Add 'custompkg/root/etc/skel/Library/user-setup/010.install-cli-tools.sh'

fix bug with cask app dir install path

README.md

@@ -1,151 +1,28 @@
-# osximage
+# osx
 
-This is a repo for building an NBI (never-booted image) of an OS X (pron: oh ess **ten**) root partition, which can be easily and quickly (<10m) imaged onto a Mac with the `asr` utility readily available on OSX boot media.
+New deal for Catalina/Big Sur: Imaging is dead.  Install a fresh install
+manually, then do the following.
 
-# HOWTO: Creating the NBI
+# Manual Prerequisite Steps
 
-## Prerequisites
+Open System Preferences.
 
-Per AutoDMG, you have to be on the same OS as you're building.  To build a 10.12 image, the build system must be running Sierra.
+* Sharing > Set Hostname
+* Security and Privacy > FileVault > Enable
 
-* Install the following to /Applications:
+Open a terminal and run the following:
-    * `Xcode.app`
-        * pkg offline non-app-store version available [here](https://developer.apple.com/download/more/)] (requires appleId but does not developer membership)
-    * `Install macOS Sierra.app`
-        * [free download via App Store](https://itunes.apple.com/us/app/macos-sierra/id1127487414)
-    * `AutoDMG.app`
-        * [GitHub Download](https://github.com/MagerValp/AutoDMG/releases)
 
-* create `~/Documents/packages.10.12`
+* `chsh -s /bin/bash` and enter password
-    * put in all those apple printer driver `pkg`s you can download
+* `sudo xcodebuild -license accept` and click ok/install on developer tools
-    * the "enhanced dictation" offline speech recognition 800mb `pkg` that system preferences will download if you ask it
+  installer popup window
-        * run [this](https://gist.github.com/sneak/958df7165ce5b9e4dd4c89da5764a8e1) while it's downloading to find the temp file, then hardlink it to `whatever.pkg`
+* `sudo xcode-select --install`
-    * any other packages you want preinstalled on the root but not:
+# The Install
-        * Virtualbox (won't work unless installed from inside the running OS for some reason)
-        
-## My `packages.10.12`
 
-https://ipfs.io/ipfs/QmTvcpFitKXsNTLdVRWk6PHvFWUfddZH47umm1xZvJApts/packages.10.12
+```bash
-
+bash <(curl -s https://git.eeqj.de/sneak/osx/raw/branch/master/install.sh)
-```
-48516a7b6e5286cc44ab30ff3c5aa171e0888519  200.BrotherPrinterDrivers.pkg
-ebf0abac1483fd6de9262e92b047dcc80ceabeab  200.CanonPrinterDrivers.pkg
-b8442185bfa0e182b84a7f6f5f298deb04d81a74  200.EPSONPrinterDrivers.pkg
-2cd5d3bfc434226125d068bb09e90cbb2157a7ba  200.FujiXeroxPrinterDrivers.pkg
-f44f5769579f3be7a771f54690de221e04f496cf  200.HewlettPackardPrinterDrivers.pkg
-9c303c08e76aaef2fc9d1599aeea9ff15e8bce2b  200.InfoPrintPrinterDrivers.pkg
-c45d3616f5995846313b9afc159ca6793b00ed08  200.LanierPrinterDrivers.pkg
-9bcdb8492b00b0d7079dde23e1db4ac8da4fe0c0  200.LexmarkPrinterDrivers.pkg
-c6218afb33b68fe6fab803d5b327e4f628857039  200.RicohPrinterDrivers.pkg
-1ef9a998e680df23ca0cf8ba1426ed7673a2c37a  200.SamsungPrinterDrivers.pkg
-df267df6198781d3fae736112a66a4a150c46b67  200.SavinPrinterDrivers.pkg
-59b0306fe33693a73dc709641262f0ed2d63285a  200.XeroxPrinterDrivers.pkg
-b77920f32f36f3229611ea0e10c01f2dad157ceb  20161003.EnhancedDictation.pkg
 ```
 
-## Build Image
+# Uninstall (not 100%, only for dev)
-
+```bash
-Finally, just run `make` in the cloned repo to build the NBI.  You will need to enter your sudo password up front, **but don't go get coffee yet**... AutoDMG will ask for it again about 30-60 seconds later.  *Then* go and kill an hour.
