Add a user to a group on OSX

Quick and easy adding of a user to a group on OSX

sudo dscl localhost -append /Local/Default/Groups/thegroupname GroupMembership theusername

 

Setup an OSX Slave for a Windows Jenkins Instance

So, I’ve been working on an iOS project in Unity and wanted to build on a PC and just use a Mac for the signing step. This allows me to throw processing power at the build (the PC) and just use a low-end Mac Mini to handle the less labour intensive signing.

Technically, a Mac isn’t needed in the pipeline (PC’s can handle the sign) but I’m still a bit sceptical about signing final release builds on a PC, and would prefer to keep things safe by signing on the hardware and tools that Apple recommends.

Quick tutorial on setting up an OSX slave that can be used from the PC…

  1. Setup Jenkins on PC and Mac (I’m using 2.102 and it’s quite stable)
  2. Add a Slave Node
    1. In Jenkins, go to Manage Jenkins->Manage Nodes->New Node
    2. Enter a name (“Slave OSX” or similar)
    3. Select “Permanent Agent”
    4. Click “OK”
  3. On the page that follows (See below): –
    1. Set the Remote Root Directory for the slave (For me it’s /Users/Shared/Jenkins/slave)
    2. In Launch Method, select “Launch slave agents via SSH”
      1. Enter the IP of the slave
      2. Click “Add” on credentials to enter credentials that will allow your PC to connect to the Mac (See below for more info)
      3. Under “Host Key verification Strategy” I use “Manually provided key Verification Strategy”. Note: This is the rsa key of the Mac you’re connecting to. It IS NOT the rsa key needed to connect to the Windows PC. The rsa for the slave Mac can be found by typing “ssh-keyscan -t rsa [IP of Slave] on a terminal session on the slave Mac

AddSlaveNode

As mentioned above in point 3.2.2, the credentials for connecting to the Mac have to be set up. After clicking the “Add” button do the following: –

  1. Set the scope to “System”
  2. Add the username that you’ll be using to log in to the Mac
  3. Set the private key to the private key generated for this PC. See my other post here to get info on how to do this. The same post will talk you through configuring the Mac to work with password-less access via an authorized_keys file

ConfigCredentials

And that’s it. When you launch the node it should connect to the Mac and you’ve got a Mac slave. I’ll add another post on how to setup the signing soon.

 

 

 

Setup a mac to allow ssh login without a password (PC to Mac in this example)

We want to be able to login to a mac using ssh but don’t want to type a password every time. This is done by allowing Remote Login for a given user on the Mac and adding a public key to the Mac for the PC you’re logging in from.

  1. On the mac, make sure the user allows “Remote Login”. You’ll find this in Settings->Sharing
    1. Tick “Remote Login” and make sure the user you’re logging in as is included in the list on the right (click the ‘+’ if not)
  2. Open a bash commandline on the PC (Git Bash will do the job)
    1. ssh-keygen –t rsa
    2. press Enter until the command exits (passwords etc all blank)
  3. You now have a public key for the PC
  4. ssh to the mac
    1. ssh [user]@[IP] (in my case, ssh jenkins@JENKINS_SLAVE)
    2. Make sure you have a .ssh directory in the home directory (the one that you’re in straight after logging in). If not, mkdir .ssh
  5. Open another bash commandline on the PC
    1. cd to the directory where the id_rsa.pub was created. In my case: –
    2. cd /c/Users/andygreen/.ssh
    3. Copy the .pub to the mac
      1. scp ./id_rsa.pub jenkins@JENKINS_SLAVE:/Users/Shared/Jenkins/.ssh
    4. Go back to the bash session that’s logged into the Mac and copy the public key to an “authorized_keys” file so it’ll be checked when logging in
      1. cd .ssh
      2. cat id_rsa.pub >> authorized_keys

That should do it. The next ssh jenkins@JENKINS_SLAVE will login without asking for a password

Also, worth noting that Sierra or above will need to be a 2048 bit rsa or they won’t work. See here for more info

 

 

OSX “You do not have permission to open the application…”

I got this message (again) this morning and needed to open the application anyway. Unfortunately, “System Preferences->Security & Privacy” has the “Anywhere” option removed by default in El Capitan, Sierra and High Sierra (and above I assume). To get it back, just do this from a terminal: –

sudo spctl --master-disable

This will re-enable the option in the settings panel by disabling the security check. Obviously, don’t do this unless you know what you’re doing (see here for more details)

Hope it helps