How to extract contents from 'Payload' file in a apple macOS update package?

There is an undocumented option to pkgutil, --expand-full, which uses the same syntax as pkgutil --expand.

pkgutil --expand-full [pkg] [dir]

This will completely "unarchive" a pkg or mpkg file.

LEGO: What once was a great and inspiring toy company has turned into an uninspiring mess run by lawyers. It's really sad to see, but it can't be ignored: Weitere juristische Schritte gegen Steingemachtes stoßen Spendenaktion an

It doesn't exactly make you wonder why this isn't documented:

bash-3.2# csrutil enable --without kext
csrutil: requesting an unsupported configuration. This is likely to break in the
 future and leave your machine in an unknown state.

Stumbled across this when I tried to understand why a certain kext wouldn't load, producing a very curious error message

Booting Windows 10 from external media on a new MacBook Pro isn't as easy as it used to be, but IT CAN BE DONE! :-)

The Mac will only boot via EFI, hence the Windows 10 disk has to be formatted as GPT . When looking for a tool to convert a Windows installation from MBR to GPT I stumbled across several dubious looking 3rd party tools at first. After a while I realized that Windows 10 already ships with a tool that does the job - MBR2GPT.exe. This took a while but did work.

However, the Mac won't boot Windows directly - it has to be blessed (!) first.

In order to bless the Windows installation you have to boot the Mac into Recovery (!), then open a terminal and cast the secret spells:

csrutil disable
bless -mount /Volumes/BOOTCAMP -setBoot
csrutil enable

Not too obvious I guess.

When my old MacBook Pro Late 2013 broke down due to a broken battery, I received a newer, used MacBook Pro 2018 from Carsten. I used my last TimeMachine Backup to automatically setup the new machine which took quite a while but otherwise did work as expected.

However, the APFS Preboot won't be setup automatically which you don't necessarily realize instantly. But as soon as you want to change the "Startup Security" for booting i.e. from external media, you're confronted with a slightly confusing dialogue:

Luckily, this can be solved: "No administrator was found" in Startup Security Utility

