TweetFollow Us on Twitter

MacEnterprise: Command Line Goodies

Volume Number: 24 (2008)
Issue Number: 01
Column Tag: MacEnterprise

MacEnterprise: Command Line Goodies

New command line tools in Leopard

By Philip Rinehart, Yale University

More Tools for the Toolbox

Following last month's article, let's look at some of the more interesting command line tools that have appeared. The first tool, pkgutil allows manipulation of the package database. Last month I also talked about the addition of dtrace. New to Leopard, major parts of the Dtrace ToolKit by Brendan Gregg have been added. Some of them can prove quite useful in diagnosing and troubleshooting particularly thorny problems.

pkgutil

A new command line utility has been added to Leopard, pkgutil. What does it do? From the man page, "pkgutil reads and manipulates the Installer's receipt database and flat packages." A database? That's new to Leopard. Let's look at where it is located. Change to /Library/Receipts/db. This database contains a record of all packages installed. Let's look at some of the basic options.

Forget. This option discards all the receipt data associated with an installed package. However, it only forgets the information, it does not touch the installed files. If you want to reinstall a package, this option is very useful, as the files will be overwritten and reinstalled. It won't be an upgrade; it will be a full reinstall.

Unlink. This option removes any files associated with a package. Be careful when using this option though, as it does no dependency checking and will not remove any directories that are contained within the package. However, if a package is only files, this command is quite useful.

Pkgs. All packages known on the system are listed. Here's why this option is important. Look at the Receipts directory, and then run the command pkgutil -pkgs. Take close look. Note that if the 10.5.1 update has been installed, there is no pkg receipt. It is only contained within the pkgutil database.

Repair. This option will run repair packages to repair the specified package identifier. Note however, that this option only repairs packages if they are known to the repair_packages utility found in /usr/libexec. Let's look at this a little more in depth.

repair_packages will repair packages with that are recorded in the standard package list. Here's how to check the list, open /usr/libexec, and run

   repair_packages -list-standard-pkgs

Here's what is returned on my system:

System packages on '/':
   com.apple.pkg.BaseSystem
   com.apple.pkg.Essentials
   com.apple.pkg.BootCamp
   com.apple.pkg.BSD
   com.apple.pkg.iPodSupport
   com.apple.pkg.PodcastCapture
   com.apple.pkg.Directory
   com.apple.pkg.JavaToolsLeo
   com.apple.pkg.AdditionalEssentials
   com.apple.pkg.AdditionalSpeechVoices
   com.apple.pkg.AsianLanguagesSupport
   com.apple.pkg.MediaFiles
   com.apple.pkg.MigrationAssistant
   com.apple.pkg.Mail
   com.apple.pkg.AddressBook
   com.apple.pkg.iCal
   com.apple.pkg.Automator
   com.apple.pkg.DVDPlayer
   com.apple.pkg.iTunes
   com.apple.pkg.iChat
   com.apple.pkg.Java
   com.apple.pkg.Safari
   com.apple.pkg.OxfordDictionaries
   com.apple.pkg.X11User
   com.apple.pkg.ACL
   com.apple.pkg.VersionedDeveloperToolsSystemSupportLeo
   com.apple.pkg.DistributedBuildsSupportLeo
   com.apple.pkg.DeveloperToolsSystemSupportLeo
   com.apple.pkg.gcc4.0Leo
   com.apple.pkg.DeveloperToolsCLILeo
   com.apple.pkg.DevSDKLeo
   com.apple.pkg.X11SDKLeo
   com.apple.pkg.QuickTimeSDKLeo
   com.apple.pkg.OpenGLSDKLeo
   com.apple.pkg.WebKitSDKLeo
   com.apple.pkg.FireWireSDKLeo
   com.apple.pkg.BluetoothSDKLeo
   com.apple.pkg.CoreAudioSDKLeo
   com.apple.pkg.JavaSDKLeo
   com.apple.pkg.X11DocumentationLeo
   com.apple.pkg.ServerSetup
   com.apple.pkg.ServerAdminTools
   com.apple.pkg.update.os.10.5.1

Note all the packages, these are the only packages that are checked when verifying permissions. Packages can be added, but at this time, this command appears to only accept those that are known by the receipts database. One last thing, the repair_packages command allows individual verification of packages. Here's how:

   /usr/libexec/repair_packages -verify -pkg com.apple.pkg.ServerSetup

Imagine using Apple Remote Desktop to verify or repair permissions on any number of packages! That about sums up the power of pkgutil and repair_permissions. I've not gone into all of the options, but there are a number of additional options to pkgutil whichpkgutil, which could be used. Read the man page and have fun!

