Mac users and admins find themselves in yet another major platform transistion. For the duration of the transition, developers and admins will have to deal with and support software and hardware for the Intel and Apple silicon Macs. With Universal applications and Rosetta 2, Apple is providing very efficient tools to dramatically reduce the friction and problems involved.
This post was inspired by comments from Josh Wisenbaker on MacAdmins Slack and Twitter. Thank you!
For most end user level tasks, these tools will provide seamless experience. Universal applications will run on either platform natively and Rosetta 2 will translate applications compiled for the legacy platform (Intel) so they can run on the new Apple silicon chips. There are only a few situations where these tools don’t work: virtualization solutions and Kernel extensions.
In most cases this tools will “just work.” But for MacAdmins there is one major issue that may throw a wrench in your well-oiled deployment workflows. Rosetta is not pre-installed on a fresh macOS installation.
We can only speculate why Apple chooses to deliver Rosetta this way. In “normal” unmanaged installations, this is not a big deal. The first time a user installs or launches a solution that requires Rosetta, they will be prompted to for installation and upon approval, the system will download and install Rosetta.
As a MacAdmin, however, you want your deployments to be uninterrupted by such dialogs. Not only are they confusing to end users, but the user might cancel out of them which will result in your workflow failing partially.
There are two solutions. The first is to install Rosetta as early as possible in the deployment process. Apple provides a new option for the
softwareupdate command to initiate the installation. Graham Gilbert and Rich Trouton have already published scripts around this. Have this script run early in your deployment workflow on Apple silicon and subsequent apps and tools that require Rosetta should be fine.
The other solution is to avoid requiring Rosetta and thus the prompt for Rosetta.
I mentioned earlier that we can only speculate as to why Apple has made Rosetta 2 an optional installation. One possible explanation is, that Apple believes Rosetta will not be a necessary installation for very long. An extra dialog and installation will make users and developers more aware of software that “needs an update” and motivate developers to provide Universal applications faster.
When a user opens an application that requires Rosetta for the first time, before Rosetta is installed, the system prompts to install. The same thing can happen with an installer package. The system might prompt to install Rosetta before a certain package is installed. However, not all packages trigger the dialog. I was curious what is required in the package to trigger or to avoid the prompt.
Aside from legacy formats, there are two types of packages. The first are “plain” packages, which are also called component packages. These packages have a payload and can have pre- and postinstall scripts, but other than that, there is little metadata you can add to influence the installation workflow.
This is where “distribution packages” come in. Distribution packages do not have a payload or installation scripts of their own, but contain one or more component packages. In addition, distribution packages can contain metadata that influences the installation workflow, such as customization of the Installer.app interface, system version checks, prompting the user to quit running applications before an installation and software requirements and a few more.
Note: learn more about the detailed differences between component and distribution packages in my book: “Packaging for Apple Administrators“
You can build a distribution package from a component package with the
> productbuild --package component.pkg distribution.pkg
Since most of the extra features of distribution packages are only effective when the installation package is launched manually in the Installer application, MacAdmins usually just build component pkgs.
The confusing part here is that both component pkgs and distribution pkgs have the same file extension. They are hard to distinguish even from the command line. To tell them apart, you can expand a pkg with the
pkgutil command and look at the files in the expanded folder. Component pkgs have (among other files) a
PackageInfo file and distribution pkgs have a
# component pkg
> pkgutil --expand component.pkg expanded_component_pkg
> ls expanded_component_pkg
# distribution pkg
> pkgutil --expand distribution.pkg expanded_distribution_pkg
> ls expanded_distribution_pkg
For distribution pkgs, the
Distribution file is an XML file which contains the configuration data for the package. One tag in this XML is the
options tag which can have a
hostArchitectures attribute. According to [Apple’s documentation on this tag](A comma-separated list of supported architecture codes), the
hostArchitectures are a “comma-separated list of supported architecture codes.”
Apple documentation is a bit aged, so it gives
ppc as possible values. However, when you read the
productbuild man page on macOS Big Sur you will see that
arm64 is a new valid value. We will also find these extremely helpful note:
NOTE: On Apple Silicon, the macOS Installer will evaluate the product’s distribution under Rosetta 2 unless the arch key includes the arm64 architecture specifier. Some distribution properties may be evaluated differently between Rosetta 2 and native execution, such as the predicate specified by the sysctl-requirements key. If the distribution is evaluated under Rosetta 2, any package scripts inside of product will be executed with Rosetta 2 at install time.
When a distribution pkg has this attribute and it contains a value of
arm64 then the installation process on an Apple silicon Mac will not check if Rosetta is installed. When
arm64 is missing from the
hostArchitectures, or the attribute or tag are missing entirely, the installation process on an Apple silicon Mac will asume the pkg requires Rosetta and prompt to install when necessary.
There is more good news in the next note in the man page:
NOTE: Starting on macOS 11.0 (Big Sur), productbuild will automatically specify support for both arm64 and x86_64 unless a custom value for arch is provided.
When you use
productbuild to create a distribution pkg on Big Sur (Intel and Apple silicon) both
x86_64 will be added to the configuration by default.
But, when you use
productbuild on Catalina or earlier, the attribute will be lacking, when means that when someone installs that pkg on an Apple silicon Mac, it will assume it requires Rosetta and prompt for installation.
Adding both architectures by default is a useful default. But can we set the value explicitly when we build the distribution pkg? And can we do so on Catalina?
Yes, you can, of course. There are even two solutions. First, instead of letting
productbuild generate the
Distribution xml, you can build and provide a complete
Distribution xml file with the
--distribution option. That will give you full, fine-grained control over all the options.
The second solution is a bit easier. You can create a
requirements.plist property plist file in the form:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Then you can provide this property list file to the
productbuild command with the
> productbuild --package component.pkg --product requirements.plist distribution.pkg
productbuild still generates the
Distribution xml and merges in your choices from the
requirements.plst. There are other options you can add which are documented in the
productbuild man page.
Both of these approaches will work on Catalina as well. This way you can explicitly tell the installer system which architectures your packages will run with and not leave anything to chance.
In Whitebox Packages you can configure the
hostArchitectures attribute under the “advanced options” for a distribution package.
As far as I can tell, when you install a component pkg, no checks for Rosetta are performed. Nevertheless, this is not something I would rely on. For packages that are crucial to the deployment workflow, I would recommend going the extra step and creating a distribution pkg from the component pkg with the proper flags set. This way you can ensure proper behavior.
Of course, if your package installer contains any form of Intel-only, not-universal binary, you should not abuse this just to skip the annoying Rosetta dialog, as it might lead to problems later. But, when the software you are installing is universal, you sould use this to tell the system which platforms your package supports.