├── logs └── .gitignore ├── install_bits └── .gitignore ├── files ├── cliclick └── cliclick-LICENSE ├── http ├── packer.pkg ├── setupsshlogin.pkg └── bootstrap.sh ├── packer-macos.png ├── scripts ├── disablesip.nvram ├── makepkgs.sh ├── softwareupdate_complete.sh ├── os_settings.sh ├── vmw_tools.sh ├── vmx_cleanup.sh ├── softwareupdate.sh ├── pvapplegpu.sh ├── macosiso.sh ├── xcode.sh ├── setupsshlogin.sh ├── newuser.sh ├── setAutoLogin.jamf.sh └── os_configure.sh ├── packages └── setupsshlogin │ ├── build │ └── setupsshlogin.pkg │ └── setupsshlogin.pkgproj ├── .gitignore ├── LICENSE ├── README.md └── macOS.pkr.hcl /logs/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | */ 3 | !.gitignore -------------------------------------------------------------------------------- /install_bits/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | */ 3 | !.gitignore 4 | !dmg/ 5 | 6 | -------------------------------------------------------------------------------- /files/cliclick: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trodemaster/packer-macOS-11/HEAD/files/cliclick -------------------------------------------------------------------------------- /http/packer.pkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trodemaster/packer-macOS-11/HEAD/http/packer.pkg -------------------------------------------------------------------------------- /packer-macos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trodemaster/packer-macOS-11/HEAD/packer-macos.png -------------------------------------------------------------------------------- /http/setupsshlogin.pkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trodemaster/packer-macOS-11/HEAD/http/setupsshlogin.pkg -------------------------------------------------------------------------------- /scripts/disablesip.nvram: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trodemaster/packer-macOS-11/HEAD/scripts/disablesip.nvram -------------------------------------------------------------------------------- /packages/setupsshlogin/build/setupsshlogin.pkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trodemaster/packer-macOS-11/HEAD/packages/setupsshlogin/build/setupsshlogin.pkg -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Cache objects 2 | packer_cache/ 3 | 4 | # Crash log 5 | crash.log 6 | 7 | # For built boxes 8 | *.box 9 | .DS_Store 10 | output* 11 | content 12 | *.auto.pkrvars.hcl 13 | *.pkrvars.hcl -------------------------------------------------------------------------------- /scripts/makepkgs.sh: -------------------------------------------------------------------------------- 1 | 2 | #productbuild --package packages/setupsshlogin/build/setupsshlogin.pkg http/setupsshlogin.pkg 3 | ~/code/pycreateuserpkg/createuserpkg -n "$1" -u 502 -f "$1" -a -A -d -V 3 -i com.netjibbing.packer -p "$2" ~/code/packer-macos-11/http/packer.pkg -------------------------------------------------------------------------------- /scripts/softwareupdate_complete.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # wait for the update process to complete 7 | if (grep "Action.*restart" ~/Library/Logs/packer_softwareupdate.log); then 8 | tail -f /var/log/install.log | sed '/.*Setup Assistant.*ISAP.*Done.*/ q' | grep ISAP || true 9 | sleep 180 10 | fi 11 | 12 | echo "Software update completed" 13 | exit 0 14 | -------------------------------------------------------------------------------- /scripts/os_settings.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # stop screensaver from wheezing the juice 7 | defaults -currentHost write com.apple.screensaver idleTime -int 0 8 | 9 | # kill feedback assistant 10 | pkill Feedback || true 11 | 12 | # cleanup ssh enablement from install process 13 | if [[ -e /Library/LaunchDaemons/ssh.plist ]]; then 14 | sudo launchctl unload -w /Library/LaunchDaemons/ssh.plist 15 | sudo rm /Library/LaunchDaemons/ssh.plist 16 | #sudo /usr/sbin/systemsetup -f -setremotelogin on 17 | sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist 18 | fi 19 | 20 | exit 0 21 | -------------------------------------------------------------------------------- /scripts/vmw_tools.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # mount the iso and install 7 | hdiutil mount ~/darwin.iso 8 | echo "Ignore the installer failure message. Tools triggers this due to system extensions not being enabled during the install process" 9 | sudo installer -pkg "/Volumes/VMware Tools/Install VMware Tools.app/Contents/Resources/VMware Tools.pkg" -target / || true 10 | hdiutil unmount /Volumes/VMware\ Tools 11 | rm ~/darwin.iso 12 | 13 | # authorize kexts 14 | 15 | # authorize tools binary 16 | 17 | # output version installed 18 | /Library/Application\ Support/VMware\ Tools/vmware-tools-cli -v 19 | 20 | # restart the box 21 | sudo reboot 22 | 23 | exit 0 24 | -------------------------------------------------------------------------------- /scripts/vmx_cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # set target var 7 | VMX_FILE=$1 8 | 9 | # confirm the vmx file provided exists 10 | if [[ -e "$VMX_FILE" ]]; then 11 | echo "Updating $(basename $VMX_FILE)" 12 | else 13 | echo "The target vmx file $VMX_FILE doesn't exist" 14 | exit 0 15 | fi 16 | 17 | echo "Adding pvgpu settings" 18 | # svga.present 19 | if (grep -q svga.present "$VMX_FILE"); then 20 | /usr/bin/sed -i '' 's/svga.present.*/svga.present="FALSE"/g' "$VMX_FILE" 21 | else 22 | echo 'svga.present="FALSE"' >>"$VMX_FILE" 23 | fi 24 | 25 | # appleGPU0.present 26 | if (grep -q appleGPU0.present "$VMX_FILE"); then 27 | /usr/bin/sed -i '' 's/appleGPU0.present.*/appleGPU0.present="TRUE"/g' "$VMX_FILE" 28 | else 29 | echo 'appleGPU0.present="TRUE"' >>"$VMX_FILE" 30 | fi 31 | 32 | # remove hardcoded screen res for svga 33 | if (grep -q svga.max "$VMX_FILE"); then 34 | /usr/bin/sed -i '' '/svga.max/d' "$VMX_FILE" 35 | fi -------------------------------------------------------------------------------- /http/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # format the disk 7 | diskutil eraseDisk jhfs+ macOS disk0 8 | 9 | # set sucatalog nvram. This may be a temp workaround. 