+rm -rfv ~/.profile ~/.bashrc ~/Library/Homebrew ~/Library/bashrc.d ~/Library/profile.d ~/Library/user-setup $TMPDIR/osx
-
+```
-The OSX Installer .app, AutoDMG, and Xcode (for `make`) will all be included in the built image, so if you're *using* the image so built it will have everything you need to make further images later.
-
-If you aren't installing any extra packages, edit the `Makefile` to remove the `~/packages.10.12/*.pkg` part.
-
-It writes the image as it's building to /tmp (to leverage fast internal SSD in case your `osximage` clone is on removable media) then moves it to the repo directory in the last step.
-
-# HOWTO: Imaging A Mac
-
-## Before You Begin
-
-Get all data to be saved *off* of target system.  Recommended: install Google Drive and log in to your Google account and put everything to be saved in there.  Wait for sync (upload) to complete.
-
-## Create bootable USB media
-
-* Install OS installer .app bundle to /Applications
-* Insert USB3 media.  64GB or larger to store OS installer and image.
-
-e.g. USB disk named "Untitled":
-
-    sudo /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/createinstallmedia \
-      --volume /Volumes/Untitled \
-      --applicationpath "/Applications/Install macOS High Sierra.app"
-
-## Copy image to USB
-
-Copy the never-booted disk image (nbi) ending with `.dmg` to the root of the newly-imaged bootable USB disk, alongside the installer `.app` the `createinstallmedia` tool placed on the disk.
-
-## Image Mac
-
-* Insert the bootable USB drive into the machine to be imaged and boot holding the Option key on a wired keyboard.  (Alt on a PC keyboard.)
-* Select `Terminal` from the `Utilities` menu.
-* Run the following commands:
-
-### Repartition and Reformat disk0
-
-⚠️⚠️ **This will delete all data on the internal disk. Proceed with caution.** ⚠️⚠️
-
-`diskutil partitionDisk /dev/disk0 1 GPT jhfs+ root R`
-
-### Write OS NBI to disk0
-
-`asr restore --source file:///Volumes/Image\ Volume/nbi.dmg --target /Volumes/root --erase`
-
-# HOWTO: Using the Custom Image
-
-## 1/5 Initial Password
-
-* The password for the `admin` user is `admin`.  Log in as admin.
-
-## 2/5 Create User Accounts
-
-The example user in this document is John P Smith, username `jps`.  Replace the name and username with your own.
-
-* Create an administrator user account for yourself.
-    * Username: `jpsadmin`
-    * Real Name: `John Smith (admin)`
-* Create a second non-administrator local user account for daily job tasks.
-    * Username: `jps`
-    * Real Name: `John Smith`
-* Create a third non-administrator local user account `personal` for personal use.
-
-## 3/5 Set Up Systemwide Configuration
-
-* Log out of `admin` and into `jpsadmin`.
-* Delete the `admin` user in `System Preferences > Users & Groups`. Choose to delete the user's home folder.
-* Open `System Preferences > Sharing` and set the machine hostname.
-* Connect machine to network (potentially entering wifi password).
-* Open a terminal and run `new-system-setup`.  Enter the `jpsadmin` password when initially prompted.
-    * When prompted to "Enter the user name:", enter your normal username (e.g. `jps`)
-        * This is for FileVault (FDE) to enable the specified user from the encrypted disk.
-* Wait for the script to finish, then enter `sudo reboot`.
-
-## 4/5 Set Up User-specific Configuration
-
-* Log in with your normal user. (e.g. `jps`)
-* You may log in to your personal iCloud account/Apple ID, however, **make sure you disable iCloud Drive as soon as you log in**.
-    * Uncheck `Store files from Documents and Desktop in iCloud Drive` when prompted!
-* Disable iCloud Drive and Mail in `System Preferences > iCloud` if you logged in to iCloud.
-* Open a terminal, and run `new-user-setup`.
-    * This will take a while, as it will be downloading and installing a full set of apps.
-* Log out, and log back in again with the same user so that changed preferences will take effect.
