Add a user to a group on OSX

Quick and easy adding of a user to a group on OSX

sudo dscl localhost -append /Local/Default/Groups/thegroupname GroupMembership theusername

 

Setup an OSX Slave for a Windows Jenkins Instance

So, I’ve been working on an iOS project in Unity and wanted to build on a PC and just use a Mac for the signing step. This allows me to throw processing power at the build (the PC) and just use a low-end Mac Mini to handle the less labour intensive signing.

Technically, a Mac isn’t needed in the pipeline (PC’s can handle the sign) but I’m still a bit sceptical about signing final release builds on a PC, and would prefer to keep things safe by signing on the hardware and tools that Apple recommends.

Quick tutorial on setting up an OSX slave that can be used from the PC…

  1. Setup Jenkins on PC and Mac (I’m using 2.102 and it’s quite stable)
  2. Add a Slave Node
    1. In Jenkins, go to Manage Jenkins->Manage Nodes->New Node
    2. Enter a name (“Slave OSX” or similar)
    3. Select “Permanent Agent”
    4. Click “OK”
  3. On the page that follows (See below): –
    1. Set the Remote Root Directory for the slave (For me it’s /Users/Shared/Jenkins/slave)
    2. In Launch Method, select “Launch slave agents via SSH”
      1. Enter the IP of the slave
      2. Click “Add” on credentials to enter credentials that will allow your PC to connect to the Mac (See below for more info)
      3. Under “Host Key verification Strategy” I use “Manually provided key Verification Strategy”. Note: This is the rsa key of the Mac you’re connecting to. It IS NOT the rsa key needed to connect to the Windows PC. The rsa for the slave Mac can be found by typing “ssh-keyscan -t rsa [IP of Slave] on a terminal session on the slave Mac

AddSlaveNode

As mentioned above in point 3.2.2, the credentials for connecting to the Mac have to be set up. After clicking the “Add” button do the following: –

  1. Set the scope to “System”
  2. Add the username that you’ll be using to log in to the Mac
  3. Set the private key to the private key generated for this PC. See my other post here to get info on how to do this. The same post will talk you through configuring the Mac to work with password-less access via an authorized_keys file

ConfigCredentials

And that’s it. When you launch the node it should connect to the Mac and you’ve got a Mac slave. I’ll add another post on how to setup the signing soon.

 

 

 

Setup a mac to allow ssh login without a password (PC to Mac in this example)

We want to be able to login to a mac using ssh but don’t want to type a password every time. This is done by allowing Remote Login for a given user on the Mac and adding a public key to the Mac for the PC you’re logging in from.

  1. On the mac, make sure the user allows “Remote Login”. You’ll find this in Settings->Sharing
    1. Tick “Remote Login” and make sure the user you’re logging in as is included in the list on the right (click the ‘+’ if not)
  2. Open a bash commandline on the PC (Git Bash will do the job)
    1. ssh-keygen –t rsa
    2. press Enter until the command exits (passwords etc all blank)
  3. You now have a public key for the PC
  4. ssh to the mac
    1. ssh [user]@[IP] (in my case, ssh jenkins@JENKINS_SLAVE)
    2. Make sure you have a .ssh directory in the home directory (the one that you’re in straight after logging in). If not, mkdir .ssh
  5. Open another bash commandline on the PC
    1. cd to the directory where the id_rsa.pub was created. In my case: –
    2. cd /c/Users/andygreen/.ssh
    3. Copy the .pub to the mac
      1. scp ./id_rsa.pub jenkins@JENKINS_SLAVE:/Users/Shared/Jenkins/.ssh
    4. Go back to the bash session that’s logged into the Mac and copy the public key to an “authorized_keys” file so it’ll be checked when logging in
      1. cd .ssh
      2. cat id_rsa.pub >> authorized_keys

That should do it. The next ssh jenkins@JENKINS_SLAVE will login without asking for a password

Also, worth noting that Sierra or above will need to be a 2048 bit rsa or they won’t work. See here for more info

 

 

OSX “You do not have permission to open the application…”

I got this message (again) this morning and needed to open the application anyway. Unfortunately, “System Preferences->Security & Privacy” has the “Anywhere” option removed by default in El Capitan, Sierra and High Sierra (and above I assume). To get it back, just do this from a terminal: –

sudo spctl --master-disable

This will re-enable the option in the settings panel by disabling the security check. Obviously, don’t do this unless you know what you’re doing (see here for more details)

Hope it helps

 

Generating a Public/Private key for use with ssh (OSX)

Quick note so I don’t forget this for next time…

ssh-keygen -f ~/.ssh/[keyname]

e.g. ssh-keygen -f ~/.ssh/myuser

This will generate two files: –

myuser.pub             <- public key

myuser                     <- private key

The latter of the two files is your private key. Keep it secret, keep it safe. The former is your public key. That’s the one you’ll need to supply to someone to get access to a remote server that you’re going to ssh to

oh, and one other thing. You may need to chown the .ssh directory to 600 so it has enough rights to be accessed for the login. (chown -R 600 .ssh)

 

 

Remote connection to a Mac (OSX)

  • Open a bash window in Windows 10 (Start + “bash”)
  • Connect to the Mac using ssh [username]@[ipaddress]
    • e.g. “ssh jenkins@192.168.1.100”
    • If you get an error saying “Connection refused” then you’ll need to go to “System Preferences ->Sharing” on the Mac and enable “Remote Login” for the user you want to connect as
  • Type your password
  • You should now be looking at a bash script commandline interface to the mac

Setting up a Mac for iOS dev

The code for the hierarchy display was a mess so I’ve given it a rework. I now have an editor in C# with an embedded C++ DX11 interface. The hierarchy display shows entities and components used in the current scene and I’ve integrated bullet so I’ve got a working physics system. Feel like I’m making some progress now…

Just spent an evening getting my iMac hooked up again so I can start on the iOS implementation of the code. Apple have done a nice job of reworking the certificate/identifiers/devices/provisioning profile pish and it’s now usable. It took me about 30 mins tonight to clean out the Mac and rebuild everything from the ground up. Way better than the day that it used to take due to bugs and poor instructions!

So I can now build a test app on the iMac which is reading from the PC harddrive via a share. This allows me to use VS and avoid the nightmare that is XCode. I’ve installed synergy (http://synergy-foss.org) on both the PC and the Mac so the mac shares my keyboard and mouse so all I need to do is move the mouse over xcode and hit F5 to get a build onto the iPad… nice!

X360 was approved by Microsoft today so that’s one out of the way. PC, PS3, iOS and Android to go…