headmin

#!/bin/zsh

# pkgAndNotarize.sh

# 2019 - Armin Briegel - Scripting OS X

# place a copy of this script in in the project folder
# when run it will build for installation,
# create a pkg from the product,
# upload the pkg for notarization and monitor the notarization status

headmin

🧭 Get Started with the macOS Security Compliance Project (mSCP)

This guide provides a quick setup for the macOS Security Compliance Project (mSCP) using the uv tool by Astral, which simplifies dependency management and script execution.

---

✅ Prerequisites

• macOS (tested with macOS 15.3 and later)
• Git

headmin

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadDescription</key>
                <string>Configures all Nudge preferences</string>
                <key>PayloadDisplayName</key>

headmin

headmin

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>

headmin

import argparse
import os
from yaml import load, SafeLoader


TEMPLATE = """resource zentral_munki_script_check "mcs-{section}-{rule}" {{
  name            = "{name}"
  description     = trimspace(<<EODESC
{description}
EODESC

headmin

#!/usr/bin/python

import os
import sys

from CoreFoundation import (CFPreferencesAppValueIsForced,
                            CFPreferencesCopyAppValue,
                            CFPreferencesCopyValue,
                            kCFPreferencesAnyUser,
                            kCFPreferencesAnyHost,

headmin

How to install Ansible and Python on macOS - simply in minutes

Here we are going to install the latest Python (3.11.2 as of this writing) and Ansible on macOS Ventura in the most clever and simplistic way. All artifacts are installed in user and not system context.

How does it work? The awesome asdf-vm project is designed for version management of developer runtimes. Here we use a small feature to also directly install default-python-packages and pick Ansible as our choice (could be pipenv or others).

Some features here have been presented in my talk "Runtime and tools – version management on macOS" at the MDO:YVR 2022 conference.

Requirements

headmin

Blogpost / MacSysAdmin 2021

• https://blog.macadmin.me/posts/mtls-lab-setup/
• https://www.macsysadmin.se/program/program.html

Useful readings on certificate chains

• https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce
• https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/
• https://stackoverflow.com/questions/25482199/verify-a-certificate-chain-using-openssl-verify

headmin

set -e, -u, -o pipefail

The "set" lines These lines deliberately cause your script to fail. Wait, what? Believe me, this is a good thing. With these settings, certain common errors will cause the script to immediately fail, explicitly and loudly. Otherwise, you can get hidden bugs that are discovered only when they blow up in production.

set -euo pipefail is short for:

set -e
set -u