-* Log in to Google Drive (already installed under ~/Applications) with your Google Apps account.
-* Avoid installing any additional software to the machine unless strictly necessary.  Prefer web applications and built-in apps.
-* Do not install third-party software to `/Applications` except via the App Store.
-
-## 5/5 Finally, Systemwide Security Software
-
-* Little Snitch
-* Little Flocker
-
-## 6/5 Optional Manual Configs
-
-* Enable pretty native OS notifications for Chrome: `chrome://flags/#enable-native-notifications`
-* Re-enable Location Services
-
-# Credits
-
-* `DefaultDesktop.jpg`
-    * rotated version of [space](http://simpledesktops.com/browse/desktops/2012/feb/19/space-2/) by [Nané](http://www.smplz.com/)
-* other desktops
-    * a whole bunch of 5120px wide (5K Retina iMac res) images from [InterfaceLIFT](https://interfacelift.com/wallpaper/downloads/date/wide_16:9/5120x2880/)
- 

custompkg/root/etc/skel/Library/bashrc.d/000.disable-catalina-nag.sh

@@ -0,0 +1 @@
+export BASH_SILENCE_DEPRECATION_WARNING=1

custompkg/root/etc/skel/Library/bashrc.d/000.nix.sh

@@ -0,0 +1,3 @@
+if [ -e $HOME/.nix-profile/etc/profile.d/nix.sh ]; then
+    . $HOME/.nix-profile/etc/profile.d/nix.sh;
+fi

custompkg/root/etc/skel/Library/bashrc.d/099.brew-path.sh

@@ -0,0 +1,4 @@
+if [[ -d $HOME/Library/Homebrew ]]; then
+    export PATH="$PATH:$HOME/Library/Homebrew/bin"
+fi
+

custompkg/root/etc/skel/Library/bashrc.d/100.caskroom-dest.sh

@@ -1 +0,0 @@
-export HOMEBREW_CASK_OPTS="--appdir=$HOME/Applications"

custompkg/root/etc/skel/Library/bashrc.d/100.disable-spyware.sh

@@ -0,0 +1,10 @@
+export DO_NOT_TRACK=1
+
+# the rest
+
+export HOMEBREW_NO_ANALYTICS=1
+export GATSBY_TELEMETRY_DISABLED=1
+export STNOUPGRADE=1
+export DOTNET_CLI_TELEMETRY_OPTOUT=1
+export SAM_CLI_TELEMETRY=0
+export AZURE_CORE_COLLECT_TELEMETRY=0

custompkg/root/etc/skel/Library/bashrc.d/100.homebrew-no-spyware.sh

@@ -1 +0,0 @@
-export HOMEBREW_NO_ANALYTICS=1

custompkg/root/etc/skel/Library/bashrc.d/100.homebrew-paths.sh

@@ -1,2 +0,0 @@
-export PATH+=":$HOME/Library/Homebrew/bin"
-export PATH+=":$HOME/Library/Homebrew/sbin"

custompkg/root/etc/skel/Library/bashrc.d/150.ldflags.sh

@@ -1 +0,0 @@
-export LDFLAGS="$LDFLAGS -I$(brew --prefix)/opt/openssl/include -L$(brew --prefix)/opt/openssl/lib"

custompkg/root/etc/skel/Library/bashrc.d/200.git-prompt.sh

@@ -1,5 +1,8 @@
-if [ -f "$(brew --prefix bash-git-prompt)/share/gitprompt.sh" ]; then
+BGPPREFIX="$HOME/Library/Homebrew/opt/bash-git-prompt"
-  GIT_PROMPT_THEME=Default
+
+if [ -f "$BGPPREFIX/share/gitprompt.sh" ]; then
+  GIT_PROMPT_THEME=Plague_Doctor
   GIT_PROMPT_ONLY_IN_REPO=1
-  source "$(brew --prefix bash-git-prompt)/share/gitprompt.sh"
+  GIT_PROMPT_FETCH_REMOTE_STATUS=0
+  source "$BGPPREFIX/share/gitprompt.sh"
 fi

custompkg/root/etc/skel/Library/profile.d/100.aliases.sh

@@ -0,0 +1 @@
+alias ls="ls -G"

custompkg/root/etc/skel/Library/profile.d/900.gpg-agent.sh

@@ -13,7 +13,7 @@ if [[ ! -e $HOME/.gpg-agent-info ]]; then
         gpg-agent \
             --enable-ssh-support \
             --daemon \
-            --pinentry-program $(brew --prefix)/bin/pinentry-mac \
+            --pinentry-program $HOME/.nix-profile/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac \
             2> /dev/null > $HOME/.gpg-agent-info
     fi
 fi

custompkg/root/etc/skel/Library/profile.d/900.homebrew-completion.sh

@@ -1,3 +1,5 @@
-if [ -f $(brew --prefix)/etc/bash_completion ]; then
+if which brew 2>&1 >/dev/null ; then
-    source $(brew --prefix)/etc/bash_completion
+    if [ -f $(brew --prefix)/etc/bash_completion ]; then
-fi
+        source $(brew --prefix)/etc/bash_completion
+    fi
+fi

custompkg/root/etc/skel/Library/user-setup/010.install-cli-tools.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+xcode-select --license accept
+xcode-select --install
+xcode-select --license accept

custompkg/root/etc/skel/Library/user-setup/040.install-homebrew.sh

@@ -1,8 +1,15 @@
 #!/bin/bash
 ############################################# install homebrew under homedir
+
+# reminder: homebrew is *spyware*. using it in the default configuration is
+# *unsafe*. other scripts elsewhere set HOMEBREW_NO_ANALYTICS to disable 
+# its spying; do not use this file in isolation.
+
 if [[ ! -d ~/Library/Homebrew ]]; then
     mkdir -p ~/Library/Homebrew
     cd ~/Library/Homebrew
     curl -fsSL https://github.com/Homebrew/brew/tarball/master | \
         tar --strip-components 1 -xvf -
 fi
+
+~/Library/Homebrew/bin/brew analytics off

custompkg/root/etc/skel/Library/user-setup/099.add-python-path.sh

@@ -1,4 +1,6 @@
 # adds homebrew python packages dir to python paths
 
+if [[ -d "$HOME/Library/Python/2.7/lib/python/site-packages/" ]]; then
 echo "import site; site.addsitedir(\"$HOME/Library/Homebrew/lib/python2.7/site-packages\")" >> \
 	$HOME/Library/Python/2.7/lib/python/site-packages/homebrew.pth
+fi

custompkg/root/etc/skel/Library/user-setup/099.git-config.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# a small vote for the status quo, or perhaps just a vote against the cost of change vs the zero benefit
+git config --global init.defaultBranch master

custompkg/root/etc/skel/Library/user-setup/100.install-caskroom-apps.sh

@@ -1,8 +1,12 @@
 #!/bin/bash
 
-
+# set up paths and whatnot and ensure homebrew's spyware is disabled
-# set up paths and whatnot
 source $HOME/.profile
+export HOMEBREW_NO_ANALYTICS=1
+
+# this shouldn't be needed but it is
+export PATH="$PATH:$HOME/Library/Homebrew/bin"
+
 
 # per default settings apps are installed in homedir
 if [[ ! -d ~/Applications ]]; then
@@ -10,27 +14,53 @@ if [[ ! -d ~/Applications ]]; then
 fi
 
 # install caskroom
-brew tap caskroom/cask
+brew tap homebrew/cask
 
+# the following is required for fetching some of the fonts
+brew install --build-from-source svn
+
+# no google-drive-file-stream because it requires admin privs and installs to /Applications systemwide
 CASKS="
-	atom
+    alacritty
-	deluge
+    atom
-	disk-inventory-x
+    bitwarden
-	google-chrome
+    deluge
-	iterm2
+    disk-inventory-x
-	keepassx
+    eloston-chromium
-	keybase
+    homebrew/cask/handbrake
-	lastpass
+    iterm2
-	little-snitch
+    signal
-	sketch
+    homebrew/cask/syncthing
-	slack
+    tor-browser
-	spotify
+    vlc
-	sublime-text
+    wasabi-wallet
-	torbrowser
+    xscreensaver
-	vlc
-	xscreensaver
 "
 
 for CASK in $CASKS ; do
-    brew cask install $CASK
+    brew install --appdir="$HOME/Applications" $CASK
+done
+
+brew tap homebrew/cask-fonts
+
+FONTS="
