Skip to content

Instantly share code, notes, and snippets.

View headmin's full-sized avatar

Henry Stamerjohann headmin

35 followers · 71 following
View GitHub Profile
@pudquick
pudquick / 00-reproducible-mach-o.md
Last active May 17, 2024 04:24
Reproducible Builds for macOS

Reproducible Builds for macOS

There's a neat writeup I stumbled across recently titled "Reproducible codesigning on Apple Silicon" from Keith Smiley about some gotchas when it comes to compiling a binary in a way that's repeatable and always generates the exact same byte output (which would then checksum to the exact same hash) - even if compiled on a different Mac.

In applying the suggestions I found in the blog post, I found a few other corner cases that I just wanted to get documented more explicitly somewhere.

Tools Matter

Footnote 2 from that blog post is important:

@np5
np5 / apple_model_identifiers.py
Last active March 22, 2023 19:36
How to get the Apple computer identifiers
import argparse
import urllib.request
PAGES = (
("https://support.apple.com/en-us/HT201862", "MacBook Air", "LAPTOP"),
("https://support.apple.com/en-us/HT201300", "MacBook Pro", "LAPTOP"),
("https://support.apple.com/en-us/HT201894", "Mac mini", "DESKTOP"),
("https://support.apple.com/en-us/HT213073", "Mac Studio", "DESKTOP"),
("https://support.apple.com/en-us/HT201634", "iMac", "DESKTOP"),
@gregneagle
gregneagle / quarantine_demo.py
Created February 23, 2023 23:13
Using Apple's quarantine API from PyObjC
#!/usr/local/munki/munki-python
'''Demo only. Needs more robust error checking and handling'''
import os
from Foundation import NSURL, NSURLQuarantinePropertiesKey
def getQuarantineAttribute(pathname):
'''Returns a dict contaning quarantine info for pathname or None'''
@esummers
esummers / Samba Domain Controller.md
Last active April 20, 2024 18:54
Samba Domain Controller on a Raspberry Pi

Running a Samba 4.x Domain Controller on a Raspberry Pi

If you don't have a Windows server available for testing, a Raspberry Pi makes a great test environment. It works with Mac AD Binding, Apple Enterprise Connect, and the Mac Kerberos SSO Extension.

Configuring a Domain Controller on Rasbian or other Debian-based Linux distribution:

  1. Install Rasbian. Use NOOBS if you are new to Raspberry Pi at https://www.raspberrypi.org/downloads/. Optionally enable SSH or VNC support in Raspbian settings menu to remote in to the machine.

  2. Install Samba and related packages. Some packages may launch setup tools. Skip through the Kerberos configuration with defaults. We will be deleting the Kerberos configuration in a later step.

@haircut
haircut / modify-system-preferences-authorizations.py
Last active June 5, 2023 16:27
Backs up authdb, then modifies them so users can modify Energy Saver, Network, Printers & Scanners, Date & Time, Time Machine
#!/usr/bin/python
'''
Modifies authorizations database to allow standard users to change select
system preferences.
A great guide to available authorization rights can be found at:
https://www.dssw.co.uk/reference/authorization-rights/index.html
USE AT YOUR OWN RISK
'''
@opragel
opragel / forcefully_remove_mdm_1015.sh
Last active June 10, 2024 06:29
forcefully_remove_mdm_1015.sh
#!/bin/bash
# Seriously there still apparently aren't enough warning labels
# If you don't understand the consequences don't do it
REMOVE_PATHS=( # "/var/db/ConfigurationProfiles/.passcodePolicesAreInstalled"
# "/var/db/ConfigurationProfiles/.cloudConfigHasActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigNoActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigProfileObtained"
# "/var/db/ConfigurationProfiles/.cloudConfigRecordFound"
# "/var/db/ConfigurationProfiles/.profilesAreInstalled"
@haircut
haircut / README.md
Last active February 20, 2020 13:01
How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

@gregneagle
gregneagle / prefs_observer.py
Created August 1, 2017 18:20
Getting notified when a preference changes (using PyObjC)
from Foundation import NSObject, NSUserDefaults, NSKeyValueObservingOptionNew
from Foundation import NSRunLoop, NSDate
class PrefsObserver(NSObject):
def observe(self, domain, key):
self.domain = domain
self.key = key
if self:
self.defaults = NSUserDefaults.alloc().initWithSuiteName_(
@gregneagle
gregneagle / fancy_defaults_read.py
Last active February 6, 2024 15:14
fancy_defaults_read.py: Reads a preference, prints its value, type, and where it is defined.
#!/usr/bin/python
import os
import sys
from CoreFoundation import (CFPreferencesAppValueIsForced,
CFPreferencesCopyAppValue,
CFPreferencesCopyValue,
kCFPreferencesAnyUser,
kCFPreferencesAnyHost,
@pudquick
pudquick / receipts.py
Created August 18, 2016 17:14
Programmatically access package receipt information using the OS X PrivateFramework PackageKit (same one pkgutil uses) with python and pyobjc
import objc
packagekit_bundle = objc.loadBundle('PackageKit', module_globals=globals(), bundle_path='/System/Library/PrivateFrameworks/PackageKit.framework', scan_classes=False)
PKReceipt = objc.lookUpClass('PKReceipt')
receipts = PKReceipt.receiptsOnVolumeAtPath_('/')
first_receipt = receipts[0]
# Things you can look up:
# installPrefixPath