MacOS/Braindumps
64-bit Support
Check if 64-bit is even supported on your Mac:
$ ioreg -l -p IODeviceTree | grep firmware-abi | | "firmware-abi" = <"EFI64">
Check if 64-bit is currently enabled:
$ system_profiler -detailLevel mini | grep 64-bit 64-bit Kernel and Extensions: No
Enable 64-bit permanently:
$ sudo vi /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
[...]
<dict>
<key>Kernel</key>
<string>mach_kernel</string>
<key>Kernel Flags</key>
<string>arch=x86_64</string>
</dict>
Enable 64-bit permanently by modifying the PRAM:
$ sudo nvram boot-args="arch=x86_64"
Enable 64-bit permanently via systemsetup(8):
$ sudo systemsetup -setkernelbootarchitecture x86_64
- Booting into 64-bit mode (Snow Leopard)
- Mac OS X v10.6: Starting up with the 32-bit or 64-bit kernel
CDROM checksum
An inserted CDROM looks something like this:
$ diskutil list disk2 /dev/disk2 #: TYPE NAME SIZE IDENTIFIER 0: CD_partition_scheme *761.9 MB disk2 1: Apple_partition_scheme 663.5 MB disk2s1 2: Apple_partition_map 1.0 KB disk2s1s1 3: Apple_HFS Foo 663.1 MB disk2s1s2
To access of the data part of this CD, use {r,}disk2s1. In order to calculate the checksum, something like this would do:
$ openssl sha512 /dev/disk2s1 SHA512(/dev/disk2s1)= a12ba91d1cb4115cd10e[...]
This checksum should be the same as the image used to create this CDROM.
DYLD_LIBRARY_PATH
Under MacOS X, it's DYLD_LIBRARY_PATH instead of LD_LIBRARY_PATH[1]:
$ /opt/pacparser/bin/pactester dyld: Library not loaded: /usr/lib/libpacparser.1.dylib Referenced from: /opt/pacparser/bin/pactester Reason: image not found Trace/BPT trap: 5 $ otool -L /opt/pacparser/bin/pactester /opt/pacparser/bin/pactester: /usr/lib/libpacparser.1.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 159.1.0) $ DYLD_LIBRARY_PATH=/opt/pacparser/lib /opt/pacparser/bin/pactester -v 1.3.1-3-g9e32686
Firewall
Disable the Application Layer Firewall (ALF):
defaults write /Library/Preferences/com.apple.alf globalstate -int 0 # Enable with "1"
Now restart ALF:
launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist
Import .ogg into iTunes
According to the internet[2], this should be possible:
- Close iTunes
- Download & install the Xiph QuickTime Components
- Open iTunes
...and then it should "just work". Unfortunately, these components have been abandoned, current (2013) installations if iTunes may not work with this package and continue to fail to import/play .ogg files :-\
Keyboard shortcuts
- Alt-Tab not working as expected? Try Apple-Tab to switch through applications and Apple-` to switch through windows.