+    font-consolas-for-powerline
+    font-dejavu-sans-mono-for-powerline
+    font-droid-sans-mono-for-powerline
+    font-fira-mono-for-powerline
+    font-inconsolata-dz-for-powerline
+    font-inconsolata-for-powerline
+    font-inconsolata-g-for-powerline
+    font-liberation-mono-for-powerline
+    font-menlo-for-powerline
+    font-meslo-for-powerline
+    font-monofur-for-powerline
+    font-noto-mono-for-powerline
+    font-roboto-mono-for-powerline
+    font-source-code-pro-for-powerline
+    font-ubuntu-mono-derivative-powerline
+"
+
+for FONT in $FONTS ; do
+    brew install $FONT
 done

custompkg/root/etc/skel/Library/user-setup/100.install-homebrew-apps.sh

@@ -1,72 +1,86 @@
 #!/bin/bash
 
-# set up paths and whatnot
+# reminder: homebrew is *spyware*. if you don't do this, it won't
-source $HOME/.profile
+# set HOMEBREW_NO_ANALYTICS and it will silently spy on you when you use it.
+# this should happen in the .profile but let's do it again here to be certain:
+source $HOME/.bashrc
+export HOMEBREW_NO_ANALYTICS=1
+
+# this shouldn't be needed but it is
+export PATH="$PATH:$HOME/Library/Homebrew/bin"
+
+# Homebrew's package database is on GitHub.  The hashes to verify the
+# authenticity of the source archive downloads are in the package database.
+# Microsoft, a large US military contractor with long ties to illegal NSA spying
+# programs, bought GitHub and can exercise control over them.
+
+# What this means is that a large US military contractor has control over the
+# precise software that gets installed on your computer when you
+# type "brew install x".  Cool, huh?
 
 HOMEBREW_PKGS="
-	autoconf
+    asciinema
-	automake
+    autoconf
-	bash-completion
+    automake
-	bash-git-prompt
+    bonnie++
-	bonnie++
+    bwm-ng
-	byobu
+    byobu
-	cmake
+    cksfv
-	coreutils
+    cmake
-	curl
+    coreutils
-	daemontools
+    curl
-	docker
+    daemontools
-	docker-compose
+    docker
-	docker-machine
+    docker-compose
-	duplicity
+    docker-machine
-	ffmpeg
+    duplicity
-	fish
+    ffmpeg
-	flac
+    fish
-	geoip
+    flac
-	ghc
+    geoip
-	gist
+    gist
-	git
+    git
-	gnupg
+    gnupg
-	gnupg2
+    gnupg2
-	go
+    go
-	gpg-agent
+    homebrew/dupes/rsync
-	graphviz
+    httpie
-	httpie
+    httrack
-	homebrew/dupes/rsync
+    irssi
-	irssi
+    jq
-	jq
+    kubernetes-cli
-	lame
+    lame
-	mobile-shell
+    mosh
-	mtr
+    mtr
-	mutt
+    mutt
-	nmap
+    neovim
-	node
+    nmap
-	pbzip2
-	pgpdump
-	pinentry-mac
-	protobuf
-	pv
-	pwgen
-	python3
-	socat
-	sox
-	speedtest_cli
-	syncthing
-	tcptraceroute
-	terraform
-	tor
-	torsocks
-	unrar
-	unzip
-	vimpager
-	watch
-	wget
-	whatmask
-    corelocationcli
-    heroku
     offlineimap
-    postgres
+    p7zip
+    par2
+    pbzip2
+    pgpdump
+    pinentry-mac
+    protobuf
+    pv
+    pwgen
+    python3
+    rename
+    socat
+    sox
+    speedtest_cli
+    tcptraceroute
+    tor
+    torsocks
+    trash
+    unrar
+    unzip
+    vimpager
+    watch
+    wget
+    whatmask
 "
 
 for PKG in $HOMEBREW_PKGS ; do
-    brew install $PKG
+    brew install --build-from-source $PKG
 done

custompkg/root/etc/skel/Library/user-setup/100.install-python-packages.sh

@@ -1,9 +1,16 @@
 PYTHON_PKGS="
     awscli
     awsebcli
+    pipenv
+    powerline-shell
