North Star Labs

We recently got some new hardware in, so I decided to update our NetBoot-Install root file system to Mac OS X 10.4.10 from 10.4.5. A common problem with NetBoot-Installation is new hardware shipping with updated kernel extensions. These machines often refuse to boot over the network unless the image is updated to include the new drivers.

In the past, I’ve re-created a new NBI image from the software that shipped with the new hardware, but that process is long and cumbersome so I decided to try applying the 10.4.10 update to the 10.4.5 image itself.  I’ve successfully augmented my existing Net Restore Helper 10.4.5 image to 10.4.10 using the following procedure:

1. Convert and copy the Read/Only DMG to a Read/Write one
2. Resize the DMG up to 4G
3. Install the Combo Update into the DMG
4. Copy out the kernel, boot loader
5. Make a new extension cache
6. Resize the DMG back down
7. Convert the R/W DMG to R/O
8. Move everything into place.

More detail with full commands and their output are available in my wiki. Check them out here: MacOSXNetBootInstallUpdate

There’s also no reason you can’t apply this method to an ASR image itself in order to update applications you’re deploying in your golden master image.

Links you might find useful…

• Make Any Mac a NetBoot Server
• Make Any Unix machine a NetBoot Server

Puppet Sample Scripts are here.

I’ve posted some sample code relating to my presentation on Puppet at WWDC 2007. At the moment, there’s just a couple of small examples to get started. I’ve posted them over in the repository. The examples demonstrate how I use puppet to manage the firmware password a login hook, and install apple packages wrapped inside DMG images.

To get everything I’m working on related to puppet:

svn co https://svn.northstarlabs.net:8443/svn/northstarlabs/trunk/puppet/

If you’re interested in more examples, please subscribe, as I’m in the process of refactoring a monolithic configuration into smaller, sharable modules. I intend to publish more Mac OS X specific modules which should just “drop into” an existing puppet infrastructure as I continue to iron out the process.

Also, please make sure to visit Puppet’s author, Luke Kanies site at http://reductivelabs.com/ There’s a wealth of information about Puppet. The wiki is constantly growing with new information.

The problem: One out of 14,000+ files is unreadable and hard locks the entire disk system in Mac OS X if accessed. I need to copy everything in the directory hierarchy except that single problem file. cp -r, Drag and drop in the finder, ditto, rsync, etc… all eventually try to copy the file and lock the system.

This problem cropped up after a customer returned from a trip with a severely damaged PowerBook G4. He had the machine in his bag, hanging on a hook, which wasn’t secured to the wall very well. The hook ripped out of the wall, the powerbook caught the edge of a metal trash can… Game over.

The upshot is that his new MacBook Pro was already waiting for him when he returned home, so now it’s just a matter of copying his data from the damaged PowerBook to the new MacBook Pro. I removed the 2.5″ drive and attached it to my handy ATA-USB adapter.

Unfortunately, shortly after starting the copy with the Finder, the progress bar would freeze, the disk activity light would freeze, and my workstation became completely locked. I could still interact with the machine, but even shutdown -r now and reboot failed to actually restart the machine. I had to resort to power cycling, which I never like.

Fed up with the finder, I decided to try rsync. After starting the copy with the command:

rsync -avxHE –progress /Volumes/Users/herb /Scratch/Herb/Users/

Which quickly (3.7% actually) arrived at the problem file. The progress stopped, and I could see that no more disk access was taking place. Luckily, rsync was apparently waiting patiently for a read() that’d never finish, and it didn’t lock my system like the finder did. I decided to just flip the power switch on my ATA-USB bridge since I knew I wasn’t doing any writes to the disk. The system handled the disappearing disk fine, cleaned up the mounted volumes, and rsync gracefully reported that the rest of it’s file listing had now vanished. I was able to quit rsync by sending a break.

