From 5c0c73f5e85c011c8b05947a66335e6478aef3d3 Mon Sep 17 00:00:00 2001 From: Rezart Qelibari Date: Sat, 12 Mar 2022 03:54:54 +0100 Subject: [PATCH] Use new lop and indicateActivity --- install.sh | 16 ++-- modules/01-system-settings.sh | 60 ++++++++------- modules/02-create-filevault-user.sh | 113 +++++++++++++++++++--------- modules/lib.sh | 2 +- zshlib | 2 +- 5 files changed, 120 insertions(+), 73 deletions(-) diff --git a/install.sh b/install.sh index 7dbd9ee..ffe40c3 100755 --- a/install.sh +++ b/install.sh @@ -9,7 +9,7 @@ function askNecessaryQuestions() { local mod= configOnlyArgs=() config setappname "de.astzweig.macos.system-setup" if [ -n "${config_only}" ]; then - lop -d "Config only option given with value:" -d "${config_only}" + lop -- -d "Config only option given with value:" -d "${config_only}" config setconfigfile "${config_only}" configOnlyArgs=(-x) elif [ -n "${config}" ]; then @@ -19,7 +19,7 @@ function askNecessaryQuestions() { } function printModulesToInstall() { - lop -d 'Modules that will install are:' -d "${modulesToInstall}" + lop -- -d 'Modules that will install are:' -d "${modulesToInstall}" for mod in "${modulesToInstall[@]}"; do print "${mod}" done | abbreviatePaths @@ -48,7 +48,7 @@ function installModules() { moduleOptions=() filteredOptions=() generateModuleOptions - lop -d "Running ${mod}" -d "with ${#moduleOptions} args:" -d "${moduleOptions}" + lop -- -d "Running ${mod}" -d "with ${#moduleOptions} args:" -d "${moduleOptions}" runModule ${mod} ${moduleOptions} done } @@ -65,9 +65,9 @@ function isPlistBuddyInstalled() { } function checkPrerequisites() { - isMacOS || { lop -e 'This setup is only for macOS 10.13 and up.'; return 10 } - isPlistBuddyInstalled || { lop -e 'This setup requires PlistBuddy to be either at /usr/libexec or in any of the PATH directories.'; return 11 } - test "`id -u`" -eq 0 || { lop -e 'This module requires root access. Please run as root.'; return 11 } + isMacOS || { lop -- -e 'This setup is only for macOS 10.13 and up.'; return 10 } + isPlistBuddyInstalled || { lop -- -e 'This setup requires PlistBuddy to be either at /usr/libexec or in any of the PATH directories.'; return 11 } + test "`id -u`" -eq 0 || { lop -- -e 'This module requires root access. Please run as root.'; return 11 } } function main() { @@ -100,8 +100,8 @@ function main() { local allModules=() modulesToInstall=() local -A moduleAnswers configureLogging - lop -d "Current working dir is: `pwd`" - lop -d "Called main with $# args: $*" + lop -- -d "Current working dir is: `pwd`" + lop -- -d "Called main with $# args: $*" modpath+=("${_DIR}/modules") loadModules -v modulesToInstall ${$(echo -m):^^modpath} "${module[@]}" diff --git a/modules/01-system-settings.sh b/modules/01-system-settings.sh index e30108e..c4a71cf 100755 --- a/modules/01-system-settings.sh +++ b/modules/01-system-settings.sh @@ -12,7 +12,7 @@ function checkPrerequisites() { [defaults]='' [launchctl]='' ) - test "`id -u`" -eq 0 || { lop -e 'This module requires root access. Please run as root.'; return 11 } + test "`id -u`" -eq 0 || { lop -- -e 'This module requires root access. Please run as root.'; return 11 } checkCommands } @@ -26,30 +26,32 @@ function getQuestions() { } function quitSystemPreferences() { - lop -d 'Quitting System Preferences App' - osascript -e 'tell application "System Preferences" to quit' + indicateActivity -- osascript,-e,'tell application "System Preferences" to quit' 'Quitting System Preferences' +} + +function setComputerName() { + scutil --set ComputerName "${hostname}" + scutil --set HostName "${hostname}" + scutil --set LocalHostName "${hostname}" + systemsetup -setcomputername "${hostname}" > /dev/null 2>&1 + systemsetup -setlocalsubnetname "${hostname}" > /dev/null 2>&1 } function configureComputerHostname() { - lop -i 'Configuring computer hostname.' - lop -d "Current hostname: `scutil --get ComputerName`" - if [[ "`scutil --get ComputerName`" != "${hostname}" ]]; then - lop -d 