User Tools

Site Tools


apple

Apple

Mac

Apple Software Update URL

Make a backup copy of the /Library/Preferences/com.apple.SoftwareUpdate.plist file, if it exists. On the client, open Terminal (located in the Other folder in Launchpad). Enter the following command: $ sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL URL Replace URL with the URL of the Software Update server, including the port number and the name of the catalog file for the specific version of Mac OS X.

For example, http://su.domain_name.com:8088/index.sucatalog Verify your change using the following command:

$ defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL To point the client computer back to the Apple Software Update server, use the following command:

$ sudo defaults delete /Library/Preferences/com.apple.SoftwareUpdate CatalogURL

Fix For 10.8 ASUS 10.9 Client

1) Shutdown the ASUS service

2) Backup the following files:

\ \ a) /Library/Server/Software\ Update/Config/swupd.conf

\ \ b) /Library/Server/Software\ Update/Config/swupd.plist

3) Unlock the swupd.conf file

sudo chflags nouchg /Library/Server/Software\ Update/Config/swupd.conf

4) Add the following to swupd.conf at the bottom of the <IfModule mod_rewrite.c> list

RewriteCond %{HTTP_USER_AGENT} Darwin/13

(and then this one, this is all one line of text):

RewriteRule ^/index\.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

5) Add the following to swupd.plist at the begining of the 'otherCatalogs' array

<string>index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>

6) Lock the swupd.conf by running this command:

sudo chflags uchg /Library/Server/Software\ Update/Config/swupd.conf

7) Start the ASUS service

8) You should see the 10.9 updates appear, feel free to enable/download/whatever, you're done!

References:

SUS URL Design

So far the URL scheme has been adding the latest OS X version in front of the previous, so we can assume 10.11 will be:

index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

and so on.

Resolve 'Sparsebundle Resource Temporarily Unavailable'

1) Create new sparse bundle by opening Disk Utility > File > New > Blank Disk Image…

2) Volume name: “Same name as the old sparse bundle”

3) Volume size: any size

4) Volume Format: Mac OS Extended (Journaled)

5) Encryption: none

6) Partitions: Hard disk

7) Image Format: sparse bundle disk image

8) Right click the 'broken' image and click Show Contents

9) Copy the token, Info.bckup, and Info.plist to a folder to back them up and then delete them from the image

10) Right click the new image and click Show Contents

11) Copy the token, Info.bckup, and Info.plist from the new image to the broken image

12) Try to open the broken image (it should fail again)

13) Right click the 'broken' image and click Show Contents

14) Copy the backed up versions of the token, Info.bckup, and Info.plist files back into the broken image

15) Open the broken image and it should, hopefully, be fixed now (it worked for me.)

References:

Renewing Profile Manager's code signing certificate

Prep

1) Open Keychain Access

2) Find your certificate by searching for “code”

3) Get info on the certificate

4) Copy the Subject Name - Common Name ($subjectName below)

5) Copy the Issuer Name - Common Name ($issuerName below)

6) Copy the Serial Number

7) Open Calculator → View → Programmer

8) Change the right side numbers to 10 (decimal)

9) Paste the serial number into the calculator

10) Change the calculator to hexidecimal (16)

11) Copy the hexidecimal number

12) Remove the 0x and make all characters lowercase ($hex below)

Renewing

Run the following command replacing the variables with the gathered information:

(Lion: /usr/sbin/certadmin

ML+: /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin)

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin --recreate-CA-signed-certificate "$subjectName" "$issuerName" $hex

wrapup

1) Open Server.app

2) Select Profile Manager

3) Turn off Profile Manager

4) Click “Edit…” next to “Sign configuration profiles”

5) Select the renewed certificate, click OK

6) Turn on Profile Manager

Notes

When entering the terminal commands to renew the code signing certificate make sure that the hexadecimal serial number has all lowercase letters or else it won't be able to find the certificate.

References

Installer choices via XML

1) Run the following command to get your available choices:

installer -pkg /path/to/package.pkg -showChoicesXML | grep -A 1 choiceIdentifier > grepd_choices.txt

This command should leave you with something that looks like:

<key>choiceIdentifier</key>
<string>core</string>

<key>choiceIdentifier</key>
<string>admin</string>

<key>choiceIdentifier</key>
<string>app</string>

<key>choiceIdentifier</key>
<string>launchd</string>

2) Now create an XML file to list the items you want to deselect. Something like ~/munki_desection.xml

3) Inside of this new XML file you'll want to add the <string>'s of whichever item you want to deselect inside of an <array>. It should look something like this:

<array>
	<string>admin</string>
</array>

4) Now that we've got our deselections we'll run the following command to install our app along with the applied selections:

sudo installer -applyChoiceChangesXML ~/munki_desection.xml -pkg /path/to/package.pkg -target /

References:

Invoke a kernel panic

1) Run the command:

sudo dtrace -w -n "BEGIN{ panic();}"

References:

Getting The Adobe Flash Installer

(The stupid way)

1) Download Adobe's stupid Flash “”“installer”“”

2) Start running the installer in a VM

3) Once the download completes force quit the installer

4) Unmount the Flash Player at '/Volumes/Flash Player'

5) Go to /private/var/run/Adobe/*

6) Mount installflashplayer_osx.dmg

7) Go to '/Volumes/Flash Player/Install Adobe Flash Player/Contents/Resources'

8) Copy out the 'Adobe Flash Player.pkg' file; we can install like a real program now.