With rsync, I was able to get the file name of the exact file that was tripping up the recursive copy. I added the full path to the file to a text file named files_to_exclude.txt then re-started rsync:

rsync -avxHE –progress –exclude-from /tmp/files_to_exclude.txt /Volumes/Users/herb /Scratch/Herb/Users/

This time, rsync skipped the problem file and finished the other 96% of work it had to do without a problem.

So, if you’re in a situation where recursive file copies are failing on a single file, rsync might come in handy, allowing you to skip over specific files and copy the rest.

I spent a few days this week trying various methods of repackaging our concurrent licensed copy of Adobe Creative Suite 3 for deployment. I’m using Puppet to deploy packages to all of the workstations I manage, so I needed to repackage using PackageMaker.app. We’re also using Sassafras KeyServer to enforce the concurrent license, so it’s a bit of an issue deploying with just the command line installer Adobe provides.

Needless to say, Adobe didn’t make this process easy on me at all. While their software is generally buggy, their draconian license checking routines sure do a wonderful job of making sure I can’t copy the software to other machines. Their tech support line even accused me of trying to pirate the software, which I kindly informed them was impossible since we’ve paid for concurrent licenses.

After a few time consuming attempts using find -x / -newer /tmp/control_file.txt and running into licensing errors when deploying my manually created package to other machines, I decided to buy JAMF Software’s Composer. The software quickly paid for itself considering my salary and time I was spending on the problem. It correctly packaged all of Adobe CS3 the first try, and I don’t run into licensing errors when deploying the packages to all of the other machines. I find this method much better than the Adobe Enterprise Deployment document for CS3.

Composer worked well for me.  Give it a shot if you need to deploy crappy apps like Adobe CS3 using Apple Remote Desktop or Puppet and Installer.app packages.

From time to time I’ll use the unix find -newer command to snag a list of file and folders modified after some other reference file. I’ll redirect the output of find to a text file, which now contains all folders and files I’m interested in.

I then would like to work with these files and folders at the shell. Yesterday I needed to split the master listing into two disjoint lists; one of all folders, one of all files. It’s fairly easy to create a list of the folders if you don’t care about empty folders. Just chop off each trailing element of each line, then sort the text file and pipe it into uniq.

Files are a bit trickier though. Here’s the command I always forget about:

comm -23 all.txt folders.txt

From the man page: The comm utility reads file1 and file2, which should be sorted lexically, and produces three text columns as output: lines only in file1; lines only in file2; and lines in both files.

So, comm neatly partitions text files organized by lines by finding and printing the intersection of the files.

Working at the math department, I haven’t had many encounters with Adobe applications. We recently bought concurrent licenses for Adobe CS3, and I’ve been spending this morning installing it, sifting out all of the files into a Package Maker project and otherwise preparing it for distribution.

The Adobe installer software is extremely poor quality. Having little experience with Adobe installers, I logged into a network home directory based administrative account and fired up the installer. After typing the adminstrative password, the installer immediately complained; “Setup has encountered an error and cannot continue. Contact Adobe Customer Support for assistance.”

There’s no error message in /Library/Logs/Adobe, the Console, or other system logs. There no mention of this problem in the README file shipping with the installation media.

The solution is relatively simple. You have to install this software using a local administrative account, not one with a network home directory.

Also, beware… While browsing the Adobe knowledge base, I ran across the article titled “Can’t install Adobe CS to case-sensitive HFS+ volumes.” Their solution is to re-format the volume.

I’ve mentioned screen to a few people, and they’ve asked me to post my ~/.screenrc file so they might get a quick example of how it works.

If you haven’t used screen before, it’s a way to run multiple shells within a single virtual terminal. It’s also wonderful if you frequently log into a remote machine and get disconnected or put your machine to sleep. Screen will keep your programms running and attached to a TTY on the remote end, allowing you to SSH back in and simply resume right where you left off. This is even easier and quicker when used with kerberized or public key SSH authentication.

My personal screen configuration is located here: ~/.screenrc