mozilla / dinobuildr Goto Github PK

Add sound icon to menu bar

Enable > Energy Saver > Start up automatically after a power failure

Disable password prompt after the screen goes to sleep.

Add Bluetooth icon to menubar

Disable screen saver

Suppress the Siri setup assistant screen to allow the newly created corsica account to auto login at the first login without any interruptions.

A brief troubleshooting guide, likely in the form of an FAQ to start, will be needed.

E.G.

• What to do if the build fails

Verify that Analytics is disabled. Disable Analytics if enabled.

Some rudimentary build tests would save us a lot of headaches. Build tests would make sure that any merges to master have:

• branch variables set to master
• File hashes all match what is in the manifest / config

This is an optional feature that I'm logging as a discussion point. Currently, the screensaver displays the username of the logged in user that dinobuildr was run on (as well as a portion of the serial number). While no mention of the company associated with the account is visible, it may make sense to not display a form of the user's name on a screen that might be visible in a public place.

We need to kick off filevault in our build, as this is currently a manual step.

First iteration will likely involve techs manually escrowing the fv recovery keys, but we have some ideas about how to safely automate the escrow.

We need to make errors fail the build and make them very shouty and easy to see across the room.

For some reason, certain machines show the Crashplan icon as a ? in the dock.

I believe the issue is the CrashPlan.app is wrong here, but it's strange that it works on some machines.

Add Vidyo to the dock and remove all other apps.

Automatically launch Vidyo on start up.

Remove mirroring and Wi-Fi icon from the menu bar

Display the time with seconds
Show date

Enable auto updates

This is unconfirmed, but it appears that some of our 10.13.x machines don't get the 10.13.2 updater advertised to them if they don't have the IAmRoot security update installed.

We may be able to get around this by just running softwareupdate -ia twice.

We need a "local" development mode that lets us hack on scripts locally without having to commit changes to Github, wait, test, and repeat.

I'd suggest we force a reboot at the end of our build. softwareupdate may require a reboot, depending on what it installs, and I'd rather the reboot just be a consistent action.

Allow access to Vidyo and restrict all other apps

The very hacky way that we get around Crashplan autolaunching (without messing with the installer package) is timing out. It is, strangely, totally doing it's job still.

Executing: Crashplan PostInstall
*** Waiting for Crashplan to launch and then quitting it...
*** 0:20: execution error: CrashPlan got an error: AppleEvent timed out. (-1712)

Need to set the screen saver to start after 5 minutes.

We need a better how-to than the README.md provides. I do suggest we keep this guide in the README.md.

Configure the the option Require password immediately after sleep or screen saver begins.

Currently, our non-canary corsica devices update on the 1st and 15th of every month in order to, hopefully, give us a little time to intervene if an update breaks our canary devices. This falls down if the updates are released on, say, the 14th or the 31st, since the devices will just grab updates on those dates.

What we need is a mechanism that waits X amount of days after an update is available (unless it's interrupted by informant of course)

Feature: Set firmware password

Set wallpaper

We need to eventually make our dinobuildr.sh script a signed package, instead of a shell script.

Enable > Engery Saver > Prevent computer from sleeping automatically when the display is off

Seems like we should probably just generate a random password for the non-admin user that corsica uses, since the current password is dumb and nobody should ever need it.

The branch and manifest variables need validation

Investigate whether it's possible to disable audio (over HDMI) in our Corsica builds.

This is a bug to track work on the future logging we will add to Dinobuildr.

Data we would like to capture:

• Date / time of build
• Commit hash of build
• Full stdout of script execution
• Elapsed time to complete

Verify that location services is disabled. Disable location services if it is enabled.

We remove the Downloads folder from the dock, and I think it's rather useful. Let's add it back!

The bash script executer isn't putting a newline down at the end so the output of the main config scrip is wonk'd. Need 2 fix.

Executing: Check macOS Version
*** You are running macOS 10.13.2, which meets the minimum requirements.
Downloading: Configure ComputerName
/var/tmp/dinobuildr/set-computername.sh is 1126 bytes.
The hash for /var/tmp/dinobuildr/set-computername.sh match the manifest file
Executing: Configure ComputerName
*** Setting LocalHostName and ComputerName to vagrant-ia5mat
Downloading: Install Crashplan
/var/tmp/dinobuildr/CrashPlanPROe_4.5.2_Mac.dmg is 87687680 bytes.
The hash for /var/tmp/dinobuildr/CrashPlanPROe_4.5.2_Mac.dmg match the manifest file
/var/tmp/dinobuildr/CrashPlanPROe_4.5.2_Mac.dmg
Install CrashPlan PROe.pkg

Downloading: Crashplan PostInstall
/var/tmp/dinobuildr/crashplan-postinstall.sh is 581 bytes.
The hash for /var/tmp/dinobuildr/crashplan-postinstall.sh match the manifest file
Executing: Crashplan PostInstall
*** Waiting for Crashplan to launch and then quitting it...

The first step in our build should be a minimum OS version check. If the machine being built doesn't meet the minimum version, the build should fail in a classy way.

Enable auto login for the Mac account. Vidyo should automatically startup after login.

We do two sketchy things in our build. We pull down python scripts from forked repos, pin their commit hashes and execute them via curl:

While this is "safe" enough for our purposes, since the repos are forked and we hash pin, we should stop doing this altogether because we can't lint these scripts.

Of course, we also can't lint binaries that we pull down for our build, but this seems like a thing we could stop doing and it would make the build easier to understand. I believe the best solution is to simply pull these scripts into dinobuildr, and make dinobuildr understand how to natively execute python.

all the things!

We should probably be setting the hostname of the machine to something other than the default.

This is a ticket that will track work documenting the components of the build in an easy to understand format. The manifest is human-readable but not easy to understand, we need a "this is what's in the build" overview document that gets updated when the manifest is updated.

Since there are some quirks to developing for dinobuildr, we should have a guide that explains what to do.

We need a deeper architectural document to help people understand wtf is going on here.

Suppress all notifications under the notifications center.

Our corsica endpoints are intended to work as "kiosk" style appliances. We need to understanding the following scenarios:

• What happens when the endpoint loses power
• What happens when the endpoint is told to reboot via Casper MDM commands
• What happens when macOS OS updates are queued for install
• What happens when Firefox updates and the endpoint is restarted

Because we want to get serious about linting our code, heredocs are a no-no from here on out. In order to get away from heredocs, we should probably write a way for dinobuildr to natively write LaunchAgents and LaunchDaemons since those make up the bulk of our heredocs.

We need to handle redirects we get in the response headers in our downloader functions.