/Library/InstallerSandboxes/.PKInstallSandboxManager not cleaned, accumulates 10-100 GB of junk

Number:rdar://FB11869882 Date Originated:
Status: Resolved:
Product: Product Version:
Classification: Reproducible:
## Context

As of macOS 12.2, I believe as part of a response to CVE-2022-22583, the Installer no longer unpacks into a temporary folder, but instead now unpacks into /Library/InstallerSandboxes/.PKInstallSandboxManager/<<UUID>>. When things go correctly, this isn’t a problem; the unpacking succeeds, the unpacked package is moved to its final destination, and the temporary folder is cleaned up.

## The Issue

Sometimes the unpacking/installation fails, for whatever reason. In that case, /Library/InstallerSandboxes/ is never cleaned up. Because that location is SIP-protected (or has some other protection that also prevents root from deleting files in it), tens of gigabytes of junk can sit around for years.

My personal laptop had three failed extractions of Xcode 13.x, totalling 13 GB of lost disk space. Those installations were from the end of 2021, which meant that the 13 GB of junk had sat around for more than a year.

My colleague reports: “Oof. Mine is 41G (10% of my used disk space!), dating back before migration to my current machine which means it was carefully moved along with the machine. I’ve had many spinning installs of Xcode (on both my machines, though my desktop is old and doesn’t have SIP, so has not remnants left).”

This is also widely reported across the internet:
80 GB: https://discussions.apple.com/thread/253601509
55 GB: https://www.mac-help.com/threads/how-do-i-manage-installersandboxes.229149/
20 GB: https://discussions.apple.com/thread/251857321
9 GB: https://discussions.apple.com/thread/7019457

## Manual recovery

Because this is SIP-protected, or an equivalent, the junk from failed installations cannot be removed normally. If you boot to Recovery, mount the Data partition, and then use `rm -rf` carefully in the Recovery Terminal, the space can be recovered. This is not something that an average user should have to do, and is itself very risky.

## Conclusion

Before the introduction of that directory, the Installer unpacked into a temporary folder, which are cleaned out regularly. Even though the Installer now unpacks into /Library/InstallerSandboxes/, that location is still conceptually a temporary location and needs to have a mechanism to clean it out when unpacking of package archives fails, which is a real thing.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!