| url | lastchange |
|---|---|
v042 + measure data transfer :README.md |
This article
has been
refined over several years to provide the the fastest way to get a new macOS machine up and running.
After you complete the steps below, you can legitimately add to your resume or LinkedIn profile:
- Configured new Macs, from scratch, with a full set of
utilities, AI apps, and access to
AWS, Azure, and Google cloud services.
The custom automation reduced onboarding errors and time
from days to less than an hour.
Documentation of steps were validated by others.
With a common set of tools, the entire team can now pair program together efficiently.
This declarative approach updates all apps and modules with a single command, which meets cybersecurity directives to keep software up-to-date frequently.
Manual actions described below have you customize configuration files that control automation scripts you run in a Terminal app.
This automation works out dependency clashes for you. In each stage, the script detects what has already been installed, then verifies the success of each step. It performs workarounds for known issues.
-
Move Home directory to External SSD?
-
See my article about considerations of different hardware at:
Noise from keyboard keypresses is a major annoyance for some.
Unlike Mac Pro laptops, the Mac Mini does not come with a keyboard with a Touch ID fingerprint reader on the top right corner.
There are not many viable options to Apple's lock-in strategy:
[_] Get a "Apple Magic Keyboard with Touch ID for Mac Models with Apple Silicon" $149 from Amazon and Apple (it's quieter than the previous version and comes with a USB-C cable).
-
CAUTION: The one not compatible is the$99 one.
PROTIP: This keyboard's flat design is NOT ergonomic. It is not easy to reach the "delete" key.
And it's NOT backlit. That may not be an issue for touch typists and those with a monitor-mounted light.
Alternately, VIDEO: Take apart a keyboard to extract the Touch ID and put it in a 3D printed case for attaching to an iPad. Whew.
The Touch ID on the macOS keyboard is the most convenient way to unlock the computer. PROTIP: When the keyboard switch is set ON, if "Magic keyboard:" isn't recognized, connect it using a USB-C to Lightning cable to initiate pairing, then disconnect to use wirelessly.
To setup Touch ID go to Apple menu > System Preferences > "Touch ID & Password".
-
If you have a Bluetooth keyboard, you can use the USB ports for something else.
However, some Logitech USB keyboard and mouse models come with a USB dongle.
PROTIP: A keyboard with a "delete" key is useful especially if you are used to working with Windows. The macOS keyboard requires users to awarkly press "fn" key and then "delete" key to delete.
See my article about the macOS keyboards.
Keyboards from Apple are different from generic USB keyboards for Windows:
- Some keyboards don't have a "delete" key. Instead hold down the "fn" key and press the "delete" key.
- The button at the upper-right is a fingerprint reader and on/off button
- The modifier keys Command is used instead of Control.
PROTIP: Some monitors have USB ports (act as a hub). Here are needs for ports:
[] Keyboard [] Mouse (if it doesnt connect via Bluetooth)
[_] FIDO2 fingerprint key for authentication, such as the $14 Adafruit small shape or Yubikey's larger shape.
For fastest speed, some devices should be plugged into the CPU's Thunderbolt port: [] External SSD drive VIDEO [] DVD drive [] Micro SD carde [] Camera [] Elgato Stream Deck [] PROTIP: Elgato Foot pad, which I need for the constant use of Esc and Tab, and Right to control AI assistants.
[_] PrinterPROTIP: CAUTION: A hub may slow down the machine. Get a hub with its own power supply. If you must use a hub, get one that supports the fastest connection (Thunderbolt).
$72.30 Elgato USB Hub adds a USB port to the back of their Stream Deck. Brilliant.
REMEMBER: To run multiple display monitors, each display hardware needs to support DSC (Display Stream Compression).
Use the appropriate type and version of cables. REMEMBER: If you have a Mac Mini:
Ports on the Mac Mini front panel supports USB-C 3.2 Gen 2x2 cables which transfers data at up to 10Gbps and powers up to 100W.
Ports on the Mac Mini back panel supports Thunderbolt ports:
-
The Mac Mini base model supports Thunderbolt 4 cables which transfers data at up to 40Gbps and powers up to 100W for dual 4K displays.
-
The Mac Mini Pro model supports Thunderbolt 5 cables which transfers data at up to 120Gbps and powers up to 250W for dual 6K displays.
-
HDMI v3.2 cables are needed to support 4K displays.
WARNING: Some TVs do not show the pixels where the menu bar and Mission Control are displayed. Mission Control is a built-in feature of macOS to switch between groups of open apps and windows (using control + up arrow) and control + down arrow.
[_] Have a safe way to clean the surface of the monitor. Scratches will drive some people crazy.
-
Consider an ergonomic mouse. If you are right-handed, consider a left-handed mouse so that you write with your right hand while you use the mouse.
Apple's built-in Time Machine app backs up files and folders so you can completely restore the whole computer to the state when the last backup occured. This is after complete hardware failure or loss.
PROTIP: Complete backups should NOT be used to restore you computer when malware may have been added and thus present in the backup files. That's pretty much should be the presumption. Also, when restoring, avoid restoring to the same drive you are using. Complete restores should be to identical hardware.
PROTIP: The preferred way to restore is to use the automation scripts described below, which copies specific folders and files to an external USB drive so they can be used to rebuild a new machine from scratch.
