1 Over the past few months, my wife has gone through a number of
2 operating systems. The Windows XP on her elderly laptop was finally
3 overrun by viruses, and we didn't have an XP install CD, so I moved
4 her over to Ubuntu. Recent stock Ubuntu installations are not
5 particularly snappy on 300-odd MB of RAM, so after a few days I moved
6 here over to Gentoo, since I have a lot of experience running
7 stripped-down Gentoo systems on my netbook. Unfortunately, my wife's
8 not really a big supporter of the stripped-down approach, so after the
9 second 30-MB slide show started taking down Open Office, we threw in
10 the towl and went shopping for a Mac. The entry-level MacBook Pros
11 are reasonably priced (especially with my student discount), and she
12 gets another core and 10 times the memory and disk space. I, on the
13 other hand, get to work the kinks out of a Unix system so I can quash
14 it into our home network. Ready?
19 By default, there's no easy means to switch between users without
20 logging out completely. Can't have that. Go to
22 System preferences -> Accounts -> Login Options
24 and select `Name` (or whatever) for `Show fast user switching menu
25 as`. This puts a widget in the toolbar near the clock which lets you
26 switch users without closing all your running applications.
31 Sooner or later, your wife will come home and want to sit down in
32 front of her shiny new laptop. Add a second keyboard by enabling
35 System preferences -> Sharing -> Remote login
40 I recently moved the home fileserver to [[Kerberos + NFSv4|Kerberos]].
41 Luckily, OS X support for Kerberos is pretty solid, and NFSv4 support
42 is just solid enough for me to mount my shares. Copy your
43 `/etc/krb5.conf` over to `/Library/Preferences/edu.mit.Kerberos`.
45 You might have to edit it slightly, because Snow Leopard was ignoring
46 my DNS network name suggestion and using `.local`. This is probably
47 what I should have used in the first place, but it's not worth
48 reworking the home system now, so use something like
55 If your DHCP server doesn't point out your home DNS resolver, you can
58 System preferences -> Network -> AirPort -> SID -> Advanced -> DNS
60 Now `kinit` and company should work as expected, but with OS X, you're
61 not doing it right unless you're using a graphical interface, so they
62 provide `/System/Library/CoreServices/Ticket Viewer`.
64 If you want to store your password in your keychain, run
68 which will pop up a password dialog with a `Remember this password...`
69 checkbox. Find the entry in
71 /Application/Utilities/Keychain Access
73 and click on the `info` button. Under `Access Control`, it should
74 mention that access is always allowed from `kinit`. You can test this
75 from the command line by running
79 which will now grab a new TGT automatically (i.e. no password prompt).
81 For long-running NFS mounts, you might want to setup automatic ticket
82 renewal. This is a task for [launchd][], an `rc/init/cron`
83 replacement that reads service info from `plist` files
84 (`launchd.plist(5)`). There is a system-provided Kereberos renewal
87 /System/Library/LaunchAgents/com.apple.Kerberos.renew.plist
89 but it [has some issues][krenew]. Rather than patching the system
90 file, I just created my own alternative:
92 $ cat ~/Library/LaunchAgents/local.Kerberos.renew.plist
93 <?xml version="1.0" encoding="UTF-8"?>
94 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
98 <string>local.Kerberos.renew.plist</string>
100 <string>/usr/bin/kinit</string>
105 <key>ThrottleInterval</key>
106 <integer>6000</integer>
109 <key>SuccessfulExit</key>
115 Start the service with
117 $ launchctl load Library/LaunchAgents/local.Kerberos.renew.plist
119 The `Disabled` `false` setting shouild mean that the service will
120 start automatically on the next boot. Note that if your KDC goes down
121 and a renewal fails, the service will stop, and you'll have to restart
122 it once the KDC is back up.
127 Once you've got Kerberos setup, mounting an NFS file system is just:
129 $ sudo mount -t nfs -o vers=4.0alpha,sec=krb5p,intr,soft my-host:/ /Volumes/my-nfs/
131 Note that the Apple folks are still nervous about their NFSv4
132 implementation. From `mount_nfs(8)`:
134 The current NFSv4 functionality is "alpha quality" software. Some
135 basic functionality is not yet implemented. Use at your own risk.
136 Currently, the only way to enable NFSv4 is to specify the mount
141 This special option value is only temporary and will no longer be
142 necessary (or supported) once the NFSv4 functionality is ready for
143 general use ( -o vers=4 will be sufficient ).
145 I haven't noticed any glitches yet, but it might be wise to restrict
146 write access from the OS X client to less critical directories, just
147 to be on the safe side.
149 The graphical approach to configuring NFS is
151 Applications -> Utilities -> Disk Utility -> File -> NFS mounts
152 Remote NFS URL: nfs://my-host/
153 Mount location: /Volumes/my-nfs
154 Advanced Mount Parameters: vers=4.0alpha,sec=krb5p,intr,soft
156 After you do this, the mount should come up automatically on boot.
157 You can unmount the drive through the Finder sidebar, but I haven't
158 figured out how to remount it through the graphical interface.
