The release of Big Sur in November 2020 marked the greatest structural change in Mac operating systems since the introduction of Mac OS X twenty years earlier. It completed the move to the boot volume group, in which the great majority of macOS runs from a mounted snapshot with a read-only file system separate from that of user files, and requires a fundamentally different method of installation and updating. This article outlines how that has changed macOS installers and updaters.

macOS 10.15 Packages

Up to and including Catalina, system installation and update was based on installer packages, structured collections of files that are copied to the boot disk in accordance with scripts. Once that copying is complete and the boot volume contains the files forming the new version of macOS, the Mac can be rebooted from those.

A full macOS installer consists of an app running InstallAssistant, with the main contents being three disk images in the SharedSupport folder. The largest of these is InstallESD.dmg, which in turn contains a set of five installer packages, with the bulk of the files to be installed contained in Core.pkg.

This adapts well to provide a flexible range of updaters using the same mechanism. A Delta update then consists of only the files that have changed since the previous version, and a Combo update contains all those that have changed since the first released version of that major release of macOS. These can also be offered as standalone updates, in which a single installer package contains all the files needed to perform the update.

Although a popular method for updating operating systems, this is prone to error, which can readily remain undetected, and failure during update will leave the system only partially updated and possibly unstable.

macOS 11 UpdateBrain

In addition to updating the contents of the system, from Big Sur onwards installers and updaters have considerably more to do. Those tasks include creating the new snapshot to contain the bootable copy of the system, firmlinking that System snapshot with its paired Data volume, building its tree of cryptographic hashes so that it can be sealed, and verifying the signature of its seal against Apple’s requirement.

There’s no room here for the slightest error if the signature on the Signed System Volume (SSV) is going to match what’s required. Within the SSV are additional changes, such as large dyld caches, which serve to make this more complicated, and more recently this includes Cryptexes containing system components like Safari that are kept outside the SSV so that they can be updated outside full macOS updates.

A glance inside a full installer app reveals InstallAssistant again, but much of the payload is within a single Zip archive in the 12 GB SharedSupport.dmg image. There’s also a Zipped UpdateBrain, containing an XPC bundle to perform the installer’s work.

Other than the full installer app, Apple doesn’t provide any standalone updaters, only online updates delivered through Software Update. Those are able to perform any update within that major macOS version, for example from 13.0 to 13.4.1 as well as 13.4 to 13.4.1, in a single step. But there’s no Combo option for a Mac already running 13.4 to have a fuller update, as if it were coming from 13.0. This is because the sealing process ensures that every copy of macOS has a signature matching that prescribed by Apple, thus is identical.

To minimise user downtime, updates undergo a period of ‘preparation’ of up to 30 minutes prior to installation. That includes further downloads, streamed decompression, and local installation. The overall aim is now to minimise the size of downloads and the time during which that Mac is unavailable to the user. This also has the valuable side effect that, should anything go wrong during the preparation phase, no changes have been made to the boot snapshot, and the Mac is able to restart safely and try the update again.

Disadvantages are that updates can only be performed while online, carry significant overhead in addition to the files that are actually changed, and require substantial free storage. For example, the update to take Ventura from 13.0 to 13.1 required a download of over 2.5 GB for an Apple silicon Mac, and needed 14-15 GB of free disk space.

macOS 13 RSR

One potentially valuable mitigation is the use of Rapid Security Responses to perform intermediate security updates, between scheduled minor macOS updates. These involve the download of small Cryptex components, and may require a simple restart for them to take effect. However, they can’t currently be used for patches to the kernel, which still require a full macOS update.

macOS 14 Software Update

The release of Ventura brought another innovation that we’re likely to see repeated this autumn/fall with Sonoma. Whereas previous major new versions of macOS have been implemented as full upgrades, normally with their own full installer app, Ventura surprised many as it was provided as an update through Software Update, so was smaller and quicker to install. This did cause issues in situations where users are able to install updates themselves, but not macOS upgrades. It also made it much easier to upgrade inadvertently. This year we should all be better prepared.