This week, I had the pleasure of joining my first Webex meeting. Despite several pages telling me otherwise, I couldn’t find a way to join the meeting in my browser. Fine, let’s download their application. However, I didn’t get an
.app but a
.pkg—also known as an installer package.
I’m always skeptical about installer packages. Unlike
.app applications, installer packages prompt for an administrator password. Not only does this prevent non-administrators from installing the application, it also provides the package way more liberty.
That’s not always an unreasonable request. I can certainly understand why VirtualBox uses an installer package and why it requires administrator privileges. However, if I just want to join a single meeting, I shouldn’t need any of that.
Thankfully, there are ways to poke around in
.pkg files1. Sometimes, you can right-click and “Show Package Contents”, but that’s not always available and it isn’t available for my
Webex.pkg. In such cases, there’s the built-in
$ pkgutil --expand Webex.pkg pkg
pkg/Webex.pkg, I can now actually “Show Package Contents”. However, it’s mostly one big undecipherable
It’s not over yet, though.
pkgutil has another, undocumented option:
$ pkgutil --expand-full Webex.pkg pkg
Now, there’s no longer a
Payload file but a
Payload directory. Inside, there are two
Cisco Webex Meetings.app applications, one for Intel and one for Apple M1. I picked the Intel one and copied it to my Applications folder.
At last, I was able to join the meeting.
To be fair, the new Webex is better about this. When downloading directly from webex.com, you get a disk image with the typical
/Applications alias. (Although, they still make you choose between Intel and Apple M1.) I don’t know why I was offered a different Webex version.
While writing this post, I’ve stumbled over Suspicious Package. It makes this whole process way more user-friendly and can tell you many more things about (suspicious) packages. One for the toolbelt!