Over the past few months, my wife has gone through a number of operating systems. The Windows XP on her elderly laptop was finally overrun by viruses, and we didn't have an XP install CD, so I moved her over to Ubuntu. Recent stock Ubuntu installations are not particularly snappy on 300-odd MB of RAM, so after a few days I moved here over to Gentoo, since I have a lot of experience running stripped-down Gentoo systems on my netbook. Unfortunately, my wife's not really a big supporter of the stripped-down approach, so after the second 30-MB slide show started taking down Open Office, we threw in the towl and went shopping for a Mac. The entry-level MacBook Pros are reasonably priced (especially with my student discount), and she gets another core and 10 times the memory and disk space. I, on the other hand, get to work the kinks out of a Unix system so I can quash it into our home network. Ready?
User switching
By default, there's no easy means to switch between users without logging out completely. Can't have that. Go to
System preferences -> Accounts -> Login Options
and select Name (or whatever) for Show fast user switching menu
as. This puts a widget in the toolbar near the clock which lets you
switch users without closing all your running applications.
SSH
Sooner or later, your wife will come home and want to sit down in front of her shiny new laptop. Add a second keyboard by enabling SSH ;).
System preferences -> Sharing -> Remote login
Kerberos
I recently moved the home fileserver to Kerberos + NFSv4.
Luckily, OS X support for Kerberos is pretty solid, and NFSv4 support
is just solid enough for me to mount my shares. Copy your
/etc/krb5.conf over to /Library/Preferences/edu.mit.Kerberos.
You might have to edit it slightly, because Snow Leopard was ignoring
my DNS network name suggestion and using .local. This is probably
what I should have used in the first place, but it's not worth
reworking the home system now, so use something like
[domain_realm]
.d.net = R.EDU
d.net = R.EDU
.local = R.EDU
If your DHCP server doesn't point out your home DNS resolver, you can add it by hand in
System preferences -> Network -> AirPort -> SID -> Advanced -> DNS
Now kinit and company should work as expected, but with OS X, you're
not doing it right unless you're using a graphical interface, so they
provide /System/Library/CoreServices/Ticket Viewer.
If you want to store your password in your keychain, run
$ echo | kinit
which will pop up a password dialog with a Remember this password...
checkbox. Find the entry in
/Application/Utilities/Keychain Access
and click on the info button. Under Access Control, it should
mention that access is always allowed from kinit. You can test this
from the command line by running
$ kinit
which will now grab a new TGT automatically (i.e. no password prompt).
For long-running NFS mounts, you might want to setup automatic ticket
renewal. This is a task for launchd, an rc/init/cron
replacement that reads service info from plist files
(launchd.plist(5)). There is a system-provided Kereberos renewal
service
/System/Library/LaunchAgents/com.apple.Kerberos.renew.plist
but it has some issues. Rather than patching the system file, I just created my own alternative:
$ cat ~/Library/LaunchAgents/local.Kerberos.renew.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>local.Kerberos.renew.plist</string>
<key>Program</key>
<string>/usr/bin/kinit</string>
<key>Disabled</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>6000</integer>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<true/>
</dict>
</dict>
</plist>
Start the service with
$ launchctl load Library/LaunchAgents/local.Kerberos.renew.plist
The Disabled false setting shouild mean that the service will
start automatically on the next boot. Note that if your KDC goes down
and a renewal fails, the service will stop, and you'll have to restart
it once the KDC is back up.
NFS
Once you've got Kerberos setup, mounting an NFS file system is just:
$ sudo mount -t nfs -o vers=4.0alpha,sec=krb5p,intr,soft my-host:/ /Volumes/my-nfs/
Note that the Apple folks are still nervous about their NFSv4
implementation. From mount_nfs(8):
The current NFSv4 functionality is "alpha quality" software. Some
basic functionality is not yet implemented. Use at your own risk.
Currently, the only way to enable NFSv4 is to specify the mount
option:
-o vers=4.0alpha
This special option value is only temporary and will no longer be
necessary (or supported) once the NFSv4 functionality is ready for
general use ( -o vers=4 will be sufficient ).