'Hostname of computer has not been set.' -d "Current hostname: `scutil --get ComputerName`" - - scutil --set ComputerName "${hostname}" - scutil --set HostName "${hostname}" - systemsetup -setcomputername "${hostname}" > /dev/null 2>&1 - systemsetup -setlocalsubnetname "${hostname}" > /dev/null 2>&1 + local currentComputerName="`scutil --get ComputerName`" + lop -y h1 -- -i 'Configure Computer Hostname' + if [[ "${currentComputerName}" != "${hostname}" ]]; then + lop -- -i 'Hostname of computer has not been set.' -i "Will set to ${hostname}." + indicateActivity -- setComputerName 'Setting computer name' else - lop -d 'Hostname of computer seems to have already been set. Skipping.' -d "Hostname: `scutil --get ComputerName`" + lop -- -i 'Hostname of computer seems to have already been set. Skipping.' -i "Hostname: $currentComputerName" fi } -function configureBasicSystem(){ - lop --no-newline -i 'Configuring systemsetup and nvram...' +function _configureBasicSystem(){ # Disable the sound effects on boot nvram SystemAudioVolume=" " - + systemsetup -settimezone "${timezone}" >&! /dev/null systemsetup -setusingnetworktime on >&! /dev/null systemsetup -setnetworktimeserver 'time.apple.com' >&! /dev/null @@ -58,12 +60,13 @@ function configureBasicSystem(){ systemsetup -setrestartfreeze on >&! /dev/null systemsetup -f -setremotelogin off >&! /dev/null systemsetup -setremoteappleevents off >&! /dev/null - lop -i 'done' - } -function configurePowerManagement() { - lop --no-newline -i 'Configuring power management...' +function configureBasicSystem(){ + indicateActivity -- _configureBasicSystem 'Configuring systemsetup and nvram' +} + +function _configurePowerManagement() { cmd=(pmset -a) ${cmd} displaysleep 0 ${cmd} disksleep 0 @@ -77,28 +80,33 @@ function configurePowerManagement() { ${cmd} halfdim 1 ${cmd} powernap 1 ${cmd} hibernatemode 0 - lop -i 'done' } -function configureLoginWindow() { - lop --no-newline -i 'Configuring login window...' +function configurePowerManagement() { + indicateActivity -- _configurePowerManagement 'Configuring power management' +} + +function _configureLoginWindow() { cmd=(defaults write '/Library/Preferences/com.apple.loginwindow') ${cmd} DisableFDEAutoLogin -bool true ${cmd} SHOWFULLNAME -bool false ${cmd} AdminHostInfo -string HostName ${cmd} GuestEnabled -bool false - lop -i 'done' +} + +function configureLoginWindow() { + indicateActivity -- _configureLoginWindow 'Configuring login window' } function configure_system() { quitSystemPreferences configureComputerHostname configureBasicSystem + configureBasicSystem configurePowerManagement configureLoginWindow - lop -i 'Configuring global umask' - launchctl config user umask 027 + indicateActivity -- launchctl,config,user,umask,027 'Configuring global umask' } function getUsage() { diff --git a/modules/02-create-filevault-user.sh b/modules/02-create-filevault-user.sh index 678c43e..9d3391b 100755 --- a/modules/02-create-filevault-user.sh +++ b/modules/02-create-filevault-user.sh @@ -2,26 +2,22 @@ function getDefaultFullname() { local computerName="`scutil --get ComputerName 2> /dev/null`" - lop -d 'Default full name based on current computer name is:' -d "$computerName" + lop -- -d 'Default full name based on current computer name is:' -d "$computerName" print "${computerName}" } function getDefaultUsername() { local username="`getDefaultFullname | tr '[:upper:]' '[:lower:]' | tr -C '[:alnum:]\n' '-'`" - lop -d 'Default username based on current computer name is:' -d "$username" + lop -- -d 'Default username based on current computer name is:' -d "$username" print "${username}" } function getUsersWithSecureToken() { local username for username in ${(f)"$(dscl . -list /Users | grep -v '^_.