162 seems to work fine though ;).
167 Somewhat shockingly, iTunes doesn't support [FLAC][] or [Ogg Vorbis][]
168 out of the box. To get Ogg Vorbis support, install the [Xiph
169 Quicktime Component][xiphqt]. Their `ReadMe.rtf` explains that
172 $ sudo cp -r Desktop/XiphQT-unpacked/XiphQT.component /Library/Components/
174 XiphQT gives you the ability to decode assorted xiph codecs and
175 containers, but iTunes may still need some handholding to actually
176 import the files into its library. [Fluke][] handles that for FLAC
177 files, but the code is a bit crufty. I've been cleaning it up a bit,
178 and I'll probably post my changes on the Google Code site over the
184 Once you've got codec support in place, you should configure iTunes.
185 I unchecked `Copy files to iTunes Media folder when adding to library`
188 iTunes -> Preferences -> Advanced
190 Then get iTunes to index your NFS-mounted FLAC with
192 File -> Add to library
196 $ flukeapp path/to/my/music/directory
198 Address Book and LDAP
199 ---------------------
201 You can configure Apple's [Address Book][aab] to search an LDAP
202 directory. Set up your connection with:
204 /Applications/Address Book.app
205 Address Book -> Preferences -> Accounts -> Add
209 If you're using a self-signed certificate, you'll need to add your CA
210 to the system keyring or OS X will assume a man-in-the-middle attack
211 (and give you an uninformative "Can't contact LDAP server" error).
212 Add your certificate with:
214 /Applications/Utilities/Keychain Access.app
216 /path/to/your/CA/certificate
217 Destination Keychain: System
219 After which everything should work as expected.
224 There's not much documentation online, but there is a [MS Remote
225 Desktop][rd] client available ([Microsoft page][rd-ms], [Apple
226 page][rd-a]). The package installs into
228 /Applications/Remote Desktop Connection.app
230 double-clicking on this from Finder will fire it up, and you can
231 configure it to log into your company's server, save the
232 configuration, and make a symlink for easy launching from the desktop:
234 $ ln -s ~/Documents/RDC Connections/Default.rdp ~/Desktop/WidgetsLtd.rdp
239 The above steps get everything setup for basic usage, but you'll
240 notice that we had to install a few applications by hand. This just
241 consisted of unpacking a few bundled objects onto the system, but the
242 OS will not be out checking for bug fixes and upgrades to keep our
243 installations current. I'm missing my [portage][] package manager.
244 It's ok though, there are a number of package managers designed for OS
245 X. The major players are [Fink][] ([Debian][] tools) and [MacPorts][]
246 ([FreeBSD][] tools?), but there are fringe groups supporting the DIY
247 [Homebrew][] and my personal favorite, [Gentoo Prefix][gprefix]
248 ([Gentoo][] tools). Pick your favorite. The issue with any of these
249 tools will be interfacing with the underlying OS, since you don't want
250 the OS to sneakily replace your GCC without your package manager
251 knowing about it. To deal with this, the package managers do varingly
252 complete jobs of toolchain bootstrapping to isolate their toolchain
253 from Apples [Xcode][]. Unfortunately, Xcode is not free, but if
254 you've just bought a Mac, you can probably afford the $4.99 it costs
255 for 9.3 GB of installed tools ;).
257 Bootstrap your Gentoo Prefix following the [MacOS docs][gp-mac]:
259 $ export EPREFIX="$HOME/Gentoo"
260 $ export PATH="$EPREFIX/usr/bin:$EPREFIX/bin:$EPREFIX/tmp/usr/bin:$EPREFIX/tmp/bin:$PATH"
261 $ export CHOST="x86_64-apple-darwin10"
262 $ curl 'http://overlays.gentoo.org/proj/alt/browser/trunk/prefix-overlay/scripts/bootstrap-prefix.sh?format=txt' > bootstrap-prefix.sh
263 $ chmod 755 bootstrap-prefix.sh
264 $ ./bootstrap-prefix.sh $EPREFIX tree
265 $ ./bootstrap-prefix.sh $EPREFIX/tmp make
266 $ ./bootstrap-prefix.sh $EPREFIX/tmp wget
267 $ ./bootstrap-prefix.sh $EPREFIX/tmp sed
268 $ ./bootstrap-prefix.sh $EPREFIX/tmp python
269 $ ./bootstrap-prefix.sh $EPREFIX/tmp coreutils6
270 $ ./bootstrap-prefix.sh $EPREFIX/tmp findutils
271 $ ./bootstrap-prefix.sh $EPREFIX/tmp tar15
272 $ ./bootstrap-prefix.sh $EPREFIX/tmp patch9
273 $ ./bootstrap-prefix.sh $EPREFIX/tmp grep
274 $ ./bootstrap-prefix.sh $EPREFIX/tmp gawk
275 $ ./bootstrap-prefix.sh $EPREFIX/tmp bash
276 $ ./bootstrap-prefix.sh $EPREFIX portage
278 $ emerge --oneshot sed
279 $ emerge --oneshot --nodeps bash
280 $ emerge --oneshot pax-utils
281 $ emerge --oneshot --nodeps wget
282 $ emerge --oneshot --nodeps baselayout-prefix
283 $ emerge --oneshot --nodeps xz-utils
284 $ emerge --oneshot --nodeps m4
285 $ emerge --oneshot --nodeps flex
286 $ emerge --oneshot --nodeps bison
287 $ emerge --oneshot --nodeps binutils-config
289 Now check `gcc --version` to see which version of [GCC][] Xcode
290 installed. If it's not 4.2.1, check the bootstrap docs.
