Using pkgutil --forget in 10.11 does not work with Apple package receipts

Originator:bruienne
Number:rdar://23022827 Date Originated:10/07/2015
Status:Open Resolved:
Product:OS X Product Version:15A284
Classification:Other Bug Reproducible:Always
 
Summary

In OS X 10.11 there appears to be a regression in the functionality of pkgutil regarding deleting certain receipt database entries.


Steps to Reproduce

1. Determine that the package receipt exists in the database:
	> pkgutil --pkgs="com.apple.pkg.JavaSecurity"
	com.apple.pkg.JavaSecurity

2. With root privileges run pkgutil to remove the package receipt database entry:
	> sudo pkgutil --forget com.apple.pkg.JavaSecurity


Expected Results

The command should succeed and report that the package receipt entry was removed:

> sudo pkgutil --forget com.apple.pkg.JavaSecurity
Forgot package 'com.apple.pkg.JavaSecurity' on /'.


Actual Results

The command generates an error (Code%3D2 "No such file or directory"} and an incorrect message that the package receipt entry was removed:

> sudo pkgutil --forget com.apple.pkg.JavaSecurity
Unknown error Error Domain%3DNSCocoaErrorDomain Code%3D4 "“com.apple.pkg.JavaSecurity.bom” couldn’t be removed." UserInfo%3D{NSFilePath%3D%2Fvar%2Fdb%2Freceipts%2Fcom.apple.pkg.JavaSecurity.bom%2C NSUserStringVariant%3D(
    Remove
)%2C NSUnderlyingError%3D0x7fc989c620b0 {Error Domain%3DNSPOSIXErrorDomain Code%3D2 "No such file or directory"}}.
Forgot package 'com.apple.pkg.JavaSecurity' on '%2F'.

Despite the message that the entry was removed it is still listed when searching for its entry after supposed removal:

> pkgutil --pkgs%3D"com.apple.pkg.JavaSecurity"
com.apple.pkg.JavaSecurity


Regression

This is the current behavior for OS X 10.11 15A284 - it did not occur prior.


Notes

Important to note is that pkgutil seems to be looking at the wrong file system location for BOM and plist files related to the package receipts. Investigation shows that the location for Apple-provided package receipts appears to have changed in 10.11 as they are now all found in /System/Library/Receipts - a location protect by SIP - ostensibly by design. The error message shown by pkgutil should reflect the fact that receipts for Apple packages cannot be removed or it should be pointed at the correct filesystem location for them if it in fact the intended behavior is that it should be able to remove them under SIP protection.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!