     virtualenv
 "
 
+
+# first, upgrade pip:
+
+/usr/bin/pip3 install --upgrade --user pip
+
 for PKG in $PYTHON_PKGS ; do
-    /usr/local/bin/pip install --user $PKG
+    /usr/bin/pip3 install --user $PKG
 done

custompkg/root/etc/skel/Library/user-setup/200.install-npm-packages.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-# set up paths and whatnot
-source $HOME/.profile
-
-NPM_PKGS="
-    coffee-script
-    yarn
-"
-
-for PKG in $NPM_PKGS ; do
-    # -g is okay because "global" prefix is where homebrew
-    # installed npm, i.e. in ~/Library/Homebrew, not actually systemwide
-    npm install -g $PKG
-done

custompkg/root/etc/skel/Library/user-setup/200.install-yarn-packages.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# set up paths and whatnot
+source $HOME/.profile
+
+YARN_PKGS="
+    now
+    prettier
+"
+
+for PKG in $YARN_PKGS ; do
+    yarn global add $PKG
+done

custompkg/root/etc/skel/Library/user-setup/900.link-googledrive.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-# setup google drive as synceddir in ~/.paths
-if [[ ! -e ~/.paths/synceddir ]]; then
-    ln -s ~/Google\ Drive\ File\ Stream/My\ Drive ~/.paths/synceddir
-fi

custompkg/root/etc/skel/Library/user-setup/999.disable-gcloud-spyware.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if command -v gcloud >/dev/null 2>&1 >/dev/null ; then
+  gcloud config set disable_usage_reporting true >/dev/null 2>&1
+fi

custompkg/root/usr/local/bin/new-system-setup

@@ -6,10 +6,8 @@ sudo xcodebuild -license accept
 # enable fde
 sudo fdesetup enable
 
-# disable hibernate
+# destroy fv key on all standby events:
-# SIP prevents this rm, sadly
+sudo pmset -a destroyfvkeyonstandby 1
-#sudo rm -f /private/var/vm/sleepimage
-sudo pmset -a hibernatemode 0
 
 # enable application firewall
 sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1

install.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+function run_install {
+
+    mkdir -p $HOME/Library/Caches/Homebrew
+    rm -rf $HOME/Library/Caches/Homebrew/*
+
+    REPO="https://git.eeqj.de/sneak/osx.git"
+    DEST="$TMPDIR/osx"
+
+    if [[ ! -d "$DEST" ]]; then
+        git clone "$REPO" "$DEST"
+    else
+        cd "$DEST" && git pull && cd -
+    fi
+
+    rsync -avP "$DEST/custompkg/root/etc/skel/" "$HOME/"
+    mkdir -p $HOME/Library/bashrc.d
+    mkdir -p $HOME/Library/profile.d
+    touch $HOME/Library/bashrc.d/000keep.sh
+    touch $HOME/Library/profile.d/000keep.sh
+    
+    # FIXME move this into the modular setup scripts
+    mkdir -p "$HOME/Library/Desktop Pictures"
+    rsync -avP $TMPDIR/osx/custompkg/root/Library/Desktop?Pictures/ $HOME/Library/Desktop?Pictures/
+    defaults write \
+        ~/Library/Preferences/com.apple.systempreferences DSKDesktopPrefPane \
+        '<dict><key>UserFolderPaths</key><array><string>/Users/user/Library/Desktop Pictures</string></array></dict>'
+    
+    # run modular setup scripts
+    for FN in "$HOME/Library/user-setup/"*.sh ; do
+        echo "new-user-setup: starting $(basename "$FN")..."
+        # we used to run these in a subshell but not we don't because we want the environment to persist between
+        source "$FN"
+        rm "$FN"
+        echo "new-user-setup: removed $(basename $FN)..."
+    done
+}
+
+run_install