[_] One of the reasons to purchase more storage on board the computer is for dual-booting to Windows and/or Linux (using Parallels, VMWare,QEMU, or VirtualBox).
-
The other reason is have room to create a mirror drive which immediately stores changes to data reduandancy on two different physical drives.
A "RAID" (Redundant Array of Independent Disks) created using Apple's Disk Utility duplicates two or more entire entire physical drives (all folders in it).
PROTIP: Since much data do not change, you may prefer to mirror specific folders using SoftRAID, $50 (Lifetime subscription) Chronosync from Econ Technologies, $40 Carbon Copy Cloner, or freeware rsync Unix CLI utility (after upgrade).
DEFINITION: Within macOS, The APFS (Apple File System) is used by macOS 10.13 and later as the overall structure that manages how data is stored and retrieved on a storage device. Unlike conventional reference to partitions, APFS holds a single fixed-sized container contiguous addresses mapped using a GPT (GUID Partition Table) aka Partition Map.
Which each container are several logical dynamic volumes (such as "Macintosh HD").
Each volume can use a different APFS format (e.g., encrypted, case-sensitive).
Devices?
-
[_] Buy a new USB drive to store backups externally. Apple's Time Machine app makes backups automatically (in the background) to disk. PROTIP: Make a backup to external USB drive before you take your Mac out of the house, before upgrading, before replacing components, etc.
-
Apple's Time Machine app makes backups to the disk with these Time Machine settings.
NVMe SSD (Solid-State drives) are more durable and faster than magnetic (spinning) mechanical hard drives. "Modern SSDs should last 5-10 years. Magnetic hard drives hold data for 3-7 years" (unless SpinRight is used on them periodically).
Higher capacity and faster read/write speeds are more expensive.
PROTIP: Apple does not support USB 3.2 Gen 2x2, which boosts speeds on paper.
VIDEO: SanDisk rate their Extreme SSDs at "P68" for dust and water resistance. BEWARE: Reports of failure seem high for 4TB. Samsung SSDs seem to be more durable. $x.76 for Cyber Monday instead of $x.99 on Back Friday.
$109.99 for 1TB at 2000MB/s through USB 3.2 Gen 2x2 cables-
$129.76 for 2TB at 1050MB/s through USB 3.2 Gen 2 cables
-
$157.78 for 2TB at 2000MB/s through USB 3.2 Gen 2x2 cables -
$229.99 for 4TB at 1050MB/s through USB 3.2 Gen 2 cables
-
$299.99 for 4TB at 2000MB/s through USB 3.2 Gen 2x2 cables -
$324.99 for 4TB at 3000MB/s through Thunderbolt 3 or USB-C 10Gbps cables
-
$499.99 for 8TB at 1000MB/s through USB-C 3.2 Gen 2 cables
-
-
[_] Have a fire-resistant vault to store backup media.
-
[_] For lower cost than a spectrum analyzer to capture emissions on several frequencies, put a cell phone inside which has been installed with the "Shielding Tester" app (from Velter KZ) to detect Wi-Fi and cell signals.
-
[_] Get a "Faraday dry sack" to keep the USB drive dry, dust-free, unconnected, and free from electromagnetic fields. VIDEO:
- Mylar blankets -8 dBm (not much protection)
- Aluminum foil -17 dBm
- Metal boxes (Ammo cans) -30 dBm
- -40 dBm is minimal level needed to block WiFi signals
- Mission Darkness bag -45 dBm
- NEST Z-bag with zip closure -51 dBm VIDEO
- Faraday Defense NX single-layer fold-over bag -60 dBm (99.9% of signals are blocked)
-80 dBm (all signals are blocked) by these bags law enforcement use to store electronic devices as evidence:
- Faraday Defense NX3 double-layer fold-over bag,
- $175 dry bag, tower bag
-
[_] Measure data transfer speeds. VIDEO
To measure speed of random read and write on macOS, install from Mac App Store the Amorphous Disk Mark from Katsura Shareware
To measure speeds of sequential read and write large files on macOS, click through install from the Apple Store BlackMagic Disk Speed Test app from BlackMagicDesigns.com (makers of DaVinci Resolve software and professional recording equipment).
These steps confirm your ability to confidently wipe your computer of all data and settings before you transfer it to a new owner or when you want to ensure no malware is lurking on your computer.
Many enterprises and organizations have strict policies that require you to schedule on your calendar a reset of your computer to factory settings periodically (such as once per quarter).
Later in this document, automation script can restore your computer to your customized state.
-
Power down your Mac.
-
Turn it on and immediately press and hold the Command (⌘) + R keys.
-
Keep holding until you see the Apple logo or a spinning globe. This will boot your Mac into macOS Recovery.
-
Select "Disk Utility" and click Continue.
-
In Disk Utility, select your main drive (usually named Macintosh HD) from the list on the left.
-
Click the "Erase" button at the top of the window.
-
Name: You should leave it as "Macintosh HD" because it's the "Startup Volume"s.
-
Format: Choose APFS (for most modern Macs) or Mac OS Extended (Journaled) for older Macs.
-
Scheme: Choose GUID Partition Map.
-
Click "Erase" to wipe the drive.