I haven't noticed any glitches yet, but it might be wise to restrict write access from the OS X client to less critical directories, just to be on the safe side.
The graphical approach to configuring NFS is
Applications -> Utilities -> Disk Utility -> File -> NFS mounts
Remote NFS URL: nfs://my-host/
Mount location: /Volumes/my-nfs
Advanced Mount Parameters: vers=4.0alpha,sec=krb5p,intr,soft
After you do this, the mount should come up automatically on boot. You can unmount the drive through the Finder sidebar, but I haven't figured out how to remount it through the graphical interface.
$ sudo mount -a
seems to work fine though ;).
FLAC and Ogg
Somewhat shockingly, iTunes doesn't support FLAC or Ogg Vorbis
out of the box. To get Ogg Vorbis support, install the Xiph
Quicktime Component. Their ReadMe.rtf explains that
installation is just
$ sudo cp -r Desktop/XiphQT-unpacked/XiphQT.component /Library/Components/
XiphQT gives you the ability to decode assorted xiph codecs and containers, but iTunes may still need some handholding to actually import the files into its library. Fluke handles that for FLAC files, but the code is a bit crufty. I've been cleaning it up a bit, and I'll probably post my changes on the Google Code site over the weekend.
iTunes
Once you've got codec support in place, you should configure iTunes.
I unchecked Copy files to iTunes Media folder when adding to library
in
iTunes -> Preferences -> Advanced
Then get iTunes to index your NFS-mounted FLAC with
File -> Add to library
Add the FLAC with
$ flukeapp path/to/my/music/directory
Address Book and LDAP
You can configure Apple's Address Book to search an LDAP directory. Set up your connection with:
/Applications/Address Book.app
Address Book -> Preferences -> Accounts -> Add
Account Type: LDAP
...
If you're using a self-signed certificate, you'll need to add your CA to the system keyring or OS X will assume a man-in-the-middle attack (and give you an uninformative "Can't contact LDAP server" error). Add your certificate with:
/Applications/Utilities/Keychain Access.app
File -> Import Items
/path/to/your/CA/certificate
Destination Keychain: System
After which everything should work as expected.
Remote desktop
There's not much documentation online, but there is a MS Remote Desktop client available (Microsoft page, Apple page). The package installs into
/Applications/Remote Desktop Connection.app
double-clicking on this from Finder will fire it up, and you can configure it to log into your company's server, save the configuration, and make a symlink for easy launching from the desktop:
$ ln -s ~/Documents/RDC Connections/Default.rdp ~/Desktop/WidgetsLtd.rdp
Gentoo Prefix
The above steps get everything setup for basic usage, but you'll notice that we had to install a few applications by hand. This just consisted of unpacking a few bundled objects onto the system, but the OS will not be out checking for bug fixes and upgrades to keep our installations current. I'm missing my portage package manager. It's ok though, there are a number of package managers designed for OS X. The major players are Fink (Debian tools) and MacPorts (FreeBSD tools?), but there are fringe groups supporting the DIY Homebrew and my personal favorite, Gentoo Prefix (Gentoo tools). Pick your favorite. The issue with any of these tools will be interfacing with the underlying OS, since you don't want the OS to sneakily replace your GCC without your package manager knowing about it. To deal with this, the package managers do varingly complete jobs of toolchain bootstrapping to isolate their toolchain from Apples Xcode. Unfortunately, Xcode is not free, but if you've just bought a Mac, you can probably afford the $4.99 it costs for 9.3 GB of installed tools ;).