292 $ emerge --oneshot --nodeps binutils-apple
293 $ emerge --oneshot --nodeps gcc-config
294 $ emerge --oneshot --nodeps gcc-apple
295 $ emerge --oneshot coreutils
296 $ emerge --oneshot findutils
297 $ emerge --oneshot tar
298 $ emerge --oneshot grep
299 $ emerge --oneshot patch
300 $ emerge --oneshot gawk
301 $ emerge --oneshot make
302 $ emerge --oneshot --nodeps file
303 $ emerge --oneshot --nodeps eselect
304 $ FEATURES="-collision-protect" emerge --oneshot portage
305 $ rm -rf $EPREFIX/tmp/*
308 $ USE=-git emerge -u @system
309 $ echo 'USE="unicode nls"' >> $EPREFIX/etc/make.conf
310 $ echo 'CFLAGS="-O2 -pipe <my-cpu-flags>"' >> $EPREFIX/etc/make.conf
311 $ echo 'CXXFLAGS="${CFLAGS}"' >> $EPREFIX/etc/make.conf
313 $ cd $EPREFIX/usr/portage/scripts
314 $ ./bootstrap-prefix.sh $EPREFIX startscript
315 $ cp $EPREFIX/startscript ~/
317 Then run `startscript` whenever you want to start a shell from the
318 Prefix with appropriate path and environmental variables. Use this
319 shell for future `emerge` calls.
321 Bootstrapping is not the most fun procedure in the world, but once
322 it's done, you don't have to worry about it ever again. All your open
323 source packages can then be easily maintained with a mature package
324 manager, which will certainly save you some time later on.
326 Unfortunately, there are not as many open source devs running OS X as
327 there are running GNU/Linux, so it may take a bit of leg work to get
328 oddball packages into your package manager's repository. I've
329 published my [[Gentoo Prefix overlay]] with assorted tools I used to
330 troubleshoot Fluke; take a look if you like [[Python]] ;).
335 OS X is certaily different from the GNU/Linux systems I've worked with
336 to date. For example, the file system is all shuffled around, and
337 it's built on [HFS+][], which stores metadata and resource forks for
338 each file. There are also [aliases][] (fancy symlink), bundles apps,
339 etc. For an old-but-useful introduction to the OS from a Linux
340 perspective, check out Amit Singh's 2003 [What is Mac OS X][wmox].
342 [launchd]: http://www.afp548.com/article.php?story=20050620071558293
343 [krenew]: http://linsec.ca/Using_Kerberos_5_for_Single_Sign-On_Authentication#Setting_up_a_Mac_OS_X_Client
344 [FLAC]: http://flac.sourceforge.net/
345 [Ogg Vorbis]: http://www.vorbis.com/
346 [xiphqt]: https://www.xiph.org/quicktime/download.html
347 [Fluke]: https://code.google.com/p/flukeformac/
348 [aab]: http://support.apple.com/kb/ht2486
349 [rd]: http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
350 [rd-ms]: http://www.microsoft.com/mac/remote-desktop-client
351 [rd-a]: http://www.apple.com/downloads/macosx/networking_security/remotedesktopconnectionclient.html
352 [portage]: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=1
353 [Fink]: http://www.finkproject.org/
354 [Debian]: http://www.debian.org/
355 [MacPorts]: http://www.macports.org/
356 [FreeBSD]: http://www.freebsd.org/
357 [Homebrew]: http://mxcl.github.com/homebrew/
358 [gprefix]: http://www.gentoo.org/proj/en/gentoo-alt/prefix/
359 [Gentoo]: http://www.gentoo.org/
360 [Xcode]: http://developer.apple.com/xcode/
361 [gp-mac]: http://www.gentoo.org/proj/en/gentoo-alt/prefix/bootstrap-macos.xml
362 [GCC]: http://gcc.gnu.org/
363 [HFS+]: http://en.wikipedia.org/wiki/HFS_Plus
364 [aliases]: http://en.wikipedia.org/wiki/Alias_%28Mac_OS%29
365 [wmox]: http://osxbook.com/book/bonus/ancient/whatismacosx/