Click "Security Options" to select a number of passes to overwrite the drive with. One pass should be good enough.
WARNING: Do not perform a secure erase on a solid-state drive, such as the ones built into modern MacBooks since you will just shorten the drive's lifespan for no advantage.
-
Close "Disk Utility" to return to the macOS Utilities window.
-
Select Reinstall macOS and click Continue.
-
Follow the on-screen instructions to reinstall the operating system. This may take some time, depending on your internet speed and the version of macOS being installed.
-
Once the macOS installation is complete, your Mac will restart and you’ll see the Setup Assistant.
If you're selling or giving away the Mac, don’t complete the setup process. Simply press Command + Q and select Shut Down. The new owner can complete the setup with their own information.
-
Connect the computer to power. Connect the monitor, keyboard, mouse, etc.
-
[_] Connect to a UPS (Uninterruptible Power Supply) which ensures clean power and protects from power surges. Abrupt power loss is a common cause of data loss. A UPS also enables you to power on and off all components with one button. Press the power buttons.
-
See my article about the macOS boot-up process.
-
After boot-up, select the new machine's language, time zone, keyboard layout, icloud email & password,user name & password are manual first steps.
PROTIP: Write down the secrets along with the computer's serial number, etc. to help you deal with insurance and replacements if needed.
-
PROTIP: If you plan on taking Prometric Vue exams, create another user account called "exam". This ensures that you have a pristine environment to run their fussy exam software.
-
When prompted to upgrade your Mac, choose to upgrade to the latest version (which may take several minutes) to get your Mac up to date.
-
Plug in the external USB drive for storing backups.
-
Open Time Machine by clicking the Launchpad icon on the Dock displaying a list of apps, then click on the "Time Machine" app icon.
The Dock is by default always visible on the bottom of the screen, but the automation script can move it to the right side and also hide it to appear only when you mouse over where it should appear.
-
Click "Add Backup Disk..." icon at the right side of the screen.
-
Select the drive you just plugged in.
-
Click "Add"
-
Name the backup drive.
PROTIP: Name the drive such as "1TB-MacMini24" to designate the size of the drive and the year of the machine it is being installed on.
-
Encrypt the drive by clicking the "Encrypt" icon at the right side of the screen.
-
Enter a password for the drive.
-
Click "Encrypt"
-
Click "Done".
-
Click "Done" again.
-
Click "Start Backup" to begin the backup process.
PROTIP: Take a Backup again to establish a new baseline before and after you upgrade your machine.
NOTE: The automation script is installed, it can do a Time Machine backup.
PROTIP:For some strange reason, Apple does not provide a default direct keyboard shortcut for System Settings. So create one:
-
Click the Apple icon on the upper left corner of the screen.
-
Click the "System Settings...".
-
Type "Keyboard shortcuts".
-
Click Keyboard Shortcuts.
-
Click "App Shortcuts" on the left menu and click the + button.
-
For "Applications", select "System Settings".
-
In Menu title at the right, type "System Settings..." (make sure to include the ellipsis).
-
For Keyboard shortcut, press Shift + Option + Command + P (use your left pinky finger to press Shift and right finger to press P).
-
Click "Done" to save the shortcut.
-
Try it out by clicking on the Apple icon on the upper left corner to see the keystrokes for "System Settings...". Try the keyboard sequence shown.
VIDEO: Similarly, Shift + Option + Command + V performs "Paste and Match Style" shown in Finder > Edit.
Most System Settings can be changed programmatically by commands in mydotfile.sh specification automation described later in this README file.
However, some default settings are so annoying that most users want to change them right away:
-
Click the Apple icon on the upper left corner of the screen.
-
Click "System Settings...".
-
Scroll down to click "Mouse".
-
For "Tracking speed", drag the dot closer to "Fast" on the right.
-
For "Secondary Click", select "Click Right Side" (which is why it's called "Right-Click").
-
Exit the dialog.
Safari is the default internet browser on MacOS.
The automation script will install other browsers if specified. That replaces these manual steps:
-
To ensure that cookies in the browser are not confused, open the browser you want to use. Select the browser profile you want to use.
You may need tonavigate to that browser's settings and make that the default and profile. For example: chrome://settings/defaultBrowser
Repositories defined as "Public" can be downloaded without creating a GitHub account.
A GitHub account is needed to fork repositories to their account.
But if you have not yet obtained a GitHub account:
-
We recommend installing Twillo's Authy app on your smart phone for two-factor authentication.
-
In a web browser, sign up for one with your email address at
-
Sign in with your email address and password.
-
In your email, verify your email address to activate your account.
-
TODO: Configure SSH and GPG keys.
So you can click links within this README file on the target machine:
-
To open Safari, near the left among the default list of apps at the bottom of the screen, click on the "Safari" browser icon.
-
Click on the middle field to type on top of "Search or enter website name".
-
Type in this URL to reach this README file:
https://github.com/wilsonmar/mac-setup/blob/main/README.md#ViewREADME
-
Read through to this section for manual instructions.
The default GUI app for opening files and folders is the Finder GUI app.
It is the one default app that can't be removed.
-
Open the Finder app by clicking on the Finder icon (on the Dock).