*')"}; do - lop --no-newline -d 'Checking if user' -d "${username}" -d 'has a secure token set...' - if checkSecureTokenForUser "${username}"; then - lop -d 'found' + indicateActivity -- checkSecureTokenForUser,${username} \ + "Checking if user ${username} has a secure token set" && \ secureTokenUsers+=("${username}") - else - lop -d 'not found' - fi done } @@ -31,52 +27,81 @@ function getDefaultUserPictures() { popd -q } -function convertPathToDefaultPicture() { +function _convertPathToDefaultPicture() { local resolved='' - lop -d 'Converting path' -d "${filevault_picture}" -d 'to default picture path if necessary.' + lop -- -d 'Converting path' -d "${filevault_picture}" -d 'to default picture path if necessary.' if [ -r "${filevault_picture}" ]; then - lop -d 'Path seems to be a valid path already. Skipping conversion.' + lop -- -d 'Path seems to be a valid path already. Skipping conversion.' return fi pushd -q '/Library/User Pictures' - resolved="`find . -type f -path "*${filevault_picture}" 2> /dev/null`" - lop -d 'Resolved path is' -d "${resolved}" + resolved="`find "$_" -type f -path "*${filevault_picture}" 2> /dev/null`" + lop -- -d 'Resolved path is' -d "${resolved}" popd -q [ -n "${resolved}" -a -r "${resolved}" ] && filevault_picture="${resolved}" } -function isPathToPicture() { +function convertPathToDefaultPicture() { + indicateActivity -- _convertPathToDefaultPicture "Resolving path of picture ${filevault_picture}" +} + +function _isPathToPicture() { local filevault_picture=$1 convertPathToDefaultPicture - [ -r "${filevault_picture}" ] || { lop -d 'Resolved path is not a valid path. Returning.'; return 10 } + [ -r "${filevault_picture}" ] || { lop -- -d 'Resolved path is not a valid path. Returning.'; return 10 } [[ "${filevault_picture:e:l}" =~ (tif|png|jpeg|jpg) ]] || return 11 } -function checkSecureTokenForUser() { +function isPathToPicture() { + indicateActivity -- _isPathToPicture,$1 "Verifying $1 as picture path" +} + +function _checkSecureTokenForUser() { local u=$1 sysadminctl -secureTokenStatus "${u}" 2>&1 | grep ENABLED >&! /dev/null } -function checkSecureTokenUserPassword() { +function checkSecureTokenForUser() { + local u=$1 + indicateActivity -- _checkSecureTokenForUser,$u "Checking if user $u has a secure token set" +} + +function _checkSecureTokenUserPassword() { dscl . -authonly "${secure_token_user_username}" "${secure_token_user_password}" >&! /dev/null } -function doesFileVaultUserExist() { +function checkSecureTokenUserPassword() { + indicateActivity -- _checkSecureTokenUserPassword "Checking secure token password for user ${secure_token_user_username}" +} + +function _doesFileVaultUserExist() { dscl . -list /Users | grep "${filevault_username}" >&! /dev/null } -function createFileVaultUser() { +function doesFileVaultUserExist() { + indicateActivity -- _doesFileVaultUserExist "Checking if ${filevault_username} already exists" +} + +function _createFileVaultUser() { local un=${filevault_username} fn=${filevault_fullname} pw=${filevault_password} - lop --no-newline -d 'Creating FileVault user' -d "${un}" -d '...' + lop -n -- -d 'Creating FileVault user' -d "${un}" -d '...' sysadminctl -addUser "${un}" -fullName "${fn}" -shell /usr/bin/false -home '/var/empty' -password "${pw}" > /dev/null 2>&1 - lop -d done + lop -- -d done +} + +function createFileVaultUser() { + indicateActivity -- _createFileVaultUser "Creating FileVault user ${filevault_username}" +} + +function _configureFileVaultUser() { + local un=${filevault_username} + dscl . -create "/Users/${un}" IsHidden 1 + chsh -s /usr/bin/false "${un}" >&! /dev/null + setPictureForUser "${un}" "${filevault_picture}" } function configureFileVaultUser() { - local un=${filevault_username} - dscl . -create "/Users/${un}" IsHidden 1 - chsh -s /usr/bin/false "${un}" - setPictureForUser "${un}" "${filevault_picture}" + indicateActivity -- _configureFileVaultUser "Configuring FileVault user ${filevault_username}" } function configureSecureToken() { @@ -101,9 +126,9 @@ function setPictureForUser() { dsimport <(printf "0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 2 dsAttrTypeStandard:RecordName base64:dsAttrTypeStandard:JPEGPhoto\n%s:%s" "${username}" "$(base64 "${image}")") /Local/Default M } -function allowOrEnableDiskUnlock() { +function _allowOrEnableDiskUnlock() { local username="${1}" password="${2}" verb=enable - if fdesetup isactive 2> /dev/null; then + if fdesetup isactive >&! /dev/null; then verb=add canUserUnlockDisk "${username}" && return fi @@ -121,17 +146,27 @@ function allowOrEnableDiskUnlock() { " | fdesetup "${verb}" -inputplist 2> /dev/null } -function allowOnlyFileVaultUserToUnlock() { +function allowOrEnableDiskUnlock() { + indicateActivity -- _allowOrEnableDiskUnlock,$1,$2 "Allow ${1} to unlock disk" +} + +function _allowOnlyFileVaultUserToUnlock() { local username="${1}" local fdeuser for fdeuser in ${(f)"$(fdesetup list | cut -d',' -f1)"}; do [ "${fdeuser}" != "${username}" ] && fdesetup remove -user "${fdeuser}" done -} function configure_system() { - checkSecureTokenForUser "${secure_token_user_username}" || { lop -e 'The provided secure token user has no secure token.'; return 10 } - checkSecureTokenUserPassword || { lop -e 'The secure token user password is incorrect.'; return 11 } +} + +function allowOnlyFileVaultUserToUnlock() { + indicateActivity -- _allowOrEnableDiskUnlock,$1 "Disallow everyone else from unlocking disk" +} + +function configure_system() { + checkSecureTokenForUser "${secure_token_user_username}" || { lop -- -e 'The provided secure token user has no secure token.'; return 10 } + checkSecureTokenUserPassword || { lop -- -e 'The secure token user password is incorrect.'; return 11 } convertPathToDefaultPicture - isPathToPicture "${filevault_picture}" || { lop -e 'The provided FileVault user picture is not a valid path to a TIF, PNG or JPEG file.'; return 12 } + isPathToPicture "${filevault_picture}" || { lop -- -e 'The provided FileVault user picture is not a valid path to a TIF, PNG or JPEG file.'; return 12 } doesFileVaultUserExist || createFileVaultUser configureFileVaultUser @@ -152,7 +187,7 @@ function checkPrerequisites() { [sysadminctl]='' [scutil]='' ) - test "`id -u`" -eq 0 || { lop -e 'This module requires root access. Please run as root.'; return 11 } + test "`id -u`" -eq 0 || { lop -- -e 'This module requires root access. Please run as root.'; return 11 } checkCommands } @@ -175,8 +210,12 @@ function getQuestions() { } function getUsage() { - local cmdName=$1 text='' + local cmdName=$1 text='' varname= local defaultUsername="`getDefaultUsername`" defaultFullname="`getDefaultFullname`" + for varname in defaultUsername defaultFullname; do + local ${varname}Str= + [ -n "${(P)varname}" ] && local ${varname}Str=" [default: ${(P)varname}]" + done read -r -d '' text <<- USAGE Usage: $cmdName show-questions @@ -190,11 +229,11 @@ function getUsage() { Options: --filevault-fullname NAME Full name of the designated FileVault user. An - existing FileVault user will be renamed to that - name [default: ${defaultFullname}]. + existing FileVault user will be renamed to that + name${defaultFullnameStr}. --filevault-username NAME Username of the designated FileVault user. An existing FileVault user will be renamed to that - name [default: ${defaultUsername}]. + name${defaultUsernameStr}. --filevault-password PASSWORD Password of the designated FileVault user. The password an existing FileVault user will not be changed. --filevault-picture PATH_TO_PIC The path to the picture that shall be made the FileVault diff --git a/modules/lib.sh b/modules/lib.sh index a0e0887..dda8f0a 100644 --- a/modules/lib.sh +++ b/modules/lib.sh @@ -39,9 +39,9 @@ function module_main() { shift autoloadZShLib || return checkPrerequisites || return + configureLogging eval "`getUsage $cmdName | docopts -f -V - -h - : "$@"`" [ $# -lt 1 ] && return - configureLogging [ "${show_questions}" = true ] && { showQuestions; return } configure_system } diff --git a/zshlib b/zshlib index 35636db..ad19c14 160000 --- a/zshlib +++ b/zshlib @@ -1 +1 @@ -Subproject commit 35636db26421d3abb75a8293f508fc6411c4e727 +Subproject commit ad19c14a6e7a8ee530d3a33427c72513d457f617