Adding users to Profile Manager

Command Line

1) Download the Trust Profile

\ \ i) Once logged into Profile Manager click your username in the top right corner

\ \ ii) Click “Download Trust Profile”

2) Download the Enrollment Profile

\ \ i) Click “Mac Enrollment Profile” on the left sidebar

\ \ ii) In the bottom right corner click “Download”

3) Once both of these profiles are downloaded onto the target Mac run the following commands:

profiles -I -F Trust_Profile_for_*.mobileconfig
profiles -I -F *_Mac_Enrollment_Profile.mobileconfig

Both Macs should now be enrolled in Profile Manager

References:

Inviting a user to your VPP Managed Distribution in Profile Manager

(The janky way)

1) Purchase your app from the VPP store

2) Find the user in your Profile Manager and make sure their Mac is added as a device for the user

3) Under the users “About” click “Send email invitation…” and use the email tied to the Apple account, click “Send email invitation”

4) Open Server Manager → Logs → Service Log and search for the email. It should contain something close to:

queue = [{"email" => blah blah blah "URL" => "$LINK"

Copy that $LINK

5) On the end users Mac sign into the App Store

6) Open Safari and paste the link in, it'll open the Mac App Store, authenticate and accept the license

7) Back in Profile Manager the user should now be Enrolled (may take a few minutes)

8) Click that users “Apps” tab → + → check the app and click OK → Gear icon → Push VPP Apps → check the app box[s] → OK

9) Back on the end users machine open the Mac App Store → Purchases tab. The app should show up, click Install.

Rebuilding a Fusion Drive

Destruction

0) Backup everything 0.1) Verify those backups

1) Copy the “Logical Volume Group” UUID and the “Logical Volume” UUID

diskutil cs list

2) Delete the Logical Volume

sudo diskutil cs deleteVolume $logicalVolumeUUID

3) Delete the Logical Volume Group

sudo diskutil cs delete $logicalVolumeGroupUUID

Resurection

1) Find the disk IDs

diskutil list

2) Create the Logical Volume Group ($diskName being the name you give the group, escape spaces)

sudo diskutil cs create $diskName disk0 disk1s2

3) Copy the new group's UUID

4) Create the new Logical Volume

sudo diskutil cs createVolume $logicalVolumeGroupUUID jhfs+ $diskName 100%

References:

Adding programs into the privacy accessibility list

1) Get the programs client identifier:

/usr/libexec/PlistBuddy -c 'Print CFBundleIdentifier' /Applications/$app.app/Contents/Info.plist

2) Add the program to the list:

sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "REPLACE INTO access VALUES('kTCCServiceAccessibility', '$bundleID',0,1,1,NULL);"

References:

Create macOS recovery partition

1) Download the Lion Recovery Update

2) Mount the Lion Recovery Update

3) Run the following command:

pkgutil --expand /Volumes/Mac\ OS\ X\ Lion\ Recovery\ HD\ Update/RecoveryHDUpdate.pkg /tmp/RecoveryHDUpdate

4) Mount the InstallESD.dmg from the OS you want the recovery partition for

<macOS installer app>/Contents/SharedSupport/InstallESD.dmg

5) Copy the BaseSystem.dmg and BaseSystem.chunklist files:

cp /Volumes/OS\ X\ Install\ ESD/BaseSystem.dmg /path/to
cp /Volumes/OS\ X\ Install\ ESD/BaseSystem.chunklist /path/to

6) Run the following command:

/tmp/RecoveryHDUpdate/RecoveryHDUpdate.pkg/Scripts/Tools/dmtest ensureRecoveryPartition / /path/to/BaseSystem.dmg 0 0 /path/to/BaseSystem.chunklist

7) Run the following two commands to wrap up:

sudo touch /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
sudo kextcache -f -u /

Delete and Merge macOS Recovery Partition

1) Find the recovery partition number

diskutil list

2) Erase the recovery partition. NOTE: the following code is an example. Replace /dev/disk0s4 with your disk and partition.

diskutil eraseVolume HFS+ Blank /dev/disk0s4

3) Merge into your primary partition

Find the primary partition from step one. disk0s3 should be replaced with your primary disk/partition and disk0s4 should be replaced with the erased recovery partition.

diskutil mergePartitions HFS+ "Macintosh HD" disk0s3 disk0s4

FileVault

All of these steps were stolen from the magnificent Rich Trouton's epic on FileVault.

Creating Institutional Recovery Keys

1) Create a FileVault keychain

security create-filevaultmaster-keychain /path/to/fileVaultMaster.keychain

2) Unlock the keychain

security unlock-keychain /path/to/fileVaultMaster.keychain

3) Open the keychain in the Keychain Access application

4) In the fileVaultMaster keychain select the FileVault certificate

5) Click File → Export Items… and save the certificate

Enabling FileVault with an Institutional Recovery Key

1) Run the following command with the exported certificate from step 5 in Creating Institutional Recovery Keys

fdesetup enable -norecoverykey -certificate /path/to/fileVault_Recovery_Key.cer -defer /path/to/dir

Unlocking a FileVault Disk with Recovery Mode

1) Put the recovery keychain onto a flash drive

2) Reboot the mac into Recovery HD, plug in the flash drive

3) List the core storage volumes and copy the Logical Volume UUID

diskutil corestorage list

4) Unlock the FileVault Keychain

 security unlock-keychain /Volumes/DISK/fileVaultMaster.keychain

5) Unlock the FileVault encrypted disk

diskutil corestorage unlockVolume UUID -recoveryKeychain /Volumes/DISK/fileVaultMaster.keychain

Optional
You can decrypt the disk using this command:

diskutil corestorage revert UUID -recoveryKeychain /Volumes/DISK/fileVaultMaster.keychain
apple.txt · Last modified: 2017/06/20 20:59 by bryanheinz