10 | nvram IASUCatalogURL=https://swscan.apple.com/content/catalogs/others/index-10.16seed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog 11 | 12 | # run the installer with some error handling due to helper tool crashing sometimes 13 | retrycount=0 14 | retrylimit=5 15 | until [ "$retrycount" -ge "$retrylimit" ] 16 | do 17 | /Volumes/Image\ Volume/Install*.app/Contents/Resources/startosinstall --agreetolicense --installpackage packer.pkg --installpackage setupsshlogin.pkg --volume /Volumes/macOS && break 18 | retrycount=$((retrycount+1)) 19 | echo "startosinstall failed. retrying in 20sec" 20 | sleep 20 21 | done 22 | 23 | if [ "$retrycount" -ge "$retrylimit" ]; then 24 | echo "startosinstall failed after $retrylimit attempts" 25 | tail -n 30 /var/log/install.log 26 | exit 1 27 | fi 28 | 29 | echo "Bootstrap Completed" 30 | exit 0 -------------------------------------------------------------------------------- /scripts/softwareupdate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # boot in verbose mode to debug 7 | # sudo nvram boot-args="-v" 8 | 9 | # enable developer beta 10 | if [[ $SEEDING_PROGRAM = "none" ]]; then 11 | echo "Unenroll from seeding" 12 | sudo /System/Library/PrivateFrameworks/Seeding.framework/Versions/A/Resources/seedutil unenroll 13 | else 14 | echo "Enrolling to $SEEDING_PROGRAM" 15 | sudo /System/Library/PrivateFrameworks/Seeding.framework/Versions/A/Resources/seedutil enroll $SEEDING_PROGRAM 16 | fi 17 | 18 | # check update state and save it to a log file to survive reboots 19 | sudo softwareupdate -l 2>&1 | sudo tee ~/Library/Logs/packer_softwareupdate.log 20 | 21 | # check log file to see if updates are available and install them if so 22 | if (grep "No new software available" ~/Library/Logs/packer_softwareupdate.log); then 23 | echo "No software updates found" 24 | else 25 | echo "$(date +"%Y-%m-%d %T") packer installing software updates and rebooting" | sudo tee /var/log/install.log 26 | sudo softwareupdate -iaR 27 | sleep 30 28 | fi 29 | 30 | exit 0 31 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Blake Garner 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /scripts/pvapplegpu.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # confirm the vmx file provided exists 4 | if [[ -e "$1" ]]; then 5 | echo "Updating $1" 6 | else 7 | echo "The target vmx file $1 doesn't exist" 8 | fi 9 | 10 | #VMX_FILE=$(sed 's/ /\\ /g' <<<"$1") 11 | #echo $VMX_FILE 12 | VMX_FILE=$1 13 | # svga.present 14 | if (grep -q svga.present "$VMX_FILE"); then 15 | /usr/bin/sed -i '' 's/svga.present.*/svga.present="FALSE"/g' "$VMX_FILE" 16 | else 17 | echo 'svga.present="FALSE"' >>"$VMX_FILE" 18 | fi 19 | 20 | # appleGPU0.present 21 | if (grep -q appleGPU0.present "$VMX_FILE"); then 22 | /usr/bin/sed -i '' 's/appleGPU0.present.*/appleGPU0.present="TRUE"/g' "$VMX_FILE" 23 | else 24 | echo 'appleGPU0.present="TRUE"' >>"$VMX_FILE" 25 | fi 26 | 27 | ## appleGPU0.screenWidth 28 | #if (grep -q appleGPU0.screenWidth "$VMX_FILE"); then 29 | # /usr/bin/sed -i '' 's/appleGPU0.screenWidth.*/appleGPU0.screenWidth=1920/g' "$VMX_FILE" 30 | #else 31 | # echo 'appleGPU0.screenWidth=1920' >>"$VMX_FILE" 32 | #fi 33 | # 34 | ## appleGPU0.screenHeight 35 | #if (grep -q appleGPU0.screenHeight "$VMX_FILE"); then 36 | # /usr/bin/sed -i '' 's/appleGPU0.screenHeight.*/appleGPU0.screenHeight1080/g' "$VMX_FILE" 37 | #else 38 | # echo 'appleGPU0.screenHeight=1080' >>"$VMX_FILE" 39 | #fi 40 | 41 | # view the config 42 | grep '^appleGPU0\|^svga' "$1" 43 | 44 | exit 0 -------------------------------------------------------------------------------- /scripts/macosiso.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | # check for mist binary 7 | if ! ( command -v mist > /dev/null 2>&1 ); then 8 | echo "This script requires mist in your path to work properly." 9 | echo "Get the latest version from https://github.com/ninxsoft/mist-cli" 10 | exit 1 11 | fi 12 | 13 | # do a mist version check as the arguments changed over time 14 | if [[ $(echo "$(mist --version | /usr/bin/grep -o -e '^[0-9]\+\.[0-9]\+') < 1.9" | bc -l) == 1 ]]; then 15 | mist --version 16 | echo "Mist version needs to be at least 1.9..." 17 | exit 1 18 | fi 19 | 20 | # test for target path 21 | if ! [[ -d install_bits ]]; then 22 | echo "Script needs to run from the root of the repo" 23 | exit 1 24 | fi 25 | 26 | # use mist to download and convert the iso 27 | echo "Creating the installer iso requires sudo privileges…" 28 | sudo mist download installer --include-betas $1 iso --iso-name macOS_%VERSION%_%BUILD%.iso -t install_bits -o install_bits 29 | 30 | # get iso name 31 | ISO_NAME=$(basename $(ls -Art install_bits/macOS_*$1*.iso | tail -n 1)) 32 | SHASUM_NAME=$(sed 's/iso/shasum/' <<<$ISO_NAME) 33 | 34 | # output shasum 35 | echo "Updating the shasum file" 36 | shasum -a 256 install_bits/$ISO_NAME > install_bits/$SHASUM_NAME 37 | 38 | # output details 39 | echo "Resulting artifacts" 40 | echo install_bits/$ISO_NAME 41 | echo install_bits/$SHASUM_NAME 42 | 43 | exit 0 44 | -------------------------------------------------------------------------------- /scripts/xcode.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | #echo "unpacking xcode" 7 | #xip -x ~/Xcode*.xip 8 | # 9 | #echo "Move Xcode to /Applications" 10 | #sudo mv ~/Xcode*.app /Applications/ 11 | 12 | echo "mount cli tools" 13 | hdiutil attach -quiet -noverify -mountpoint "/Volumes/Command Line Developer Tools/" ~/Command_Line_Tools_*.dmg 14 | 15 | echo "install the cli tools" 16 | sudo installer -pkg "/Volumes/Command Line Developer Tools/Command Line Tools.pkg" -target / || true 17 | 18 | #echo "xattar remove quarantine attributes" 19 | #XCODE_APP=$(ls -d /Applications/Xcode*.app) 20 | #sudo xattr -dr com.apple.quarantine ${XCODE_APP} 21 | 22 | echo "Verify & configure Xcode..." 