Bootstrap your Gentoo Prefix following the MacOS docs:
$ export EPREFIX="$HOME/Gentoo"
$ export PATH="$EPREFIX/usr/bin:$EPREFIX/bin:$EPREFIX/tmp/usr/bin:$EPREFIX/tmp/bin:$PATH"
$ export CHOST="x86_64-apple-darwin10"
$ curl 'http://overlays.gentoo.org/proj/alt/browser/trunk/prefix-overlay/scripts/bootstrap-prefix.sh?format=txt' > bootstrap-prefix.sh
$ chmod 755 bootstrap-prefix.sh
$ ./bootstrap-prefix.sh $EPREFIX tree
$ ./bootstrap-prefix.sh $EPREFIX/tmp make
$ ./bootstrap-prefix.sh $EPREFIX/tmp wget
$ ./bootstrap-prefix.sh $EPREFIX/tmp sed
$ ./bootstrap-prefix.sh $EPREFIX/tmp python
$ ./bootstrap-prefix.sh $EPREFIX/tmp coreutils6
$ ./bootstrap-prefix.sh $EPREFIX/tmp findutils
$ ./bootstrap-prefix.sh $EPREFIX/tmp tar15
$ ./bootstrap-prefix.sh $EPREFIX/tmp patch9
$ ./bootstrap-prefix.sh $EPREFIX/tmp grep
$ ./bootstrap-prefix.sh $EPREFIX/tmp gawk
$ ./bootstrap-prefix.sh $EPREFIX/tmp bash
$ ./bootstrap-prefix.sh $EPREFIX portage
$ hash -r
$ emerge --oneshot sed
$ emerge --oneshot --nodeps bash
$ emerge --oneshot pax-utils
$ emerge --oneshot --nodeps wget
$ emerge --oneshot --nodeps baselayout-prefix
$ emerge --oneshot --nodeps xz-utils
$ emerge --oneshot --nodeps m4
$ emerge --oneshot --nodeps flex
$ emerge --oneshot --nodeps bison
$ emerge --oneshot --nodeps binutils-config
Now check gcc --version to see which version of GCC Xcode
installed. If it's not 4.2.1, check the bootstrap docs.
$ emerge --oneshot --nodeps binutils-apple
$ emerge --oneshot --nodeps gcc-config
$ emerge --oneshot --nodeps gcc-apple
$ emerge --oneshot coreutils
$ emerge --oneshot findutils
$ emerge --oneshot tar
$ emerge --oneshot grep
$ emerge --oneshot patch
$ emerge --oneshot gawk
$ emerge --oneshot make
$ emerge --oneshot --nodeps file
$ emerge --oneshot --nodeps eselect
$ FEATURES="-collision-protect" emerge --oneshot portage
$ rm -rf $EPREFIX/tmp/*
$ hash -r
$ emerge --sync
$ USE=-git emerge -u @system
$ echo 'USE="unicode nls"' >> $EPREFIX/etc/make.conf
$ echo 'CFLAGS="-O2 -pipe <my-cpu-flags>"' >> $EPREFIX/etc/make.conf
$ echo 'CXXFLAGS="${CFLAGS}"' >> $EPREFIX/etc/make.conf
$ emerge -e @system
$ cd $EPREFIX/usr/portage/scripts
$ ./bootstrap-prefix.sh $EPREFIX startscript
$ cp $EPREFIX/startscript ~/
Then run startscript whenever you want to start a shell from the
Prefix with appropriate path and environmental variables. Use this
shell for future emerge calls.
Bootstrapping is not the most fun procedure in the world, but once it's done, you don't have to worry about it ever again. All your open source packages can then be easily maintained with a mature package manager, which will certainly save you some time later on.
Unfortunately, there are not as many open source devs running OS X as there are running GNU/Linux, so it may take a bit of leg work to get oddball packages into your package manager's repository. I've published my Gentoo Prefix overlay with assorted tools I used to troubleshoot Fluke; take a look if you like Python ;).
Resources
OS X is certaily different from the GNU/Linux systems I've worked with to date. For example, the file system is all shuffled around, and it's built on HFS+, which stores metadata and resource forks for each file. There are also aliases (fancy symlink), bundles apps, etc. For an old-but-useful introduction to the OS from a Linux perspective, check out Amit Singh's 2003 What is Mac OS X.