-
To see what's in the invisible Clipboard, click on the Edit menu item, then "Show Clipboard".
-
Click the "Go" menu at the top.
-
Folders on the left panel may be rearranged by being dragged and dropped.
-
If you want the speed of using keyboard shortcuts Apple created, memorize the Go keyboard shortcut keys and right-click to remove each from the Folder's left menu Side Bar.
Entries on the left Side Bar makes it convenient to drop files into that folder from another Finder folder.
-
As the "Go" menu show, click the shortcut keys to reach the "Computer": Press
Shift + Command + C
This is the very top level. "Macintosh HD" not a folder but the drive. "Network".
-
Click on "Macintosh HD" to display the top "root" level folders defined by Apple, referenceable with a "/" slash character:
- /Applications contain apps that can be opened by any user and also
/Applications/Utilities containing what Apple provides, such as the Terminal app, Disk Utility, etc. - /Library contains folders used by the operating system
- /System contains folders restricted from view
- /Users contains a folder for each user account created.
Hidden Files
- /Applications contain apps that can be opened by any user and also
-
Press shift + command + . (period key) to display hidden files and folders named with a "." character. You should now see additional folders such as:
-
/bin contains macOS alias, awk, base64, nohup, make, man, perl, pbcopy, sudo, xattr, zip, etc.
-
/etc
-
/opt contains user-installed optimization utilities
-
/sbin contains macOS utilities fsck, mount, etc.
-
/tmp
-
/usr and its subfolders contain folders and files controlled by the user, so does not require sudo to access
-
/usr/sbin contains macOS chown, cron, disktutil, expect, fdisk, mkfile, softwareupdate, sysctl, etc.
-
/var
-
usr/local/bin contains pgms installed using brew, so should be first to override libraries
-
opt/homebrew is added in front of /usr/local/bin by brew on Apple M1/2 machines.
Additionally, many 3rd-party CLI modules (such as Git) install create a hidden folder such as ".git" to store application data related to the user.
To find programs with the above folders, programs intuitively know to look within the $PATH system variable. That is defined within the .bash_profile file in each user's $HOME folder.
-
-
View
https://github.com/wilsonmar/mac-setup/blob/main/.bash_profile
-
Notice in the file the base $PATH variable:
PATH=/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin
-
Click on "Users", then your user name (such as "johndoe") to display the $HOME level folders Apple creates for each new user. Examples:
/Users/johndoe/ contains apps that can only be used by a user hypothetically named "johndoe". A Application folder is one of several automatically created for each user account.
-
Drag your user name folder (such as "johndoe") and drop it at the top of the left Side Bar.
-
Click the user name folder (such as "johndoe") to display the $HOME level folders Apple creates for each new user. Examples:
-
/Users/johndoe/Applications containing apps that can only be used by a user hypothetically named "johndoe". Other default folders:
-
Desktop
-
Documents
-
Downloads
-
Movies
-
Music
-
Pictures
-
Public
Within Finder, you can create a new folder (with default name "untitled folder) by clicking the round icon with three dots, and select "New Folder". But the automation will do that if you just specify the folder name in the mac-setup.env file.
The script creates a folder for each user account named for the GitHub account name you specify in the mac-setup.env file. In the GitHub folder for the account, it creates a "config" file with content such as:
[user] email = John Doe name = [email protected] -
Most System Settings can also be changed programmatically by commands in the mydotfile.sh specification script. A template of that file is at:
The sequence of commands is the structure of the Apple System Setting app GUI tree.
See https://wilsonmar.github.io/passkeys/
Even complex passwords can easily be cracked within seconds. So traditional passwords are replaced with biometric fingerprint Touch ID, Face ID, or Windows Hello to authenticate your identity. Biometrics are used instead of having to using an additional app such as Authy.
Passkeys was introduced in 2022 for Apple Safari on macOS 13 Ventura and later.
In 2024, macOS 15 (Sequoia) introduced the standalone Passwords.app, providing a more refined passkey management interface.
- Open the Passwords app from your Applications folder.
- Click on the Passkeys tab and select Add New Passkey.
- Follow the on-screen instructions to complete the setup, using biometric verification or your device password.
- Manage, edit, or delete your passkeys within this app.
Enable Two-Factor Authentication (2FA) for your Apple ID if not already activated1.
Google Chrome and Microsoft Edge support Passkeys. But Passkeys created with Apple Safari are not compatible with other ecosystems (such as Google Chrome).
Instead of create a separate Passkey on Chrome and Edge, if you’re logging in from a non-Apple device, you can use cross-device authentication through QR codes or Bluetooth.
To install passkeys on macOS, follow these steps:
Enable iCloud Keychain:
-
Open Apple System Settings
-
Click "Apple ID" at the top left. Click "iCloud".
-
Click "Passwords and Keychain".
-
Toggle on iCloud Keychain "Sync this Mac".
https://medium.com/@corbado_tech/activate-apple-passkeys-on-macbooks-3cf5cc83bef7
Create a passkey:
-
Visit a website or app that supports passkeys, such as PayPal.com.
-
Look for an option to create a passkey during account creation or in account settings.
-
Select "Create Passkey" when prompted.
-
Authenticate using Touch ID or your device passcode.