DTRACe and friends

Dtrace is quite powerful, but who has time to learn a new programming language? I don't,. that's for sure! Here's where some of the newly included programs can be explored and used when troubleshooting problems.

Snoop commands

Four "snooping" commands have been added, execsnoop, iosnoop, rwsnoop and opensnoop. I'll look at rwsnoop first. This command will observe reads and writes at the application level. It is really very verbose, and lists each and every read/write operation. It is also hooked in at the kernel level, so it is quite accurate. It's very simple to use to monitor a specific application. First, get the process id (PID), and then use the -p option. As an example, to monitor all Mail.app activity:

   rwsnoop -p PID

This command monitors any read/write activity for the Mail.app application. Of course, one does not need to specify a particular application, but it is far more useful to only monitor one.

Input output monitoring

Three commands are included to track disk input/output, iotop, iopending, and iopattern. The one I like here is iotop. When troubleshooting a slow system, iotop presents a listing much like the unixUNIXnix top command. On a sluggish system, one could track the drive activity to determine what was slowing a system down.

Included scripts written in d

Lastly, many new commands have been included in Leopard, all written in d, the dtrace programming language. They are all located in /usr/bin. A couple of commands are particularly interesting. The first is creatbyproc.d. Run it in the following way:

   dtrace -s creatbyproc.d

Note the output. It tracks files as they are created by process id. Let's look at another useful d script, filebyproc.d. This command will track files by process. How about yet another? Pathopens.d tracks files by the path, and the count. Here's what the output might look like:

 COUNT PATHNAME
     1 Leopard/.
     2 /dev/dtracehelper
     2 /dev/urandom
     2 /usr/share/locale/en_US.UTF-8/LC_COLLATE
     2 /usr/share/locale/en_US.UTF-8/LC_CTYPE
     2 /usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES
     2 /usr/share/locale/en_US.UTF-8/LC_MONETARY
     2 /usr/share/locale/en_US.UTF-8/LC_NUMERIC
     2 /usr/share/locale/en_US.UTF-8/LC_TIME
    24 /dev/

Open /usr/bin and explore some of the other d scripts. While not all of the dscripts are there, most are.

One last thing, Brendan Gregg has provided a whole range of one-liners, most of which work on Leopard. Here's their location: http://www.brendangregg.com/DTrace/dtrace_oneliners.txt. Troubleshooting problems with these tools is now so much easier. I've already solved some problems I previously couldn't seem to solve.

Well, that's about it for this month. Play with these new command line tools, as they really increase the arsenal available to any Macintosh system administrator. Until next month, I'll see you on the lists!


Philip Rinehart is co-chair of the steering committee leading the Mac OS X Enterprise Project (macenterprise.org) and is the Lead Mac Analyst at Yale University. He has been using Macintosh Computers since the days of the Macintosh SE, and Mac OS X since its Developer Preview Release. Before coming to Yale, he worked as a Unix system administrator for a dot-com company. He can be reached at: philip.rinehart@yale.edu.

The MacEnterprise project is a community of IT professionals sharing information and solutions to support Macs in an enterprise. We collaborate on the deployment, management, and integration of Mac OS X client and server computers into multi-platform computing environments.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Latest Forum Discussions