23 | #sudo /usr/bin/xcode-select -s ${XCODE_APP}/Contents/Developer 24 | sudo /usr/bin/xcode-select -s /Library/Developer/CommandLineTools/ 25 | #sudo /usr/bin/xcodebuild -license accept 26 | #sudo /usr/bin/xcodebuild -runFirstLaunch 27 | sudo /usr/sbin/DevToolsSecurity -enable 28 | sudo dseditgroup -o add everyone -t group _developer 29 | 30 | echo "unmount cli tools" 31 | hdiutil detach "/Volumes/Command Line Developer Tools/" -force -quiet 32 | 33 | echo "Cleanup Xcode installer files" 34 | #rm ~/Xcode*.xip 35 | rm ~/Command_Line_Tools_*.dmg 36 | 37 | # workaround for display res getting reset. In this script for timing reasons only. 38 | sudo /Library/Application\ Support/VMware\ Tools/vmware-resolutionSet 1024 768 || true 39 | 40 | exit 0 -------------------------------------------------------------------------------- /files/cliclick-LICENSE: -------------------------------------------------------------------------------- 1 | cliclick 2 | 3 | Copyright (c) 2007-2018, Carsten Blüm 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | * Redistributions in binary form must reproduce the above copyright notice, this 12 | list of conditions and the following disclaimer in the documentation and/or 13 | other materials provided with the distribution. 14 | * Neither the name of Carsten Blüm nor the names of his 15 | contributors may be used to endorse or promote products derived 16 | from this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | https://github.com/BlueM/cliclick 30 | https://www.bluem.net/en/projects/cliclick/ 31 | -------------------------------------------------------------------------------- /scripts/setupsshlogin.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #set -euo pipefail 3 | #IFS=$'\n\t' 4 | #shopt -s nullglob nocaseglob 5 | 6 | echo "setupsshlogin.sh starting" 7 | 8 | # disable screensaver & energy saver 9 | pmset displaysleep 0 || true 10 | pmset disksleep 0 || true 11 | defaults -currentHost write com.apple.screensaver idleTime 0 12 | 13 | # sudo nopasswd for packer user 14 | echo '%admin ALL=(ALL) NOPASSWD: ALL' >/private/etc/sudoers.d/admin 15 | 16 | # supress setup screens 17 | touch /private/var/db/.AppleSetupDone 18 | 19 | # get rid of popup dialogs 20 | sw_vers=$(sw_vers -productVersion) 21 | sw_build=$(sw_vers -buildVersion) 22 | 23 | if [[ -d /System/Library/User\ Template/English.lproj/Library/Preferences/ ]]; then 24 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE 25 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE 26 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none 27 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}" 28 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant LastSeenBuddyBuildVersion "${sw_build}" 29 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeePrivacy -bool TRUE 30 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeTrueTonePrivacy -bool TRUE 31 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeTouchIDSetup -bool TRUE 32 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeSiriSetup -bool TRUE 33 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeActivationLock -bool TRUE 34 | /usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeScreenTime -bool TRUE 35 | else 36 | echo "setupsshlogin.sh /System/Library/User\ Template/English.lproj/Library/Preferences not found!!" 37 | fi 38 | 39 | # add vmware to the kext allowlist for tools 40 | /usr/sbin/spctl kext-consent add EG7KH642X6 41 | 42 | # enable ssh at next boot 43 | echo "setupsshlogin.sh enable ssh at next boot" 44 | cp /System/Library/LaunchDaemons/ssh.plist /Library/LaunchDaemons/ssh.plist 45 | /usr/libexec/plistbuddy -c "set Disabled FALSE" /Library/LaunchDaemons/ssh.plist 46 | 47 | echo "setupsshlogin.sh completed" 48 | 49 | exit 0 50 | -------------------------------------------------------------------------------- /scripts/newuser.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | echo "REMOVE_PACKER_USER=$REMOVE_PACKER_USER" 7 | echo "NEW_USERNAME=$NEW_USERNAME" 8 | echo "NEW_PASSWORD=$NEW_PASSWORD" 9 | echo "NEW_SSH_KEY=$NEW_SSH_KEY" 10 | 11 | if [[ $REMOVE_PACKER_USER =~ false ]]; then 12 | echo "skipping new user creation..." 13 | exit 0 14 | fi 15 | 16 | # ssh needs full disk access 17 | # sysadminctl -addUser [-fullName ] [-UID ] [-GID ] [-shell ] [-password ] [-hint ] [-home ] [-admin] [-roleAccount] [-picture ] (interactive] || -adminUser -adminPassword ) 18 | cd /Users 19 | sudo sysadminctl -addUser "$NEW_USERNAME" -fullName "$NEW_USERNAME" -password "$NEW_PASSWORD" -home /Users/"$NEW_USERNAME" -admin -shell /bin/zsh -picture /System/Library/Templates/Data/Library/User\ Pictures/Instruments/Turntable.* -adminUser packer -adminPassword packer 20 | sudo createhomedir -u "$NEW_USERNAME" -c 21 | 22 | #disable autologin 23 | sudo defaults write /Library/Preferences/com.apple.loginwindow.plist autoLoginUser 0 24 | sudo defaults delete /Library/Preferences/com.apple.loginwindow.plist autoLoginUser 25 | 26 | ## startup launchd to remove packer account and itself 27 | #if ! [[ -d /Users/"$NEW_USERNAME"/Library/LaunchDaemons ]]; then 28 | # sudo mkdir -p /Users/"$NEW_USERNAME"/Library/LaunchDaemons 29 | # sudo chown "$NEW_USERNAME" /Users/"$NEW_USERNAME"/Library/LaunchDaemons 30 | #fi 31 | 32 | sudo tee /Library/LaunchDaemons/com.blakegarner.packer-user-removal.plist >/dev/null <<-EOF 33 | 34 | 35 | 36 | 37 | Label 38 | com.blakegarner.packer-user-removal 39 | Program 40 | /Users/$NEW_USERNAME/cleanuser.sh 41 | RunAtLoad 42 | 43 | KeepAlive 44 | 45 | LaunchOnlyOnce 46 | 47 | StandardOutPath 48 | /Users/$NEW_USERNAME/cleanuser.log 49 | StandardErrorPath 50 | /Users/$NEW_USERNAME/cleanuser.log 51 | 52 | EOF 53 | 54 | # write cleanup script to /Users/"$NEW_USERNAME"/ 55 | sudo tee /Users/"${NEW_USERNAME}"/cleanuser.sh >/dev/null <<-EOF 56 | #!