-
Use the standalone Passwords app in the Applications folder
-
Click on the Passkeys tab and select "Add New Passkey"
-
Follow on-screen instructions to complete setup.
PROTIP: This approach is designed so that you can examine the script before running it.
-
In a browser window, click this link or highlight and copy the URL and paste in the browser URL address bar to navigate to the GitHub repository that contains the mac-setup files:
https://github.com/wilsonmar/mac-setup/
-
Click the green "Code" button to the right of the URL.
-
Select "Download ZIP" to see the animation to the your Downloads folder.
-
Specify the default "main" branch of the GitHub repository that contains the mac-setup files.
-
Click the "Downloads" icon at the lower-right of the screen to double-click "mac-setup-main".
-
In the Downloads folder, unzip the file and open the mac-setup folder by double-clicking the folder icon. Or, right-click and select "Open" to open the folder.
Later in this document, this folder will replaced by a version-controlled folder created by the Git clone utility.
File names ending with ".sh" uses the Bash interpreter.
File names ending with ".zsh" uses the Zsh interpreter.
In this project, we use Bash rather than Zsh in order for the script to possibly be adapted for work on Linux and Windows machines as well. ".sh" is a contraction of the term "shell" based on the "Bash" language (aa contraction of the term "Bourne-agan shell" -- a play on words).
The automation script upgrades the "Bash" interpreter to the latest version because Apple stopped upgrading Bash due to licensing issues and switched to Zsh as the default macOS shell interpreter since macOS 12 Monterey.
mac-setup.sh is the main automation script that runs based on the specifications defined in the above files.
When the automation script mac-setup.sh is run, it moves these files to the user's $HOME folder:
-
.bash_profile contains what is executed before each Terminal session opens.
-
.bashrc contains what is executed before each Terminal session opens.
-
mydotfile.sh contains the commands to change Apple System Settings.
-
aliases.sh contains the keyboard aliases created before each Terminal session.
-
mac-setup.env holds the environment variables used by the mac-setup.sh script. The automation script can make a folder to hold the folder (GitHub repository) that can version control files, based on the folder name you specify in the mac-setup.env configuration file. The file is in the $HOME folder so that it is not eligible for upload to GitHub within a repository. Thus, provision is needed to back it up in case of loss of the machine.
There are several text editors that come pre-loaded with macOS, including TextEdit, Sublime Text, and Atom. You can use any of these editors to edit files.
However, you may prefer to use a more powerful text editor (VSCode, etc.) by first running the "mac-setup.sh" script to install them.
The built-in Terminal utility app is used to execute shell scripts like on Linux machines.
-
Hold down the Command key and press spacebar to pop up the Spotlight Search modal dialog.
-
Type on top of "Spotlight Search" Ter so enough of "Terminal.app" appears to press Enter to select it in the drop-down.
-
When "Terminal.app" is highlighted, click it with your mouse or press the return key to launch the Terminal.app program selected.
The default Terminal CLI (Command Line Interface) prompt begins with the user name value defined in the PS1 system variable that the automation script changes.
-
Type pwd to see the "present working directory", which is the current folder you are in. The path shown is also stored in a variable named $HOME.
-
Type ls -al to see the default folders and files in your $HOME folder. The -al parameter specifies to show all folders and files as a list.
-
To reduce text wrapping of long lines, expand the width of your Terminal window by dragging the right edge with your mouse.
-
To specify a folder containing a space character, add double-quote to the string:
ls -al "/Library/Application Support"Alternately, if that space character is specified as an escape character using the "" escape command:
ls -al /Library/Application\ SupportREMEMBER: Typing the "~" variable is the same as typing the "$HOME" variable. Typing a space character within "Application Support" require double-quotation marks unless that space is preceded by the "" escape command.
REMEMBER: The folder for an app is not deleted when the application is deleted.
PROTIP: The automation script installs keyboard aliases (shortcuts) you can use to improve typing speed and accuracy. Examples:
- alias ll="ls -al"
- alias l="ls -l"
- alias h="history"
-
View all the aliases defined in the aliases.sh file called from within .bash_profile in the $HOME folder:
https://github.com/wilsonmar/mac-setup/blob/main/aliases.sh
The first part of each line defines its attributes (permissions and ownership). Lines beginning with "d" define directories (folders).
- .Trash
- .zsh_sessions
- Desktop
- Documents
- Downloads
- Movies
- Music
- Pictures
- Public
Notice that $PATH folder is separated by colons (rather than semicolons used in Windows).
https://github.com/wilsonmar/mac-setup/blob/main/mac-setup.sh
CAUTION: The remainder of this article explains how to run the script.
That automation script is manually invoked several times using different parameters on the Terminal command line, each time for a different phase of installation.
However, script mac-setup.sh can upgrade Bash to the latest version.
-
Click "fork" to copy the script to your own GitHub account.
Next, let's get that script onto your machine using "Bash" CLI (Command Line Interface) commands within the Terminal app.
-
Define the .env files
-
Open the Terminal app and type:
mkdir -p "$HOME/gh-johndoe"
Most of the apps installed make use of installers defined in the Homebrew repository online. There is a file (of Ruby code) for each brew install formula at:
https://github.com/Homebrew/homebrew-core/blob/master/Formula/httpd.rb
PROTIP: Before downloads a brew formula, we recommend that you look at its Ruby code to verify what really occurs and especially where files come from.
brew edit ___
We recommend that you install a binary repository proxy that supply you vetted files from a trusted server instead of retrieving whatever is the latest on the public Homebrew server.
