bigger problems too. Prior to Big Sur, all an updater really had to do was install changed files to generate the updated system. That’s an ideal task for an Installer package, and creating such packages must have been relatively straightforward for each update. In Big Sur, that’s just the start. Once the new system has been assembled on your System volume, the installer must build its Merkle tree of cryptographic hashes, up to the Seal itself, which it then compares with the hash provided by Apple. Finally, that’s made into a snapshot, from which the Mac boots.

Because it’s not possible to put that process together in the Installer app as we know it, anyone with hopes for traditional packages with which to update Big Sur is going to be disappointed whatever Apple decides to do in the future.

It’s those last eight words which are my sticking point. I don’t know when Apple made the decision to introduce the Sealed System Volume in Big Sur, but I’m sure that it was long before WWDC last summer, possibly a year or more earlier. Yet even now Apple hasn’t informed its users that it won’t be releasing standalone updaters for macOS 11.0.1, released well over a month ago, or 11.1, released almost a week ago. Those who, in the past, have relied on standalone installers to update multiple Macs or in any other workflow have just been abandoned, left to plead their case for reinstatement of a longstanding service.

There are alternatives, of course, including the macOS Content Caching service, and downloading full installers for each new release of macOS 11. For many users these aren’t a substitute for such an established service, and require significant additional work, local storage and bandwidth. Both cases are examples of increasing inefficiency: a service which previously allowed a user to keep just the original major release of macOS, knowing that they could then turn that into any subsequent minor version of macOS with a minimal download, is now dispersed to local Macs, and in many cases full installers not updates.

And what I still can’t get over is that Apple hasn’t explained this to users, just left us to beg for a better solution.