/bin/bash 57 | cd /Users 58 | /usr/sbin/sysadminctl -adminUser $NEW_USERNAME -adminPassword "$NEW_PASSWORD" -secureTokenOff packer -password packer 59 | /usr/sbin/sysadminctl -deleteUser packer -adminUser $NEW_USERNAME -adminPassword "$NEW_PASSWORD" 60 | rm /Library/LaunchDaemons/com.blakegarner.packer-user-removal.plist 61 | rm /Users/$NEW_USERNAME/cleanuser.sh 62 | exit 0 63 | EOF 64 | sudo chmod +x /Users/$NEW_USERNAME/cleanuser.sh 65 | 66 | exit 0 -------------------------------------------------------------------------------- /scripts/setAutoLogin.jamf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | : <<-LICENSE_BLOCK 3 | setAutoLogin.jamf (20210911) - Copyright (c) 2021 Joel Bruner (https://github.com/brunerd) 4 | Licensed under the MIT License 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 9 | LICENSE_BLOCK 10 | 11 | # minor changes to run this with from packer build process by Blake Garner 12 | if [[ $REMOVE_PACKER_USER =~ false ]]; then 13 | echo "skipping autologin config..." 14 | exit 0 15 | fi 16 | 17 | ############# 18 | # VARIABLES # 19 | ############# 20 | 21 | #provide a username, if blank will disable autologin 22 | USERNAME="${NEW_USERNAME}" 23 | 24 | #this can be blank if that is the password, it will be verified 25 | PW="${NEW_PASSWORD}" 26 | 27 | ############# 28 | # FUNCTIONS # 29 | ############# 30 | 31 | 32 | function jamflog { 33 | local logFile="${2:-/var/log/jamf.log}" 34 | #if we cannot write to the log or it does not exist, unset and tee simply echoes 35 | [ ! -w "${logFile}" ] && unset logFile 36 | #this will tee to jamf.log in the jamf log format: DD HH:MM:SS ProcessName[PID]: 37 | echo "$(date +'%a %b %d %H:%M:%S') ${myComputerName:="$(scutil --get ComputerName)"} ${myName:="$(basename "${0}" | sed 's/\..*$//')"}[${myPID:=$$}]: ${1}" | tee -a "${logFile}" 2>/dev/null 38 | } 39 | 40 | #given a string creates data for /etc/kcpassword 41 | function kcpasswordEncode { 42 | 43 | #ascii string 44 | local thisString="${1}" 45 | local i 46 | 47 | #macOS cipher hex ascii representation array 48 | local cipherHex_array=(7D 89 52 23 D2 BC DD EA A3 B9 1F) 49 | 50 | #converted to hex representation with spaces 51 | local thisStringHex_array=($(echo -n "${thisString}" | xxd -p -u | sed 's/../& /g')) 52 | 53 | #get padding by subtraction if under 12 54 | if [ "${#thisStringHex_array[@]}" -lt 12 ]; then 55 | local padding=$((12 - ${#thisStringHex_array[@]})) 56 | #get padding by subtracting remainder of modulo 12 if over 12 57 | elif [ "$((${#thisStringHex_array[@]} % 12))" -ne 0 ]; then 58 | local padding=$(((12 - ${#thisStringHex_array[@]} % 12))) 59 | #otherwise even multiples of 12 still need 12 padding 60 | else 61 | local padding=12 62 | fi 63 | 64 | #cycle through each element of the array + padding 65 | for ((i = 0; i < $((${#thisStringHex_array[@]} + ${padding})); i++)); do 66 | #use modulus to loop through the cipher array elements 67 | local charHex_cipher=${cipherHex_array[$(($i % 11))]} 68 | 69 | #get the current hex representation element 70 | local charHex=${thisStringHex_array[$i]} 71 | 72 | #use $(( shell Aritmethic )) to ^ XOR the two 0x## values (extra padding is 0x00) 73 | #take decimal value and printf convert to two char hex value 74 | #use xxd to convert hex to actual value and append to the encodedString variable 75 | local encodedString+=$(printf "%02X" "$((0x${charHex_cipher} ^ 0x${charHex:-00}))" | xxd -r -p) 76 | done 77 | 78 | #return the string without a newline 79 | echo -n "${encodedString}" 80 | } 81 | 82 | ######## 83 | # MAIN # 84 | ######## 85 | 86 | ##quit if not root 87 | #if [ "${UID}" != 0 ]; then 88 | # jamflog "Please run as root, exiting." 89 | # exit 1 90 | #fi 91 | 92 | #if we have a USERNAME 93 | if [ -n "${USERNAME}" ]; then 94 | 95 | #check user 96 | if ! id "${USERNAME}" &>/dev/null; then 97 | jamflog "User '${USERNAME}' not found, exiting." 98 | exit 1 99 | fi 100 | 101 | if ! /usr/bin/dscl /Search -authonly "${USERNAME}" "${PW}" &>/dev/null; then 102 | jamflog "Invalid password for '${USERNAME}', exiting." 103 | exit 1 104 | fi 105 | 106 | #encode password and write file 107 | 108 | kcpasswordEncode "${PW}" >$TMPDIR/kcpassword 109 | sudo mv $TMPDIR/kcpassword /etc/kcpassword 110 | 111 | #ensure ownership and permissions (600) 112 | sudo chown root:wheel /etc/kcpassword 113 | sudo chmod u=rw,go= /etc/kcpassword 114 | 115 | #turn on auto login 116 | sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser -string "${USERNAME}" 117 | 118 | jamflog "Auto login enabled for '${USERNAME}'" 119 | #if not USERNAME turn OFF 120 | else 121 | [ -f /etc/kcpassword ] && rm -f /etc/kcpassword 122 | /usr/bin/defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser &>/dev/null 123 | jamflog "Auto login disabled" 124 | fi 125 | 126 | exit 0 127 | -------------------------------------------------------------------------------- /scripts/os_configure.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | shopt -s nullglob nocaseglob 5 | 6 | 7 | # set hostname 8 | sudo scutil --set HostName $NEW_HOSTNAME 9 | sudo scutil --set ComputerName $NEW_HOSTNAME 10 | sudo scutil --set LocalHostName $NEW_HOSTNAME 11 | 12 | # /usr/local/bin 13 | if ! [[ -d /usr/local/bin ]]; then 14 | sudo mkdir -p /usr/local/bin 15 | fi 16 | 17 | # install cliclick 18 | /usr/bin/sudo mv ~/cliclick /usr/local/bin/cliclick 19 | 20 | # get rid of notifications 21 | launchctl unload /System/Library/LaunchAgents/com.apple.notificationcenterui.plist 22 | 23 | # address some kext warnings and needed approvals 24 | if [[ $(csrutil status) =~ "disabled" ]]; then 25 | sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "INSERT OR REPLACE INTO kext_load_history_v3(rowid,path,team_id,bundle_id,boot_uuid,created_at,last_seen,flags,cdhash) VALUES(5,'/Library/Extensions/VMwareGfx.kext','EG7KH642X6','com.vmware.kext.VMwareGfx','018D4064-57E3-4AE0-AFAE-489807AE8794','2022-07-23 19:10:09','2022-07-23 19:11:50',16,'a440619b81eba21bfb0577ddbe141aad412f5aae');" 26 | sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "INSERT OR REPLACE INTO kext_load_history_v3(rowid,path,team_id,bundle_id,boot_uuid,created_at,last_seen,flags,cdhash) VALUES(6,'/Library/Application Support/VMware Tools/vmhgfs.kext','EG7KH642X6','com.vmware.kext.vmhgfs','018D4064-57E3-4AE0-AFAE-489807AE8794','2022-07-23 19:10:14','2022-07-23 19:11:50',16,'203c46f8c16f599edd0da9436ec7fa3628adff15');" 27 | sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "INSERT OR REPLACE INTO kext_policy(rowid,team_id,bundle_id,allowed,developer_name,flags) VALUES(1,'EG7KH642X6','com.vmware.kext.VMwareGfx',1,'VMware, Inc.',0);" 28 | sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "INSERT OR REPLACE INTO kext_policy(rowid,team_id,bundle_id,allowed,developer_name,flags) VALUES(2,'EG7KH642X6','com.vmware.kext.vmhgfs',1,'VMware, Inc.',0);" 29 | sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "INSERT OR REPLACE INTO settings(rowid,name,value) VALUES(16,'lastStateSecurityPolicy','0');" 30 | 31 | # # Disable DEP enrolement at boot maybe? 