Homebrew has over 4,500 formulas the last time we checked.
To install and configure programs which don't have brew installation formulas, various Libux utility commands such as curl, sed, cut, etc. are used in this automation script.
Yes, you can just run brew yourself, one at a time. But logic in the script goes beyond what Homebrew does, and configures the component just installed:
- Undo a brew error (such as needing an unset)
- Install dependent components where necessary
- Display the version number installed (to a log)
- Add alias and paths in .bash_profile (if needed)
- Perform configuration (such as adding a missing file needed for mariadb to start)
- Edit configuration settings (such as changing default port within Nginx within config.conf file)
- Upgrade and uninstall if that is available
- Run a demo using the component to ensure that what has been installed actually works.
-
Open the Terminal app and type:
gh auth login --webThe response:
? What is your preferred protocol for Git operations on this host? [Use arrows to move, type to filter] > HTTPS SSH -
Press Enter to accept "HTTPS" as the preferred protocol.
? What is your preferred protocol for Git operations on this host? HTTPS ? Authenticate Git with your GitHub credentials? (Y/n) -
Press Enter to accept the default capitalized "Y" to authenticate Git with your GitHub credentials. The response:
! First copy your one-time code: 17B4-A882 Press Enter to open https://github.com/login/device in your browser... -
Highlight the code and press Command+C to copy it to your invisible Clipboard.
-
Press Enter for GitHub "Device Activation" page to appear in whatever is set as default browser.
-
Click the button associated with the account you want to use, such as "Continue".
-
In the "Device Activation" page that appears, click on the first box and press command+V to paste the 8-digit code from your invisible Clipboard.
-
Click "Continue".
-
Click "Authorize github".
-
Click "Use passkey" and touch your fingerprint for "Congratulations, you're all set!"
-
Press command+W to close the "Device Activation" page.
-
Switch to the Terminal by holding down command and pressing Tab repeatedly until it rests on the Terminal icon.
✓ Authentication complete. - gh config set -h github.com git_protocol https ✓ Configured git protocol ✓ Logged in as wmjomt -
Type the GitHub account name you want to fork to, such as:
GH_ACCT="wmjomt" -
Fork and clone in this one command:
gh repo fork "https://github.com/wilsonmar/mac-setup" --cloneThe response at time of writing:
✓ Created fork wmjomt/mac-setup Cloning into 'mac-setup'... remote: Enumerating objects: 4255, done. remote: Counting objects: 100% (1303/1303), done. remote: Compressing objects: 100% (500/500), done. remote: Total 4255 (delta 821), reused 1268 (delta 789), pack-reused 2952 (from 1) Receiving objects: 100% (4255/4255), 13.01 MiB | 12.71 MiB/s, done. Resolving deltas: 100% (1125/1125), done. From https://github.com/wilsonmar/mac-setup * [new branch] main -> upstream/main * [new branch] master -> upstream/master ✓ Cloned fork ! Repository wilsonmar/mac-setup set as the default repository. To learn more about the default repository, run: gh repo set-default --help
The automation script, installs apps by reading keywords in file mac-setup.env:
Instead of or in addition to the default apps, you can specify additional apps to install:
- Safari browser: Google Chrome, Firefox, Microsoft Edge, Brave,etc.
- Terminal.app: iTerm2, Warp, etc.
- Editors vim: VSCode, Windsurf, Cursor, etc.
Default apps can be specified for removal (to save disk space) by changing a list of apps in the script.
Scripts here are modular. It installs only what you tell it to by adding a keyword in the control file.
This repo brings DevSecOps-style "immutable architecture" to MacOS laptops. Immutability means replacing the whole machine instance instead of upgrading or repairing individual components.
-
Press command + up again to display the top level containing "Macintosh HD" and "Network" folders.
The Go menu shows the shortcut keys to reach this folder as: Command + Shift + G
"Macintosh HD" contains the folder for the current user account, such as "Users/johndoe".
PROTIP: Installers of apps being installed are shown in this folder.
-
Manually arrange to your liking the sequence of folders on the left panel of Finder.
- keepa.kdbx (Keepass database)
The mac-setup.sh script adds these folders:
-
Applications (to hold GUI .app tooling executables installed)
-
Projects (or other name to hold files not managed by Git)
-
(various folders to hold database files)
-
github-wilsonmar (or whatever is your user account on GitHub.com holding code)
-
gh-wmjtm (another user name on GitHub)
-
go
-
gopkgs
-
Switch to the Terminal by holding down the Command key and pressing Tab repeatedly until it rests on the Termial icon.
The above list is from the secrets.sh file in your $HOME folder, which you edit to specify which port numbers and keywords to specify apps you want installed.
The file's name is suffixed with ".sh" because it is a runnable script that establishes memory variables for a Setup script to reference.
The section below explains to someone relatively new to Mac machines the steps to automate installation of additional MacOS application programs. Along the way, we explore basic skills to use a command-line Terminal and common commands.
