-
Notifications
You must be signed in to change notification settings - Fork 248
/
Copy pathpkg-postinstall
executable file
·93 lines (80 loc) · 4.58 KB
/
pkg-postinstall
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/sh
USER="__USER__PLACEHOLDER__"
OSX_VERS=$(sw_vers -productVersion | awk -F "." '{print $2}')
PlistBuddy="/usr/libexec/PlistBuddy"
target_ds_node="${3}/private/var/db/dslocal/nodes/Default"
# Override the default behavior of sshd on the target volume to be not disabled
if [ "$OSX_VERS" -ge 10 ]; then
OVERRIDES_PLIST="$3/private/var/db/com.apple.xpc.launchd/disabled.plist"
$PlistBuddy -c 'Delete :com.openssh.sshd' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.openssh.sshd bool False' "$OVERRIDES_PLIST"
if [ __DISABLE_SCREEN_SHARING__ = 0 ]; then
$PlistBuddy -c 'Delete :com.apple.screensharing' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.apple.screensharing bool False' "$OVERRIDES_PLIST"
fi
else
OVERRIDES_PLIST="$3/private/var/db/launchd.db/com.apple.launchd/overrides.plist"
$PlistBuddy -c 'Delete :com.openssh.sshd' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.openssh.sshd:Disabled bool False' "$OVERRIDES_PLIST"
if [ __DISABLE_SCREEN_SHARING__ = 0 ]; then
$PlistBuddy -c 'Delete :com.apple.screensharing' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.apple.screensharing:Disabled bool False' "$OVERRIDES_PLIST"
fi
fi
# Add user to sudoers
cp "$3/etc/sudoers" "$3/etc/sudoers.orig"
echo "$USER ALL=(ALL) NOPASSWD: ALL" >> "$3/etc/sudoers"
# Add user to admin group memberships (even though GID 80 is enough for most things)
USER_GUID=$($PlistBuddy -c 'Print :generateduid:0' "$target_ds_node/users/$USER.plist")
USER_UID=$($PlistBuddy -c 'Print :uid:0' "$target_ds_node/users/$USER.plist")
$PlistBuddy -c 'Add :groupmembers: string '"$USER_GUID" "$target_ds_node/groups/admin.plist"
# Add user to SSH SACL group membership
ssh_group="${target_ds_node}/groups/com.apple.access_ssh.plist"
$PlistBuddy -c 'Add :groupmembers array' "${ssh_group}"
$PlistBuddy -c 'Add :groupmembers:0 string '"$USER_GUID"'' "${ssh_group}"
$PlistBuddy -c 'Add :users array' "${ssh_group}"
$PlistBuddy -c 'Add :users:0 string '$USER'' "${ssh_group}"
# Enable Remote Desktop and configure user with full privileges
if [ __DISABLE_REMOTE_MANAGEMENT__ = 0 ]; then
echo "enabled" > "$3/private/etc/RemoteManagement.launchd"
$PlistBuddy -c 'Add :naprivs array' "$target_ds_node/users/$USER.plist"
$PlistBuddy -c 'Add :naprivs:0 string -1073741569' "$target_ds_node/users/$USER.plist"
fi
if [ __DISABLE_SIP__ = 1 ]; then
csrutil disable
fi
# Pre-create user folder so veewee will have somewhere to scp configinfo to
mkdir -p "$3/Users/$USER/Library/Preferences"
# Suppress prompts for things relevant to at least macOS VMs
$PlistBuddy -c 'Add :DidSeeCloudSetup bool true' "$3/Users/$USER/Library/Preferences/com.apple.SetupAssistant.plist"
$PlistBuddy -c 'Add :LastSeenCloudProductVersion string 10.'"$OSX_VERS" "$3/Users/$USER/Library/Preferences/com.apple.SetupAssistant.plist"
$PlistBuddy -c 'Add :DidSeeSiriSetup bool true' "$3/Users/$USER/Library/Preferences/com.apple.SetupAssistant.plist"
$PlistBuddy -c 'Add :DidSeePrivacy bool true' "$3/Users/$USER/Library/Preferences/com.apple.SetupAssistant.plist"
$PlistBuddy -c 'Add :DidSeeAppearanceSetup bool true' "$3/Users/$USER/Library/Preferences/com.apple.SetupAssistant.plist"
# Fix ownership now that the above has made a Library folder as root
chown -R "$USER_UID":20 "$3/Users/$USER"
# Disable Diagnostics submissions prompt if 10.10
# http://macops.ca/diagnostics-prompt-yosemite
if [ "$OSX_VERS" -ge 10 ]; then
# Apple's defaults
SUBMIT_TO_APPLE=YES
SUBMIT_TO_APP_DEVELOPERS=NO
CRASHREPORTER_SUPPORT="$3/Library/Application Support/CrashReporter"
CRASHREPORTER_DIAG_PLIST="${CRASHREPORTER_SUPPORT}/DiagnosticMessagesHistory.plist"
if [ ! -d "${CRASHREPORTER_SUPPORT}" ]; then
mkdir "${CRASHREPORTER_SUPPORT}"
chmod 775 "${CRASHREPORTER_SUPPORT}"
chown root:admin "${CRASHREPORTER_SUPPORT}"
fi
for key in AutoSubmit AutoSubmitVersion ThirdPartyDataSubmit ThirdPartyDataSubmitVersion; do
$PlistBuddy -c "Delete :$key" "${CRASHREPORTER_DIAG_PLIST}" 2> /dev/null
done
$PlistBuddy -c "Add :AutoSubmit bool ${SUBMIT_TO_APPLE}" "${CRASHREPORTER_DIAG_PLIST}"
$PlistBuddy -c "Add :AutoSubmitVersion integer 4" "${CRASHREPORTER_DIAG_PLIST}"
$PlistBuddy -c "Add :ThirdPartyDataSubmit bool ${SUBMIT_TO_APP_DEVELOPERS}" "${CRASHREPORTER_DIAG_PLIST}"
$PlistBuddy -c "Add :ThirdPartyDataSubmitVersion integer 4" "${CRASHREPORTER_DIAG_PLIST}"
fi
# Disable loginwindow screensaver to save CPU cycles
$PlistBuddy -c 'Add :loginWindowIdleTime integer 0' "$3/Library/Preferences/com.apple.screensaver.plist"
# Disable the welcome screen
touch "$3/private/var/db/.AppleSetupDone"