See All

Six fantastic ways to spend National Vid...
As if anyone needed an excuse to play games today, I am about to give you one: it is National Video Games Day. A day for us to play games, like we no doubt do every day. Let’s not look a gift horse in the mouth. Instead, feast your eyes on this... | Read more »
Old School RuneScape players turn out in...
The sheer leap in technological advancements in our lifetime has been mind-blowing. We went from Commodore 64s to VR glasses in what feels like a heartbeat, but more importantly, the internet. It can be a dark mess, but it also brought hundreds of... | Read more »
Today's Best Mobile Game Discounts...
Every day, we pick out a curated list of the best mobile discounts on the App Store and post them here. This list won't be comprehensive, but it every game on it is recommended. Feel free to check out the coverage we did on them in the links below... | Read more »
Nintendo and The Pokémon Company's...
Unless you have been living under a rock, you know that Nintendo has been locked in an epic battle with Pocketpair, creator of the obvious Pokémon rip-off Palworld. Nintendo often resorts to legal retaliation at the drop of a hat, but it seems this... | Read more »
Apple exclusive mobile games don’t make...
If you are a gamer on phones, no doubt you have been as distressed as I am on one huge sticking point: exclusivity. For years, Xbox and PlayStation have done battle, and before this was the Sega Genesis and the Nintendo NES. On console, it makes... | Read more »
Regionally exclusive events make no sens...
Last week, over on our sister site AppSpy, I babbled excitedly about the Pokémon GO Safari Days event. You can get nine Eevees with an explorer hat per day. Or, can you? Specifically, you, reader. Do you have the time or funds to possibly fly for... | Read more »
As Jon Bellamy defends his choice to can...
Back in March, Jagex announced the appointment of a new CEO, Jon Bellamy. Mr Bellamy then decided to almost immediately paint a huge target on his back by cancelling the Runescapes Pride event. This led to widespread condemnation about his perceived... | Read more »
Marvel Contest of Champions adds two mor...
When I saw the latest two Marvel Contest of Champions characters, I scoffed. Mr Knight and Silver Samurai, thought I, they are running out of good choices. Then I realised no, I was being far too cynical. This is one of the things that games do best... | Read more »
Grass is green, and water is wet: Pokémo...
It must be a day that ends in Y, because Pokémon Trading Card Game Pocket has kicked off its Zoroark Drop Event. Here you can get a promo version of another card, and look forward to the next Wonder Pick Event and the next Mass Outbreak that will be... | Read more »
Enter the Gungeon review
It took me a minute to get around to reviewing this game for a couple of very good reasons. The first is that Enter the Gungeon's style of roguelike bullet-hell action is teetering on the edge of being straight-up malicious, which made getting... | Read more »

Price Scanner via MacPrices.net

Take $150 off every Apple 11-inch M3 iPad Air
Amazon is offering a $150 discount on 11-inch M3 WiFi iPad Airs right now. Shipping is free: – 11″ 128GB M3 WiFi iPad Air: $449, $150 off – 11″ 256GB M3 WiFi iPad Air: $549, $150 off – 11″ 512GB M3... Read more
Apple iPad minis back on sale for $100 off MS...
Amazon is offering $100 discounts (up to 20% off) on Apple’s newest 2024 WiFi iPad minis, each with free shipping. These are the lowest prices available for new minis among the Apple retailers we... Read more
Apple’s 16-inch M4 Max MacBook Pros are on sa...
Amazon has 16-inch M4 Max MacBook Pros (Silver and Black colors) on sale for up to $410 off Apple’s MSRP right now. Shipping is free. Be sure to select Amazon as the seller, rather than a third-party... Read more
Red Pocket Mobile is offering a $150 rebate o...
Red Pocket Mobile has new Apple iPhone 17’s on sale for $150 off MSRP when you switch and open up a new line of service. Red Pocket Mobile is a nationwide MVNO using all the major wireless carrier... Read more
Switch to Verizon, and get any iPhone 16 for...
With yesterday’s introduction of the new iPhone 17 models, Verizon responded by running “on us” promos across much of the iPhone 16 lineup: iPhone 16 and 16 Plus show as $0/mo for 36 months with bill... Read more
Here is a summary of the new features in Appl...
Apple’s September 2025 event introduced major updates across its most popular product lines, focusing on health, performance, and design breakthroughs. The AirPods Pro 3 now feature best-in-class... Read more
Apple’s Smartphone Lineup Could Use A Touch o...
COMMENTARY – Whatever happened to the old adage, “less is more”? Apple’s smartphone lineup. — which is due for its annual refresh either this month or next (possibly at an Apple Event on September 9... Read more
Take $50 off every 11th-generation A16 WiFi i...
Amazon has Apple’s 11th-generation A16 WiFi iPads in stock on sale for $50 off MSRP right now. Shipping is free: – 11″ 11th-generation 128GB WiFi iPads: $299 $50 off MSRP – 11″ 11th-generation 256GB... Read more
Sunday Sale: 14-inch M4 MacBook Pros for up t...
Don’t pay full price! Amazon has Apple’s 14-inch M4 MacBook Pros (Silver and Black colors) on sale for up to $220 off MSRP right now. Shipping is free. Be sure to select Amazon as the seller, rather... Read more
Mac mini with M4 Pro CPU back on sale for $12...
B&H Photo has Apple’s Mac mini with the M4 Pro CPU back on sale for $1259, $140 off MSRP. B&H offers free 1-2 day shipping to most US addresses: – Mac mini M4 Pro CPU (24GB/512GB): $1259, $... Read more

Jobs Board

All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.