Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

prepare_iso disable flags #46

Merged
merged 3 commits into from
Nov 10, 2015
Merged

prepare_iso disable flags #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
89086c9
add disable flags to prepare_iso for ARD and Screen Sharing
mattieb Nov 8, 2015
895adf1
update README to document `prepare_iso.sh` flags and add VirtualBox note
mattieb Nov 8, 2015
1510da1
move ARD permission grants under the DISABLE_REMOTE_MANAGEMENT flag
mattieb Nov 9, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ This project currently only supplies a single Packer template (`template.json`),

OS X's installer cannot be bootstrapped as easily as can Linux or Windows, and so exists the [prepare_iso.sh](https://github.com/timsutton/osx-vm-templates/blob/master/prepare_iso/prepare_iso.sh) script to perform modifications to it that will allow for an automated install and ultimately allow Packer and later, Vagrant, to have SSH access.

**Note:** VirtualBox users currently have to disable Remote Management to avoid [periodic freezing](https://github.com/timsutton/osx-vm-templates/issues/43) of the VM by adding `-D DISABLE_REMOTE_MANAGEMENT` to the `prepare_iso.sh` options. See [Remote Management freezing issue](#remote-management-freezing-issue) for more information.

Run the `prepare_iso.sh` script with two arguments: the path to an `Install OS X.app` or the `InstallESD.dmg` contained within, and an output directory. Root privileges are required in order to write a new DMG with the correct file ownerships. For example, with a 10.8.4 Mountain Lion installer:

`sudo prepare_iso/prepare_iso.sh "/Applications/Install OS X Mountain Lion.app" out`
Expand All @@ -40,7 +42,7 @@ Run the `prepare_iso.sh` script with two arguments: the path to an `Install OS X
-- Done. Built image is located at out/OSX_InstallESD_10.8.4_12E55.dmg. Add this iso and its checksum to your template.
```

`prepare_iso.sh` also accepts three command line switches to modify the details of the admin user installed by the script.
`prepare_iso.sh` accepts command line switches to modify the details of the admin user installed by the script.

* `-u` modifies the name of the admin account, defaulting to `vagrant`
* `-p` modifies the password of the same account, defaulting to `vagrant`
Expand All @@ -50,6 +52,11 @@ For example:

`sudo prepare_iso/prepare_iso.sh -u admin -p password -i /path/to/image.jpg "/Applications/Install OS X Mountain Lion.app" out`

Additionally, flags can be set to disable certain default configuration options.

* `-D DISABLE_REMOTE_MANAGEMENT` disables the Remote Management service.
* `-D DISABLE_SCREEN_SHARING` disables the Screen Sharing service.

#### Clone this repository

The `prepare_iso.sh` script needs the `support` directory and its content. In other words, the easiest way to run the script is after cloning this repository.
Expand Down Expand Up @@ -118,6 +125,14 @@ VirtualBox support is thanks entirely to contributions by [Matt Behrens (@zigg)]

### Caveats

#### Remote Management freezing issue

The default `prepare_iso.sh` configuration enables Remote Management during installation, which causes the resulting virtual machine to [periodically freeze](https://github.com/timsutton/osx-vm-templates/issues/43). You can avoid enabling Remote Management when using `prepare_iso.sh` by passing `-D DISABLE_REMOTE_MANAGEMENT` this:

```
sudo prepare_iso -D DISABLE_REMOTE_MANAGEMENT "/Applications/Install OS X El Capitan.app" out
```

#### Shared folders

Oracle's support for OS X in VirtualBox is very limited, including the lack of guest tools to provide a shared folder mechanism. If using the VirtualBox provider in Vagrant, you will need to configure the shared folder that's set up by default (current folder mapped to `/vagrant`) to use either the `rsync` or `nfs` synced folder mechanisms. You can do this like any other synced folder config in your Vagrantfile:
Expand Down
30 changes: 26 additions & 4 deletions prepare_iso/prepare_iso.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@
usage() {
cat <<EOF
Usage:
$(basename "$0") [-upi] "/path/to/InstallESD.dmg" /path/to/output/directory
$(basename "$0") [-upi] "/path/to/Install OS X [Name].app" /path/to/output/directory
$(basename "$0") [-upiD] "/path/to/InstallESD.dmg" /path/to/output/directory
$(basename "$0") [-upiD] "/path/to/Install OS X [Name].app" /path/to/output/directory

Description:
Converts an OS X installer to a new image that contains components
Expand All @@ -49,6 +49,11 @@ Optional switches:
-i <path to image>
Sets the path of the avatar image for the root user, defaulting to the vagrant icon.

-D <flag>
Sets the specified flag. Valid flags are:
DISABLE_REMOTE_MANAGEMENT
DISABLE_SCREEN_SHARING

EOF
}

Expand Down Expand Up @@ -85,7 +90,11 @@ USER="vagrant"
PASSWORD="vagrant"
IMAGE_PATH="$SUPPORT_DIR/vagrant.jpg"

while getopts u:p:i: OPT; do
# Flags
DISABLE_REMOTE_MANAGEMENT=0
DISABLE_SCREEN_SHARING=0

while getopts u:p:i:D: OPT; do
case "$OPT" in
u)
USER="$OPTARG"
Expand All @@ -96,6 +105,15 @@ while getopts u:p:i: OPT; do
i)
IMAGE_PATH="$OPTARG"
;;
D)
if [ x${!OPTARG} = x0 ]; then
eval $OPTARG=1
elif [ x${!OPTARG} != x1 ]; then
msg_error "Unknown flag: ${OPTARG}"
usage
exit 1
fi
;;
\?)
usage
exit 1
Expand Down Expand Up @@ -210,7 +228,11 @@ USER_GUID=$(/usr/libexec/PlistBuddy -c 'Print :generateduid:0' "$SUPPORT_DIR/use

# postinstall script
mkdir -p "$SUPPORT_DIR/tmp/Scripts"
cat "$SUPPORT_DIR/pkg-postinstall" | sed -e "s/__USER__PLACEHOLDER__/${USER}/" > "$SUPPORT_DIR/tmp/Scripts/postinstall"
cat "$SUPPORT_DIR/pkg-postinstall" \
| sed -e "s/__USER__PLACEHOLDER__/${USER}/" \
| sed -e "s/__DISABLE_REMOTE_MANAGEMENT__/${DISABLE_REMOTE_MANAGEMENT}/" \
| sed -e "s/__DISABLE_SCREEN_SHARING__/${DISABLE_SCREEN_SHARING}/" \
> "$SUPPORT_DIR/tmp/Scripts/postinstall"
chmod a+x "$SUPPORT_DIR/tmp/Scripts/postinstall"

# build it
Expand Down
25 changes: 15 additions & 10 deletions prepare_iso/support/pkg-postinstall
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,19 @@ if [ "$OSX_VERS" -ge 10 ]; then
OVERRIDES_PLIST="$3/private/var/db/com.apple.xpc.launchd/disabled.plist"
$PlistBuddy -c 'Delete :com.openssh.sshd' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.openssh.sshd bool False' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Delete :com.apple.screensharing' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.apple.screensharing bool False' "$OVERRIDES_PLIST"
if [ __DISABLE_SCREEN_SHARING__ = 0 ]; then
$PlistBuddy -c 'Delete :com.apple.screensharing' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.apple.screensharing bool False' "$OVERRIDES_PLIST"
fi
else
OVERRIDES_PLIST="$3/private/var/db/launchd.db/com.apple.launchd/overrides.plist"
$PlistBuddy -c 'Delete :com.openssh.sshd' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.openssh.sshd:Disabled bool False' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Delete :com.apple.screensharing' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.apple.screensharing:Disabled bool False' "$OVERRIDES_PLIST"
if [ __DISABLE_SCREEN_SHARING__ = 0 ]; then
$PlistBuddy -c 'Delete :com.apple.screensharing' "$OVERRIDES_PLIST"
$PlistBuddy -c 'Add :com.apple.screensharing:Disabled bool False' "$OVERRIDES_PLIST"
fi
fi
# Placeholder for Remote Management
echo "enabled" > "$3/private/etc/RemoteManagement.launchd"

# Add user to sudoers
cp "$3/etc/sudoers" "$3/etc/sudoers.orig"
Expand All @@ -29,17 +31,20 @@ echo "$USER ALL=(ALL) NOPASSWD: ALL" >> "$3/etc/sudoers"
USER_GUID=$($PlistBuddy -c 'Print :generateduid:0' "$target_ds_node/users/$USER.plist")
USER_UID=$($PlistBuddy -c 'Print :uid:0' "$target_ds_node/users/$USER.plist")
$PlistBuddy -c 'Add :groupmembers: string '"$USER_GUID" "$target_ds_node/groups/admin.plist"

# Add user to SSH SACL group membership
ssh_group="${target_ds_node}/groups/com.apple.access_ssh.plist"
$PlistBuddy -c 'Add :groupmembers array' "${ssh_group}"
$PlistBuddy -c 'Add :groupmembers:0 string '"$USER_GUID"'' "${ssh_group}"
$PlistBuddy -c 'Add :users array' "${ssh_group}"
$PlistBuddy -c 'Add :users:0 string '$USER'' "${ssh_group}"

# Configure user with full Remote Desktop privileges
$PlistBuddy -c 'Add :naprivs array' "$target_ds_node/users/$USER.plist"
$PlistBuddy -c 'Add :naprivs:0 string -1073741569' "$target_ds_node/users/$USER.plist"

# Enable Remote Desktop and configure user with full privileges
if [ __DISABLE_REMOTE_MANAGEMENT__ = 0 ]; then
echo "enabled" > "$3/private/etc/RemoteManagement.launchd"
$PlistBuddy -c 'Add :naprivs array' "$target_ds_node/users/$USER.plist"
$PlistBuddy -c 'Add :naprivs:0 string -1073741569' "$target_ds_node/users/$USER.plist"
fi

# Pre-create user folder so veewee will have somewhere to scp configinfo to
mkdir -p "$3/Users/$USER/Library/Preferences"
Expand Down