- To generate a screenshot, press Apple-Shift-3 (or -4 to choose a certain area). The screenshot can be usually found on your ~/Desktop, last I tried it generated a .tiff image :-\
- Break into OpenFirmware when booting: press Apple-O-F
- Boot into Single-User mode when booting: press Apple-S
- Boot from CDROM when booting: just press C
Malware checker
Mac OS X v10.6 Snow Leopard and later checks for malware, and stores visited URLs in an SQLite database. The database is located under:
$ DB=~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
Example queries go like this:
sqlite3 $DB "select LSQuarantineDataURLString from LSQuarantineEvent"
sqlite3 $DB "select LSQuarantineAgentName, LSQuarantineDataURLString, \ date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate \ from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep '|' --color
The schema
$ sqlite3 $DB ".schema LSQuarantineEvent" CREATE TABLE LSQuarantineEvent ( LSQuarantineEventIdentifier TEXT PRIMARY KEY NOT NULL, \ LSQuarantineTimeStamp REAL, LSQuarantineAgentBundleIdentifier TEXT, \ LSQuarantineAgentName TEXT, LSQuarantineDataURLString TEXT, LSQuarantineSenderName TEXT, \ LSQuarantineSenderAddress TEXT, LSQuarantineTypeNumber INTEGER, LSQuarantineOriginTitle TEXT, \ LSQuarantineOriginURLString TEXT, LSQuarantineOriginAlias BLOB ); CREATE INDEX LSQuarantineEventIndex ON LSQuarantineEvent ( LSQuarantineEventIdentifier );
Deleting all records from the database:
sqlite3 $DB "delete from LSQuarantineEvent" sqlite3 $DB "vacuum"
- Hey Mac – I don’t appreciate you spying on me! (Hidden Downloads Log in OS X)
- Show Download History List of All Files Ever Downloaded Within Mac OS X
- Mac Quarantine Event Database
- Mac OS X's 'QuarantineEvents' keeps a log of all your downloads
Memory
Memory usage in MacOS X:[3]
$ top -l 1 -ncols 10 -u -n 5 Processes: 104 total, 3 running, 101 sleeping, 603 threads 2015/10/18 06:45:48 Load Avg: 0.00, 0.03, 0.00 CPU usage: 4.0% user, 24.0% sys, 72.0% idle SharedLibs: 3076K resident, 4700K data, 0B linkedit. MemRegions: 21778 total, 1211M resident, 15M private, 105M shared. PhysMem: 314M wired, 1132M active, 500M inactive, 1946M used, 99M free. VM: 241G vsize, 1039M framework vsize, 528377(0) pageins, 139918(0) pageouts. Networks: packets: 32360004/10G in, 28534578/9332M out. Disks: 13866258/105G read, 18379279/376G written. PID COMMAND %CPU TIME #TH #WQ #PORTS #MREGS RPRVT RSHRD 87- hwmond 0.0 18:43:04 4/1 1 93+ 122+ 58M+ 644K+ 18411 firefox 0.0 10:45:29 36 1 252+ 8105+ 176M+ 50M+ 77 servermgrd 0.0 08:10:46 6 2 109+ 275+ 18M+ 13M+ 0 kernel_task 0.0 06:26:26 60/5 0 2+ 1096+ 20M+ 0B 1 launchd 0.0 04:56:41 3 0 136+ 64+ 892K+ 476K+
- Wired - Memory in RAM that cannot be swapped out
- Active - Memory in RAM that has recently been used.
- Inactive - Memory in RAM that isn't actively used but was recently used. For example, when an application is closed its memory contents are marked inactive before being released entirely. However, despite being inactive, memory will be given to other programs if needed.
- Used - Total amount of RAM used.
- Free - The amount of RAM not being used.
Mount DMG images in Linux
Not really MacOS specifig, but here you go: DMG files are usually compressed, like this:
$ file foo.dmg foo.dmg: bzip2 compressed data, block size = 100k
However, uncompressing via bzip2 won't work without errors, although the result looks kinda promising:
$ bzip2 -dc foo.dmg > foo.dmg.uncompressed bzip2: foo.dmg: trailing garbage after EOF ignored
$ file foo.dmg.uncompressed foo.dmg.uncompressed: Apple Driver Map, blocksize 512, blockcount 157500, devtype 0, devid 0, descriptors 0, contains[@0x200]: Apple Partition Map, map block count 3, start block 1, block count 63, name Apple, type Apple_partition_map, contains[@0x400]: Apple Partition Map, map block count 3, start block 64, block count 157432, name disk image, type Apple_HFS, contains[@0x600]: Apple Partition Map, map block count 3, start block 157496, block count 4, type Apple_Free
We'll use dmg2img[4][5] to decompress the .dmg:
$ dmg2img foo.dmg foo.dmg.uncompressed decompressing: opening partition 0 ... 100.00% ok opening partition 1 ... 100.00% ok opening partition 2 ... 100.00% ok Archive successfully decompressed as foo.dmg.uncompressed
Now we will be able to mount the image:
$ sudo mount -t hfsplus -o ro foo.dmg.uncompressed /mnt/disk $ mount | tail -1 /tmp/foo.dmg.uncompressed on /mnt/disk type hfsplus (ro,relatime,umask=22,uid=0,gid=0,nls=utf8)
nscurl
The following messages came up in syslog:
CalendarAgent[305]: CFNetwork SSLHandshake failed (-9836) CalendarAgent[305]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9836) CalendarAgent[305]: [com.apple.calendar.store.log.caldav.queue] [Rectifying principal path either because of an error (Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9836, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb030e470c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://alice@cal.example.org/caldav/principals/alice/, [...]