32 | # sudo tee -a /etc/hosts >/dev/null <<-EOF 33 | #0.0.0.0 iprofiles.apple.com 34 | #0.0.0.0 mdmenrollment.apple.com 35 | #0.0.0.0 deviceenrollment.apple.com 36 | #0.0.0.0 gdmf.apple.com 37 | #0.0.0.0 albert.apple.com 38 | #0.0.0.0 deviceenrollment.apple.com 39 | #EOF 40 | # sudo rm -rf /var/db/ConfigurationProfiles/ 41 | # sudo rm /Library/Keychains/apsd.keychain 42 | 43 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(service, client, client_type, auth_value, auth_reason, auth_version, csreq, policy_id, indirect_object_identifier_type, indirect_object_identifier, indirect_object_code_identity, flags, last_modified) VALUES('kTCCServiceAccessibility', '/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/Support/AEServer', 1, 1, 4, 1, x'fade0c000000003000000001000000060000000200000012636f6d2e6170706c652e4145536572766572000000000003', NULL, 0, 'UNUSED', NULL, 0, 1646855925);" 44 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(service, client, client_type, auth_value, auth_reason, auth_version, csreq, policy_id, indirect_object_identifier_type, indirect_object_identifier, indirect_object_code_identity, flags, last_modified) VALUES('kTCCServiceAccessibility', '/Library/Application Support/VMware Tools/vmware-tools-daemon', 1, 2, 4, 1, NULL, NULL, 0, 'UNUSED', NULL, 0, 0);" 45 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(service, client, client_type, auth_value, auth_reason, auth_version, csreq, policy_id, indirect_object_identifier_type, indirect_object_identifier, indirect_object_code_identity, flags, last_modified) VALUES('kTCCServiceAccessibility', '/usr/local/bin/cliclick', 1, 2, 4, 1, NULL, NULL, 0, 'UNUSED', NULL, 0, 0);" 46 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(service, client, client_type, auth_value, auth_reason, auth_version, csreq, policy_id, indirect_object_identifier_type, indirect_object_identifier, indirect_object_code_identity, flags, last_modified) VALUES('kTCCServiceAccessibility', '/usr/libexec/sshd-keygen-wrapper', 1, 2, 4, 1, NULL, NULL, 0, 'UNUSED', NULL, 0, 0);" 47 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(service, client, client_type, auth_value, auth_reason, auth_version, csreq, policy_id, indirect_object_identifier_type, indirect_object_identifier, indirect_object_code_identity, flags, last_modified) VALUES('kTCCServiceDeveloperTool', 'com.apple.Terminal', 0, 0, 4, 1, NULL, NULL, 0, 'UNUSED', NULL, 0, 1646856644);" 48 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(service, client, client_type, auth_value, auth_reason, auth_version, csreq, policy_id, indirect_object_identifier_type, indirect_object_identifier, indirect_object_code_identity, flags, last_modified) VALUES('kTCCServiceSystemPolicyAllFiles', 'com.apple.Terminal', 0, 0, 5, 1, x'fade0c000000003000000001000000060000000200000012636f6d2e6170706c652e5465726d696e616c000000000003', NULL, NULL, 'UNUSED', NULL, 0, 1647143564);" 49 | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT OR REPLACE INTO access(rowid,service,client,client_type,auth_value,auth_reason,auth_version,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES(14,'kTCCServiceSystemPolicyAllFiles','/bin/bash',1,2,4,1,x'fade0c000000002c0000000100000006000000020000000e636f6d2e6170706c652e62617368000000000003',NULL,0,'UNUSED',NULL,0,1648928242);" 50 | defaults write NSGlobalDomain AppleKeyboardUIMode -int 3 51 | 52 | else 53 | echo "sip is enabled skipping some config changes" 54 | fi 55 | 56 | exit 0 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # packer-macOS-11 2 | 3 | This a packer template for macOS 11 or 12 built on VMware fusion 12. It's created using the newer packer hcl2 syntax. These templates only support x86 platform as Apple has introduced breaking changes with the new Applesilicon platform. 4 | 5 | ## Discussion thread for usage questions 6 | See this hashicorp discuss thread for general usage questions & answers. 7 | 8 | --> [**building-macos-12-x-vms-with-packer-and-fusion**](https://discuss.hashicorp.com/t/building-macos-12-x-vms-with-packer-and-fusion/31069) <-- 9 | 10 | ## Key capabilities 11 | * [scripts/macosiso.sh](scripts/macosiso.sh) creates a macOS installer via mist 12 | * Using voiceover and boot commands to open terminal.app !! 13 | * Downloading .pkg and script payloads to the recovery environment 14 | * Running the payload scripts that handle the install process 15 | * packer user creation and autologin 16 | * Clearing setup screens 17 | * Enable remotelogin system settings 18 | * Install Command Line Developer tools 19 | * Approve VMware tools Kernel Extensions 20 | ## Building macOS 11+ with this packer template 21 | * Minimum packer version is 1.7.x 22 | * VMware Fusion 12.0 or greater 23 | 24 | 25 | 26 | ## Prerequisite installer bits 27 | The current version of this project now uses mist to create macOS x86 installer iso files. Grab a copy from https://github.com/ninxsoft/Mist and make sure it's available on your path before the next steps. 28 | 29 | For generating the boot iso and matching shasum run the macosiso.sh script providing the OS major version you want to create. Generating the iso directly with mist also works. You will just need to povide packer the sha256 via input variable. 30 | 31 | scripts/macosiso.sh 12.2 32 | 33 | With the customize build I'm installing Xcode command line tools 13. Grab both the latest Xcode Command Line tools installer dmg from [developer.apple.com](https://developer.apple.com). Toss them into the `install_bits` directory. 