Bash 4.0 was released in 2009, but Apple still ships version 3.x, which first released in 2007.
Bash Version 4 is needed for "associative arrays" needed in the script.
-
Test if you have Bash updatedi by typing this:
bash --version | grep 'bash'
Hold the Shift key to press the | (called pipe) key at the upper-right of the keyboard.
The grep 'bash' is needed to filter out lines that do not contain the word "bash" in the response such as:
You have a recent version of Bash if you see:
GNU bash, version 5.2.37(1)-release (aarch64-apple-darwin23.4.0)If instead you see you have bash v3 that comes with MacOS, this blog describes what is improved by version 5+.
-
Switch to back to this web page by holding down the command key and pressing Tab repeatedly until it rests on the browser icon.
-
Triple-click on the script line below to highlight it for copying:
sh -c "$(curl -fsSL https://raw.githubusercontent.com/wilsonmar/mac-setup/master/mac-bash-up.sh)"
-
Press Command+C to copy it to your invisible Clipboard.
-
Switch to the Terminal by holding down command and pressing Tab repeatedly until it rests on the Termial icon.
-
At the Terminal, click on a Terminal window and paste in the command by holding down command then V. It doesn't matter what folder you're on at this point.
-
Press Enter to run the command, which upgrades Bash to version 4 and copies a file to your Home folder.
The script first makes use of the Ruby program to install Homebrew which, in turn, installs Bash v4 using the brew command to download and configure packages.
-
After it runs, verify the version again as described above to ensure it's version 4.
-
The default location the Terminal command opens to by default is your "Home" folder, which you can reach anytime by:
cd
-
The "~" (tilde character) prompt represents the $HOME folder, which is equivalent to a path that contains your user account, such as (if you were me):
/Users/wilsonmar
-
You can also use this variable to reach your account's Home folder:
cd $HOME
In other words these commands all achieve the same result:
cd = cd ~ = cd $HOME
It's wise to avoid storing secrets in GitHub or other public repository. Files stored in your user $HOME holder (outside a Git-managed folder) have no chance to be uploaded from the Git repository. The script references secrets there.
And if the script doesn't see a secrets file in your $HOME folder, it copies one there from the repo's sample file.
NOTE the secrets.sh is a clear-text file.
Optionally, you may store secrets and configurations in an encrypted file after some initial configuration.
Run script ./secrets.edit.sh to decrypt the contents of secrets.sh for the mac-setup-all.sh script to use.
Run script ./secrets.lock.sh to encrypt the contents of secrets.sh.
Utilities "blackbox" or "git-secret" can be used to handle
-
Use a text editor to edit the secrets.sh file using a text editor that comes pre-loaded on every Mac:
textedit ~/secrets.sh
The tilde character specifies that the file is in your Home folder.
Looking in the file, consider the first line in the secrets.sh file:
#!/bin/bash
That is the "Bourne-compliant" path for the Bash v3.2 shell installed by default on MacOS up to High Sierra. BTW, other Linux flavors may alternately use this for portability:
#!/usr/bin/env
BTW, unlike Windows, which determines the program to open files based on the suffix (or extension) of the file name, Linux shell programs such as Bash reference the "shebang" on the first line inside the file.
-
Open another Terminal window.
-
View the above files to see that they are binary executable files, such as:
textedit /usr/bin/bash
-
Exit the file.
-
Press the command key with the back-tick (`) at the upper-left of the keyboard to switch among textedit windows.
If you instead see this on the first line:
#!/usr/local/bin/bash
that is the Bash program associated with Bash v4.
This is why we needed to first upgrade Bash before running other scripts.
The initial secrets.sh file does not have keywords which specify additional apps to install.
-
Scroll down or press command+F to type an app keyword to find its category.
-
Scroll to the list of ports (listed above).
-
May sure that none of the ports are the same (conflicts).
-
Save the file and exit the text editor.
-
Now copy, switch, click and paste in a Terminal window to run this command:
sh -c "$(curl -fsSL https://raw.githubusercontent.com/wilsonmar/mac-setup/master/mac-setup-all.sh)"
The script referenced in the command obtains more files needed by cloning from a public GitHub repository ( https://github.com/wilsonmar/mac-setup) to a folder under your home folder named "mac-setup".
-
Wait for the script to finish.
On a 4mbps network the run takes less than 5 minutes for a minimal install. PROTIP: A faster network or a proxy Nexus server providing installers within the firewall would speed things up and ensure that vetted installers are used.
When the script ends it pops up a log file in the TextEdit program that comes with MacOS.
-
Switch to the TextEdit window by clicking it.
-
Scroll to review the log file. Press command+F to input text to search.
-
Close the log file by clicking the red button.
-
Switch to a Finder window to your account's Home folder and delete log files.
The folder contains these files and folders:
- Files within folder "hooks" are used by Git (if marked for install.)
- File "mac-bash-profile.txt" contains starter entries to insert in ~/.bash_profile that is executed before MacOS opens a Terminal session.
To update what is installed on your Mac, re-run the mac-setup.zsh bash script.
-
cd into your Home folder to find the secrets.sh file.
-
Edit the file, then run again locally:
chmod +x mac-setup-all.sh ./mac-setup-all.sh
The chmod (pronounced "che-mod") changes the permissions for executing the file.