znek@optimist:(~)$ sysadminctl -secureTokenStatus znek
2020-06-26 14:49:32.994 sysadminctl[923:13224] Secure token is DISABLED for user znek
znek@optimist:(~)$ sysadminctl interactive -secureTokenOn znek -password -
Enter password for znek :
2020-06-26 15:06:10.405 sysadminctl[959:16991] - Done!
znek@optimist:(~)$ sysadminctl -secureTokenStatus znek
2020-06-26 15:06:19.678 sysadminctl[985:17337] Secure token is ENABLED for user znek
znek@optimist:(~)$ diskutil apfs updatePreboot /
Started APFS operation
UpdatePreboot: Commencing operation to update the Preboot Volume for Target Volume disk1s1 Optimist
UpdatePreboot: The Target Volume's OpenDirectory (non-special kind) user count is 1 and the Recovery (any of 3 kinds) user count is 0
UpdatePreboot: There are OpenDirectory user(s) but no Recovery user(s)
UpdatePreboot: The above is an abort condition for some purposes but not UpdatePreboot; continuing
UpdatePreboot: No custom Open Directory path given
UpdatePreboot: Using GivenVolumeMountPointOrNilIfNotMounted for the MacOSSearchPath
UpdatePreboot: Using MacOSSearchPath's child dslocal path for the OpenDirectorySearchPath
UpdatePreboot: MacOS Search Path = (nil=NotMounted) = /
UpdatePreboot: Open Directory Database Search Path = (nil=MacOSSearchPathNotMounted) = /var/db/dslocal/nodes/Default
UpdatePreboot: Preserve EncryptedRootPList When No-OD = 0
UpdatePreboot: Successfully opened Open Directory database; setting AuthODNodeOrNil accordingly
UpdatePreboot: Mounting and ensuring as mounted the related Preboot Volume
UpdatePreboot: Preboot Volume = disk1s2 Preboot
UpdatePreboot: Taking mount hold on Preboot Volume
UpdatePreboot: Preboot Volume Target Directory = /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6
UpdatePreboot: Considering APFS Crypto User 0E49C3F6-AF8E-41A5-B01A-0A9FBC91F27F
UpdatePreboot: Defaulting and requiring that this be an Open Directory User
UpdatePreboot: Treating this APFS Crypto User to be, and requiring to match, an Open Directory User
UpdatePreboot: Correlated APFS Volume Crypto User with Open Directory User 0E49C3F6-AF8E-41A5-B01A-0A9FBC91F27F aka "znek"
UpdatePreboot: Reading JPEG user picture of length 8166 from Open Directory database
UpdatePreboot: All required data for this Open Directory user has been obtained
UpdatePreboot: Parameters for EFILoginUserGraphics count=1 "unlockOptions"="2"
UpdatePreboot: Before rendering EFILoginUserGraphics user (graphics/audio) resources Name=znek PictureSize=(NoneIsOK)=8166 HintOptional=(null)
UpdatePreboot: After rendering EFILoginUserGraphics DataObj=(NullIsError)=0x7fce43e0dd00 DataLen=1260626
UpdatePreboot: Before rendering EFILoginUserNamesData resources UserArrayCount=3
UpdatePreboot: After rendering EFILoginUserNamesData DataObj=(NullMeansWeWillSkip)=0x7fce43e0c800 ItemCount=3
UpdatePreboot: Successfully added a macOS OD User to the building dictionary
UpdatePreboot: Processed APFS Volume Crypto User 0E49C3F6-AF8E-41A5-B01A-0A9FBC91F27F
UpdatePreboot: Error for this processed user was 0
UpdatePreboot: Error among all processed users was 0
UpdatePreboot: The Encrypted Root PList File content is ready
UpdatePreboot: Not encrypting the Encrypted Root PList File content
UpdatePreboot: Encrypted Root PList File to be created path will or would be /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EncryptedRoot.plist.wipekey
UpdatePreboot: Proceeding to write Encrypted Root PList, creating a path as necessary
UpdatePreboot: Successfully wrote Encrypted Root PList File
UpdatePreboot: DiskManagement Info PList File path will be /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/var/db/CryptoUserInfo.plist
UpdatePreboot: Successfully wrote DiskManagement Info PList File
UpdatePreboot: Checking for existence of Static EFI Resources directory /usr/standalone/i386/EfiLoginUI
UpdatePreboot: Before copying contents of directory of Static EFI Resources at /usr/standalone/i386/EfiLoginUI into directory /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/usr/standalone/i386
UpdatePreboot: After copying error=(ZeroMeansSuccess)=0
UpdatePreboot: Looking for locale list on macOS on Target Volume
UpdatePreboot: Locale list item count is 5
UpdatePreboot: Before rendering EFILoginInterfaceGraphics global localized resources
UpdatePreboot: After rendering EFILoginInterfaceGraphics FileNamesAndDataObj=(NullIsError)=0x7fce45108990 ItemCount=11
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/loginui.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/flag_picker.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/preferences.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/battery.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/appleLogo.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/sound.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/unknown_userUI.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/disk_passwordUI.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/guest_userUI.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/Lucida13.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/Lucida13White.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Generating AdminUserList for Recovery purposes
UpdatePreboot: Considering admin user FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
UpdatePreboot: Considering admin user 0E49C3F6-AF8E-41A5-B01A-0A9FBC91F27F
UpdatePreboot: Error among all processed admin users was 0
UpdatePreboot: Writing Admin User Info File to path /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/var/db/AdminUserRecoveryInfo.plist
UpdatePreboot: Successfully wrote Admin User Info File
UpdatePreboot: Checking for existence of Secure Access Token file /var/db/dslocal/nodes/Default/secureaccesstoken.plist
UpdatePreboot: Before copying Secure Access Token file /var/db/dslocal/nodes/Default/secureaccesstoken.plist into directory /Volumes/Preboot/1ED6B083-A941-46B2-B3B1-4635AC4999C6/var/db
UpdatePreboot: After copying error=(ZeroMeansSuccess)=0
UpdatePreboot: Releasing mount hold on Preboot Volume
UpdatePreboot: Unmounting Preboot Volume
UpdatePreboot: Did unmount Preboot Volume err=(ignored)=0
UpdatePreboot: Doing memory releases
UpdatePreboot: Exiting Update Preboot operation with overall error=(ZeroMeansSuccess)=0
Finished APFS operation
znek@optimist:(~)$