34 | 35 | Here is what your `install_bits` directory should look like to successfully build the full image: 36 | ``` 37 | install_bits/ 38 | ├── Command_Line_Tools_for_Xcode_13.2.dmg 39 | ├── macOS_12.2.1_21D62.iso 40 | └── macOS_12.2.1_21D62.shasum 41 | ``` 42 | NOTE: Filenames will change as newer versions are released 43 | 44 | ## Named builds 45 | This template has two named builds `base` and `customize`. The idea here is to split the lengthy process of macOS installation (baking the image) from the customization (frying the image). The `base` build does the os install with the vmware-iso builder and `customize` takes the output VM from that and customizes it. Re-running the customization quickly gets allows for quicker testing of that phase. 46 | 47 | 48 | ### Building the base image 49 | Builds just the OS including VMware tools 50 | 51 | packer build -force -only=base.vmware-iso.macOS macOS.pkr.hcl 52 | 53 | ### Building the customize image 54 | Useful for testing customizations without waiting for the whole OS to install. 55 | 56 | packer build -force -only=customize.vmware-vmx.macOS macOS.pkr.hcl 57 | 58 | ### Input variables 59 | This template uses input variables for a bunch of customizable values. Run packer inspect to see the defaults and what can be changed. See the docs for more options like creating a local variables file for customization https://www.packer.io/docs/templates/hcl_templates/variables . 60 | 61 | packer inspect macOS_11.pkr.hcl 62 | 63 | ## Varibles file 64 | The recommended way to tweak settings in the template is by creating a packer variables file. Any of the Input variables can be adjusted this way. Specify a var file with the build commands to change the defaults. 65 | 66 | packer build -force -only=customize.vmware-vmx.macOS -var-file bigsur.pkrvars.hcl macOS.pkr.hcl 67 | 68 | Here is an example var file named bigsur.pkrvars.hcl 69 | ``` 70 | boot_key_interval_iso = "20ms" 71 | boot_wait_iso = "150s" 72 | boot_keygroup_interval_iso = "150ms" 73 | seeding_program = "none" # PublicSeed CustomerSeed DeveloperSeed none 74 | xcode_cli = "install_bits/Command_Line_Tools_for_Xcode_13.dmg" 75 | iso_filename = "install_bits/macOS_1160_installer.iso" 76 | iso_file_checksum = "file:install_bits/macOS_1160_installer.shasum" 77 | ram_gb = "8" 78 | cpu_count = "2" 79 | tools_path = "install_bits/darwin.iso" 80 | macos_version = "11.6" 81 | ``` 82 | 83 | ## Adjust resources 84 | If you need to adjust the cpu and RAM requirements to match your available resources. 85 | 86 | cpu_count="2" 87 | ram_gb="6" 88 | 89 | ## Adjust timing 90 | The process for starting the installer is very dependant on timing, unfortunately. If you run into unexpected results when the installer is starting up you may need to adjust the timing to match your system. Each release of the OS and specific hardware running the build can change the optimal timing. When in doubt add some time to these values to see if that fixes the issue. 91 | 92 | boot_key_interval_iso="400ms" 93 | boot_wait_iso="400s" 94 | boot_keygroup_interval_iso="5s" 95 | 96 | ### Customize computer serial and model 97 | Variables have been added to customize board id, hardware model & serial number. This can be handy for testing DEP workflows. 98 | 99 | board_id="Mac-27AD2F918AE68F61" 100 | serial_number="M00000000001" 101 | hw_model="MacPro7,1" 102 | 103 | ### Install pre-release software updates 104 | Apple has been seeding pre-release builds as software update only more often. To configure the installation of these pre-release versions pass the seed value you want to configure on the OS. 105 | 106 | seeding_program="DeveloperSeed" 107 | 108 | Possible values are 109 | 110 | PublicSeed 111 | CustomerSeed 112 | DeveloperSeed 113 | none 114 | ### Customize username, password, hostname & ssh key 115 | Changing the username/pass in the http/packer.pkg has been deprecated. The current version supports passing user details as packer variables. Configuring the following vars will remove the packer user and add a new one with the provided variables. Setting a hostname and ssh key simplifies connecting to the VM once the build is completed. 116 | 117 | remove_packer_user = true 118 | new_username = "claris" 119 | new_password = "m00000f!" 120 | new_ssh_key = "ssh-ed25519..." 121 | new_hostname = "mac123vm" 122 | 123 | ### Apple GPU support 124 | If the host system is running macOS 11.x or later enabling the virtualized GPU provides a dramatic speedup of the GUI. This version of the template uses a post-processor to add the needed vmx config if the host OS is macOS 11.x+. This capability is a beta VMware Fusion feature and has some known issues. 125 | 126 | ### Use downloaded version of VMware tools .iso 127 | Sometimes newer versions of VMware tools are available from vmware.com . Check https://vmware.com/go/tools . If you want to use an iso besides the one included with VMware fusion then update the variable tools_path 128 | 129 | tools_path="install_bits/darwin.iso" 130 | 131 | ### Add your own config script 132 | Additionally a new variable *bootstrapper_script* has been added. Using this is an easy way to add a few more commands to the build or pull down a script to extend the build process to your needs. I use it to install golang, macports and dotfiles via a script in another repo. See below for an example. 