mozilla / dinobuildr Goto Github PK
View Code? Open in Web Editor NEWA macOS deployment utility developed by Mozilla IT
License: Mozilla Public License 2.0
A macOS deployment utility developed by Mozilla IT
License: Mozilla Public License 2.0
Add sound icon to menu bar
Enable > Energy Saver > Start up automatically after a power failure
Disable password prompt after the screen goes to sleep.
Add Bluetooth icon to menubar
Disable screen saver
Suppress the Siri setup assistant screen to allow the newly created corsica account to auto login at the first login without any interruptions.
A brief troubleshooting guide, likely in the form of an FAQ to start, will be needed.
E.G.
Verify that Analytics is disabled. Disable Analytics if enabled.
Some rudimentary build tests would save us a lot of headaches. Build tests would make sure that any merges to master
have:
branch
variables set to master
This is an optional feature that I'm logging as a discussion point. Currently, the screensaver displays the username of the logged in user that dinobuildr was run on (as well as a portion of the serial number). While no mention of the company associated with the account is visible, it may make sense to not display a form of the user's name on a screen that might be visible in a public place.
We need to kick off filevault in our build, as this is currently a manual step.
First iteration will likely involve techs manually escrowing the fv recovery keys, but we have some ideas about how to safely automate the escrow.
We need to make errors fail the build and make them very shouty and easy to see across the room.
For some reason, certain machines show the Crashplan icon as a ?
in the dock.
I believe the issue is the CrashPlan.app
is wrong here, but it's strange that it works on some machines.
Add Vidyo to the dock and remove all other apps.
Automatically launch Vidyo on start up.
Remove mirroring and Wi-Fi icon from the menu bar
Display the time with seconds
Show date
Enable auto updates
This is unconfirmed, but it appears that some of our 10.13.x machines don't get the 10.13.2 updater advertised to them if they don't have the IAmRoot security update installed.
We may be able to get around this by just running softwareupdate -ia
twice.
We need a "local" development mode that lets us hack on scripts locally without having to commit changes to Github, wait, test, and repeat.
I'd suggest we force a reboot at the end of our build. softwareupdate
may require a reboot, depending on what it installs, and I'd rather the reboot just be a consistent action.
Allow access to Vidyo and restrict all other apps
The very hacky way that we get around Crashplan autolaunching (without messing with the installer package) is timing out. It is, strangely, totally doing it's job still.
Executing: Crashplan PostInstall
*** Waiting for Crashplan to launch and then quitting it...
*** 0:20: execution error: CrashPlan got an error: AppleEvent timed out. (-1712)
Need to set the screen saver to start after 5 minutes.
We need a better how-to than the README.md
provides. I do suggest we keep this guide in the README.md
.
Configure the the option Require password immediately after sleep or screen saver begins.
Currently, our non-canary corsica devices update on the 1st and 15th of every month in order to, hopefully, give us a little time to intervene if an update breaks our canary devices. This falls down if the updates are released on, say, the 14th or the 31st, since the devices will just grab updates on those dates.
What we need is a mechanism that waits X amount of days after an update is available (unless it's interrupted by informant
of course)
Feature: Set firmware password
We need to eventually make our dinobuildr.sh script a signed package, instead of a shell script.
Enable > Engery Saver > Prevent computer from sleeping automatically when the display is off
Seems like we should probably just generate a random password for the non-admin user that corsica uses, since the current password is dumb and nobody should ever need it.
The branch and manifest variables need validation
Investigate whether it's possible to disable audio (over HDMI) in our Corsica builds.
This is a bug to track work on the future logging we will add to Dinobuildr.
Data we would like to capture:
stdout
of script executionVerify that location services is disabled. Disable location services if it is enabled.
We remove the Downloads folder from the dock, and I think it's rather useful. Let's add it back!
The bash script executer isn't putting a newline down at the end so the output of the main config scrip is wonk'd. Need 2 fix.
Executing: Check macOS Version
*** You are running macOS 10.13.2, which meets the minimum requirements.
Downloading: Configure ComputerName
/var/tmp/dinobuildr/set-computername.sh is 1126 bytes.
The hash for /var/tmp/dinobuildr/set-computername.sh match the manifest file
Executing: Configure ComputerName
*** Setting LocalHostName and ComputerName to vagrant-ia5mat
Downloading: Install Crashplan
/var/tmp/dinobuildr/CrashPlanPROe_4.5.2_Mac.dmg is 87687680 bytes.
The hash for /var/tmp/dinobuildr/CrashPlanPROe_4.5.2_Mac.dmg match the manifest file
/var/tmp/dinobuildr/CrashPlanPROe_4.5.2_Mac.dmg
Install CrashPlan PROe.pkg
Downloading: Crashplan PostInstall
/var/tmp/dinobuildr/crashplan-postinstall.sh is 581 bytes.
The hash for /var/tmp/dinobuildr/crashplan-postinstall.sh match the manifest file
Executing: Crashplan PostInstall
*** Waiting for Crashplan to launch and then quitting it...
The first step in our build should be a minimum OS version check. If the machine being built doesn't meet the minimum version, the build should fail in a classy way.
Enable auto login for the Mac account. Vidyo should automatically startup after login.
We do two sketchy things in our build. We pull down python scripts from forked repos, pin their commit hashes and execute them via curl:
dinobuildr/repo/dock-config.sh
Lines 17 to 27 in b58ee98
Lines 48 to 53 in b58ee98
While this is "safe" enough for our purposes, since the repos are forked and we hash pin, we should stop doing this altogether because we can't lint these scripts.
Of course, we also can't lint binaries that we pull down for our build, but this seems like a thing we could stop doing and it would make the build easier to understand. I believe the best solution is to simply pull these scripts into dinobuildr, and make dinobuildr understand how to natively execute python.
all the things!
We should probably be setting the hostname of the machine to something other than the default.
This is a ticket that will track work documenting the components of the build in an easy to understand format. The manifest is human-readable but not easy to understand, we need a "this is what's in the build" overview document that gets updated when the manifest is updated.
Since there are some quirks to developing for dinobuildr, we should have a guide that explains what to do.
We need a deeper architectural document to help people understand wtf is going on here.
Suppress all notifications under the notifications center.
Our corsica endpoints are intended to work as "kiosk" style appliances. We need to understanding the following scenarios:
Because we want to get serious about linting our code, heredocs are a no-no from here on out. In order to get away from heredocs, we should probably write a way for dinobuildr to natively write LaunchAgents and LaunchDaemons since those make up the bulk of our heredocs.
We need to handle redirects we get in the response headers in our downloader functions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.