Now let's look at the Bash coding techniques used in the scripts mentioned above, at: https://wilsonmar.github.io/bash-coding
The brew formula "mas" manages Apple Store apps, but it only manages apps that have already been paid for. mas does not install apps new to your Apple Store account.
Apps on Apple's App Store for Mac need to be installed manually. Popular apps include:
- Office for Mac 2016
- BitDefender for OSX
- CrashPlan (for backups)
- Amazon Music
- HockeyApp RDP (Remote Desktop Protocol client for controlling Microsoft Windows servers)
- Colloquy IRC client (at https://github.com/colloquy/colloquy)
- etc.
.pkg and .dmg files can be downloaded to install apps.
Apps for syncing to cloud providers are installed mostly for manual use:
Dropbox, OneDrive, Google Drive, Amazon Drive
-
Splunk log analysis SPLUNK_PORT="8000" http://docs.splunk.com/Documentation/SplunkLight
-
Kafka streams
Lists of Mac programs:
-
https://github.com/paulirish/dotfiles/blob/master/brew-cask.sh (one of the earliest ones by a legend at Google)
-
https://github.com/andrewconnell/osx-install described at http://www.andrewconnell.com/blog/rapid-complete-install-reinstall-os-x-like-a-champ-in-three-ish-hours separates coreinstall.sh from myinstall.sh for personal preferences.
-
https://www.reddit.com/r/osx/comments/3u6mob/what_are_the_top_10_osx_applications_you_use/
-
https://github.com/jaywcjlove/awesome-mac/blob/master/README.md
-
https://medium.com/@ankushagarwal/maximize-developer-productivity-on-a-mac-a9ae6fbaedab
-
https://www.mugo.ca/Blog/Turbo-charge-your-Mac-development-environment describes use of Vagrant
Here are other scripts to install on Mac:
- https://github.com/wilsonmar/git-utilities/blob/master/README.md was an early example just the bare basics, such as https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup and https://git-scm.com/docs/git-config
- https://github.com/monfresh/laptop
- https://github.com/18F/laptop
- https://dzone.com/articles/local-continuous-delivery-environment-with-docker
- https://medium.com/my-name-is-midori/how-to-prepare-your-fresh-mac-for-software-development-b841c05db18
- https://github.com/swoodford/osx/blob/master/setup-developer-environment.sh
- https://www.bonusbits.com/wiki/Reference:Mac_OS_DevOps_Workstation_Setup_Check_List
- More at https://github.com/thoughtbot/laptop/blob/master/mac
- https://github.com/ghaiklor/iterm-fish-fisherman-osx described at https://ghaiklor.github.io/iterm-fish-fisherman-osx/ and https://blog.ghaiklor.com/bootstrap-your-terminal-environment-in-macos-with-a-single-bash-script-ea1ca445f0a5
- https://github.com/why-jay/osx-init/blob/master/install.sh
-
Switch back to the Finder GUI.
-
To get the disk space used by this folder using this command:
du -sh "$HOME" -
Switch back to the Finder GUI.
-
Press command + down to go down a level.
PROTIP: Put on your calendar to repeat this once a month to ensure that you have control of your machine. Here is where malicious software can get access.
-
Within Apple System Settings, click the "Search" text within the field at the upper-left corner.
-
On top of "Search" type "Login" to select 'Login Items & Extensions".
-
If you don't want to have a program Open at Login, click on that app and click the "-" button.
-
If you want to Allow in the Background a program, click on the toggle to its left.
These I allow to run in the background:
- Corsair Memory, Inc. makes Elgato Stream Deck, prevents the app from shutting down unexpectedly.
- Docker
These I do NOT allow in the background when I'm not using them:
- Faithlife Corporation
- fixGpgHome
- Google LLC
- GPG Suite in /Library/LaunchAgents
- Grammarly, Inc in ~/Library/LaunchAgents
- ignition.sh (server)
- Keybase, Inc. in ~/Library/LaunchAgents
- Microsoft AutoUpdate
- Microsoft Corporation
- Microsoft Office Licensing
- Microsoft OneDrive in /Library/LaunchAgents
- nginx (server) in /Library/LaunchDaemons
- OneDrive in /Library/LaunchAgents
- shutdown-pgp-agent
- WireShark Foundation in /Library/LaunchDaemons
- Zoom.us in /Library/LaunchDaemons
-
To see what Login Items are installed, in a Terminal window, type:
sfltool dumpbtm -
Type in your password for the computer.
-
Look for .plist files to remove within:
- ~/Library/LaunchAgents
- /Library/LaunchAgents
- /Library/LaunchDaemons
To rip DVDs, install BurnerXP from https://www.burnerxp.com/
[_] Bought a $174.99 Pioneer BDR-XS07 6X slim portable 4K UHD Blu-ray burner supports Windows 7+ & MacOS 10.11+, 10Gbps, 8K 10Gbps, 4K 2.5Gbps, 8K 2.5Gbps, M-DISC for long-term data archival to DVD. Comes with a USB-C 3.1 Gen 1 cable.
[_] Download and install MakeMKV from https://www.makemkv.com generates the unencrypted folder structure then create an ISO of the folder contents.
There's also AnyDVD.
jellyfin