The server presented a self-signed certificate that was unknown to MacOS's trust store. After this was fixed, we can use nscurl to verify that MacOS can successfully communicate with the server:
$ nscurl --verbose --ats-diagnostics https://cal.example.org
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://cal.example.org.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
Result : PASS
[...]
Postfix
As an easy example[6], let a smarthost handle all our mails:
$ postconf -e relayhost=mail.example.org smtp_use_tls=yes $ grep ^relayhost /etc/postfix/main.cf relayhost = mail.example.org
Make sure aliases are set up too:
$ grep ^root /etc/postfix/aliases root: root@box.example.org
Regenerate /etc/aliases.db:
$ newaliases
Now mailx(1) or any other MUA can be used and mail should be delivered to the smarthost.
rc.local
MacOS StartupItems have been deprecated for a long time[7] and MacOS 10.10 eventually removed[8] the com.apple.SystemStarter.plist[9] entry.
To still use StartupItems like rc.local, we'll create our own[10] LaunchDaemon:[11]
$ cat /Library/LaunchDaemons/local.localhost.startup.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>local.localhost.startup</string> <key>Disabled</key> <false/> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <false/> <key>LaunchOnlyOnce</key> <true/> <key>ProgramArguments</key> <array> <string>/etc/rc.local</string> </array> </dict> </plist>
Create our /etc/rc.local and make sure it's executable:
$ ls -l /etc/rc.local -rwxr-xr-x 1 root wheel 42 Oct 16 16:43 /etc/rc.local $ cat /etc/rc.local #!/bin/sh date >> /tmp/foo
Replace the command with something useful :-)
Enable the .plist with:
sudo launchctl load -w /Library/LaunchDaemons/local.localhost.startup.plist
Note: the dreaded "Could not find domain for" error[12] may appear if this is run in a headless session. Once the executing user logs in locally (or via screen sharing), the error should go away.
Rearrange Menu Bar Items
Hold down the COMMAND key and drag the icon around.
Sleep
Putting the computer to sleep with pmset:
pmset sleepnow
With osascript:
osascript -e 'tell application "System Events" to sleep'
With shutdown:
sudo shutdown -s now
WiFi
List wireless networks:
$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
SSID BSSID RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
mywlan 1a:1b:1c:1d:1e:1f -91 3 Y -- WPA2(PSK/AES/AES)
wifi123 2a:2b:2c:2d:2e:2f -83 11 Y TW NONE
wrlss 3a:3b:3c:3d:3e:3f -81 2 Y US WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)
SSID -- Service Set Identifier
BSSID -- Basic Service Set Identifier
RSSI -- Received Signal Strength Indicator
HT -- Hight Throughput (aka Greenfield mode
CC -- Country Code
There's also /System/Library/CoreServices/Wi-Fi Diagnostics.app, a GUI to analyze WiFi networks.
References
- ↑ $LD_LIBRARY_PATH oder doch nicht?!
- ↑ HOWTO: Make iTunes Read Ogg Files
- ↑ Use Activity Monitor to read system memory and determine how much RAM is being used (OS X Mountain Lion and earlier)
- ↑ dmg2img
- ↑ Mirror of dmg2img utilities + my own patches
- ↑ Sending email from a local development machine using a Smart Host
- ↑ Startup Items
- ↑ Yosemite DP1 Removes SystemStarter
- ↑ launchd-842.92.1: com.apple.SystemStarter.plist
- ↑ Problem with startup script rc.local in OS X 10.10 Yosemite (Running Bootcamp in VirtualBox)
- ↑ Creating Launch Daemons and Agents
- ↑ gitlab-ci-multi-runner - Issues: install on mac