133 | 134 | ``` 135 | bootstrapper_script = [ "curl https://raw.githubusercontent.com/gitusers/myconfig/main/bootstrap.sh -o bootstrap.sh", 136 | "chmod +x bootstrap.sh", 137 | "./bootstrap.sh" ] 138 | ``` 139 | 140 | ### Simple wrapper script to run both base & customize builds 141 | Included is a simple wrapper script used to build the base image and then the customized image. It takes a single parameter that is a packer variable file. This simplifies the build process if you maintain multiple versions of macOS VMs. 142 | 143 | ``` 144 | ./build monterey.pkrvars.hcl 145 | ``` -------------------------------------------------------------------------------- /macOS.pkr.hcl: -------------------------------------------------------------------------------- 1 | packer { 2 | required_version = ">= 1.7.0" 3 | } 4 | 5 | variable "iso_file_checksum" { 6 | type = string 7 | default = "file:install_bits/macOS_1120_installer.shasum" 8 | } 9 | 10 | variable "iso_filename" { 11 | type = string 12 | default = "install_bits/macOS_1120_installer.iso" 13 | } 14 | 15 | variable "user_password" { 16 | type = string 17 | default = "packer" 18 | } 19 | 20 | variable "user_username" { 21 | type = string 22 | default = "packer" 23 | } 24 | 25 | variable "cpu_count" { 26 | type = number 27 | default = "2" 28 | } 29 | 30 | variable "ram_gb" { 31 | type = number 32 | default = "6" 33 | } 34 | 35 | variable "xcode_cli" { 36 | type = string 37 | default = "install_bits/Command_Line_Tools_for_Xcode_13.1.dmg" 38 | } 39 | 40 | variable "board_id" { 41 | type = string 42 | default = "Mac-27AD2F918AE68F61" 43 | } 44 | 45 | variable "hw_model" { 46 | type = string 47 | default = "MacPro7,1" 48 | } 49 | 50 | variable "serial_number" { 51 | type = string 52 | default = "M00000000001" 53 | } 54 | 55 | variable "snapshot_linked" { 56 | type = bool 57 | default = false 58 | } 59 | 60 | # Set this to DeveloperSeed if you want prerelease software updates 61 | variable "seeding_program" { 62 | type = string 63 | default = "none" 64 | } 65 | 66 | variable "tools_path" { 67 | type = string 68 | default = "/Applications/VMware Fusion.app/Contents/Library/isoimages/darwin.iso" 69 | } 70 | 71 | variable "boot_key_interval_iso" { 72 | type = string 73 | default = "150ms" 74 | } 75 | 76 | variable "boot_wait_iso" { 77 | type = string 78 | default = "300s" 79 | } 80 | 81 | variable "boot_keygroup_interval_iso" { 82 | type = string 83 | default = "4s" 84 | } 85 | 86 | variable "macos_version" { 87 | type = string 88 | default = "12.0" 89 | } 90 | 91 | variable "bootstrapper_script" { 92 | type = list(string) 93 | default = ["sw_vers"] 94 | } 95 | 96 | variable "headless" { 97 | type = bool 98 | default = false 99 | } 100 | 101 | variable "vnc_bind_address" { 102 | type = string 103 | default = "127.0.0.1" 104 | } 105 | 106 | variable "vnc_port_min" { 107 | type = string 108 | default = "5900" 109 | } 110 | 111 | variable "vnc_port_max" { 112 | type = string 113 | default = "6000" 114 | } 115 | 116 | variable "vnc_disable_password" { 117 | type = bool 118 | default = false 119 | } 120 | 121 | variable "remove_packer_user" { 122 | type = bool 123 | default = false 124 | } 125 | 126 | variable "new_username" { 127 | type = string 128 | default = "vagrant" 129 | } 130 | 131 | variable "new_password" { 132 | type = string 133 | default = "vagrant" 134 | } 135 | 136 | variable "new_ssh_key" { 137 | type = string 138 | default = "" 139 | } 140 | 141 | variable "new_hostname" { 142 | type = string 143 | default = "macosvm" 144 | } 145 | 146 | variable "fusion_app_path" { 147 | type = string 148 | default = "/Applications/VMware Fusion.app" 149 | } 150 | 151 | # source from iso 152 | source "vmware-iso" "macOS" { 153 | headless = "${var.headless}" 154 | fusion_app_path = "${var.fusion_app_path}" 155 | vnc_bind_address = "${var.vnc_bind_address}" 156 | vnc_disable_password = "${var.vnc_disable_password}" 157 | vnc_port_min = "${var.vnc_port_min}" 158 | vnc_port_max = "${var.vnc_port_max}" 159 | display_name = "{{build_name}} ${var.macos_version} base" 160 | vm_name = "{{build_name}}_${var.macos_version}_base" 161 | vmdk_name = "{{build_name}}_${var.macos_version}_base" 162 | iso_url = "${var.iso_filename}" 163 | iso_checksum = "${var.iso_file_checksum}" 164 | output_directory = "output/{{build_name}}_${var.macos_version}_base" 165 | ssh_username = "${var.user_username}" 166 | ssh_password = "${var.user_password}" 167 | shutdown_command = "sudo shutdown -h now" 168 | guest_os_type = "darwin20-64" 169 | cdrom_adapter_type = "sata" 170 | disk_size = "100000" 171 | disk_adapter_type = "nvme" 172 | http_directory = "http" 173 | network_adapter_type = "vmxnet3" 174 | disk_type_id = "0" 175 | ssh_timeout = "12h" 176 | usb = "true" 177 | version = "19" 178 | cpus = var.cpu_count 179 | cores = var.cpu_count 180 | memory = var.ram_gb * 1024 181 | vmx_data = { 182 | "gui.fitGuestUsingNativeDisplayResolution" = "FALSE" 183 | "tools.upgrade.policy" = "manual" 184 | "smc.present" = "TRUE" 185 | "smbios.restrictSerialCharset" = "TRUE" 186 | "ulm.disableMitigations" = "TRUE" 187 | "ich7m.present" = "TRUE" 188 | "hw.model" = "${var.hw_model}" 189 | "hw.model.reflectHost" = "FALSE" 190 | "smbios.reflectHost" = "FALSE" 191 | "board-id" = "${var.board_id}" 192 | "serialNumber" = "${var.serial_number}" 193 | "serialNumber.reflectHost" = "FALSE" 194 | "SMBIOS.use12CharSerialNumber" = "TRUE" 195 | "usb_xhci:4.deviceType" = "hid" 196 | "usb_xhci:4.parent" = "-1" 197 | "usb_xhci:4.port" = "4" 198 | "usb_xhci:4.present" = "TRUE" 199 | "usb_xhci:6.deviceType" = "hub" 200 | "usb_xhci:6.parent" = "-1" 201 | "usb_xhci:6.port" = "6" 202 | "usb_xhci:6.present" = "TRUE" 203 | "usb_xhci:6.speed" = "2" 204 | "usb_xhci:7.deviceType" = "hub" 205 | "usb_xhci:7.parent" = "-1" 206 | "usb_xhci:7.port" = "7" 207 | "usb_xhci:7.present" = "TRUE" 208 | "usb_xhci:7.speed" = "4" 209 | "usb_xhci.pciSlotNumber" = "192" 210 | "usb_xhci.present" = "TRUE" 211 | "hgfs.linkRootShare" = "FALSE" 212 | } 213 | vmx_data_post = { 214 | "sata0:0.autodetect" = "TRUE" 215 | "sata0:0.deviceType" = "cdrom-raw" 216 | "sata0:0.fileName" = "auto detect" 217 | "sata0:0.startConnected" = "FALSE" 218 | "sata0:0.present" = "TRUE" 219 | "vhv.enable" = "TRUE" 220 | } 221 | boot_wait = var.boot_wait_iso 222 | boot_key_interval = var.boot_key_interval_iso 223 | boot_keygroup_interval = var.boot_keygroup_interval_iso 224 | boot_command = [ 225 | "", 226 | "", 227 | "", 228 | "u", 229 | "", 230 | "", 231 | "", 232 | "w", 233 | "", 234 | "curl -o /var/root/packer.pkg http://{{ .HTTPIP }}:{{ .HTTPPort }}/packer.pkg", 235 | "curl -o /var/root/setupsshlogin.pkg http://{{ .HTTPIP }}:{{ .HTTPPort }}/setupsshlogin.pkg", 236 | "curl -o /var/root/bootstrap.sh http://{{ .HTTPIP }}:{{ .HTTPPort }}/bootstrap.sh", 237 | "chmod +x /var/root/bootstrap.sh", 238 | "/var/root/bootstrap.sh" 239 | ] 240 | } 241 | 242 | # Customize build from existing vm 243 | source "vmware-vmx" "macOS" { 244 | headless = "${var.headless}" 245 | vnc_bind_address = "${var.vnc_bind_address}" 246 | vnc_disable_password = "${var.vnc_disable_password}" 247 | vnc_port_min = "${var.vnc_port_min}" 248 | vnc_port_max = "${var.vnc_port_max}" 249 | display_name = "{{build_name}} ${var.macos_version}" 250 | vm_name = "{{build_name}}_${var.macos_version}" 251 | vmdk_name = "{{build_name}}_${var.macos_version}" 252 | ssh_username = "${var.user_username}" 253 | ssh_password = "${var.user_password}" 254 | boot_wait = "30s" 255 | skip_compaction = true 256 | linked = var.snapshot_linked 257 | source_path = "output/{{build_name}}_${var.macos_version}_base/macOS_${var.macos_version}_base.vmx" 258 | shutdown_command = "sudo shutdown -h now" 259 | output_directory = "output/{{build_name}}_${var.macos_version}" 260 | vmx_data = { 261 | "nvram" = "../../scripts/disablesip.nvram" 262 | "svga.maxWidth" = "1024" 263 | "svga.maxHeight" = "768" 264 | } 265 | vmx_data_post = { 266 | "nvram" = "{{build_name}}_${var.macos_version}.nvram" 267 | } 268 | } 269 | 270 | # Base build 271 | build { 272 | name = "base" 273 | sources = [ 274 | "sources.vmware-iso.macOS" 275 | ] 276 | 277 | provisioner "shell" { 278 | expect_disconnect = true 279 | pause_before = "2m" # needed for the first provisioner to let the OS finish booting 280 | script = "scripts/os_settings.sh" 281 | } 282 | 283 | provisioner "file" { 284 | source = var.tools_path 285 | destination = "~/darwin.iso" 286 | } 287 | 288 | provisioner "shell" { 289 | expect_disconnect = true 290 | scripts = [ 291 | "scripts/vmw_tools.sh" 292 | ] 293 | } 294 | } 295 | 296 | build { 297 | name = "customize" 298 | sources = ["sources.vmware-vmx.macOS"] 299 | 300 | provisioner "file" { 301 | sources = [var.xcode_cli, "files/cliclick"] 302 | destination = "~/" 303 | } 304 | 305 | provisioner "shell" { 306 | environment_vars = [ 307 | "NEW_HOSTNAME=${var.new_hostname}" # is this needed? 308 | ] 309 | expect_disconnect = true 310 | script = "scripts/os_configure.sh" 311 | } 312 | 313 | provisioner "shell" { 314 | expect_disconnect = true 315 | start_retry_timeout = "2h" 316 | environment_vars = [ 317 | "SEEDING_PROGRAM=${var.seeding_program}" 318 | ] 319 | scripts = [ 320 | "scripts/xcode.sh", 321 | "scripts/softwareupdate.sh", 322 | "scripts/softwareupdate_complete.sh" 323 | ] 324 | } 325 | 326 | # optionally remove packer user and setup a new local admin account 327 | provisioner "shell" { 328 | environment_vars = [ 329 | "REMOVE_PACKER_USER=${var.remove_packer_user}", 330 | "NEW_USERNAME=${var.new_username}", 331 | "NEW_PASSWORD=${var.new_password}", 332 | "NEW_SSH_KEY=${var.new_ssh_key}" 333 | ] 334 | scripts = ["scripts/newuser.sh","scripts/setAutoLogin.jamf.sh" ] 335 | } 336 | 337 | # optionally call external bootstrap script set by var.bootstrapper_script 338 | provisioner "shell" { 339 | expect_disconnect = true 340 | inline = var.bootstrapper_script 341 | } 342 | 343 | post-processor "shell-local" { 344 | inline = ["scripts/vmx_cleanup.sh output/{{build_name}}_${var.macos_version}/macOS_${var.macos_version}.vmx"] 345 | } 346 | } 347 | -------------------------------------------------------------------------------- /packages/setupsshlogin/setupsshlogin.pkgproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | PROJECT 6 | 7 | PACKAGE_FILES 8 | 9 | DEFAULT_INSTALL_LOCATION 10 | / 11 | HIERARCHY 12 | 13 | CHILDREN 14 | 15 | 16 | CHILDREN 17 | 18 | GID 19 | 80 20 | PATH 21 | Applications 22 | PATH_TYPE 23 | 0 24 | PERMISSIONS 25 | 509 26 | TYPE 27 | 1 28 | UID 29 | 0 30 | 31 | 32 | CHILDREN 33 | 34 | 35 | CHILDREN 36 | 37 | GID 38 | 80 39 | PATH 40 | Application Support 41 | PATH_TYPE 42 | 0 43 | PERMISSIONS 44 | 493 45 | TYPE 46 | 1 47 | UID 48 | 0 49 | 50 | 51 | CHILDREN 52 | 53 | GID 54 | 0 55 | PATH 56 | Automator 57 | PATH_TYPE 58 | 0 59 | PERMISSIONS 60 | 493 61 | TYPE 62 | 1 63 | UID 64 | 0 65 | 66 | 67 | CHILDREN 68 | 69 | GID 70 | 0 71 | PATH 72 | Documentation 73 | PATH_TYPE 74 | 0 75 | PERMISSIONS 76 | 493 77 | TYPE 78 | 1 79 | UID 80 | 0 81 | 82 | 83 | CHILDREN 84 | 85 | GID 86 | 0 87 | PATH 88 | Extensions 89 | PATH_TYPE 90 | 0 91 | PERMISSIONS 92 | 493 93 | TYPE 94 | 1 95 | UID 96 | 0 97 | 98 | 99 | CHILDREN 100 | 101 | GID 102 | 0 103 | PATH 104 | Filesystems 105 | PATH_TYPE 106 | 0 107 | PERMISSIONS 108 | 493 109 | TYPE 110 | 1 111 | UID 112 | 0 113 | 114 | 115 | CHILDREN 116 | 117 | GID 118 | 0 119 | PATH 120 | Frameworks 121 | PATH_TYPE 122 | 0 123 | PERMISSIONS 124 | 493 125 | TYPE 126 | 1 127 | UID 128 | 0 129 | 130 | 131 | CHILDREN 132 | 133 | GID 134 | 0 135 | PATH 136 | Input Methods 137 | PATH_TYPE 138 | 0 139 | PERMISSIONS 140 | 493 141 | TYPE 142 | 1 143 | UID 144 | 0 145 | 146 | 147 | CHILDREN 148 | 149 | GID 150 | 0 151 | PATH 152 | Internet Plug-Ins 153 | PATH_TYPE 154 | 0 155 | PERMISSIONS 156 | 493 157 | TYPE 158 | 1 159 | UID 160 | 0 161 | 162 | 163 | CHILDREN 164 | 165 | GID 166 | 0 167 | PATH 168 | LaunchAgents 169 | PATH_TYPE 170 | 0 171 | PERMISSIONS 172 | 493 173 | TYPE 174 | 1 175 | UID 176 | 0 177 | 178 | 179 | CHILDREN 180 | 181 | GID 182 | 0 183 | PATH 184 | LaunchDaemons 185 | PATH_TYPE 186 | 0 187 | PERMISSIONS 188 | 493 189 | TYPE 190 | 1 191 | UID 192 | 0 193 | 194 | 195 | CHILDREN 196 | 197 | GID 198 | 0 199 | PATH 200 | PreferencePanes 201 | PATH_TYPE 202 | 0 203 | PERMISSIONS 204 | 493 205 | TYPE 206 | 1 207 | UID 208 | 0 209 | 210 | 211 | CHILDREN 212 | 213 | GID 214 | 0 215 | PATH 216 | Preferences 217 | PATH_TYPE 218 | 0 219 | PERMISSIONS 220 | 493 221 | TYPE 222 | 1 223 | UID 224 | 0 225 | 226 | 227 | CHILDREN 228 | 229 | GID 230 | 80 231 | PATH 232 | Printers 233 | PATH_TYPE 234 | 0 235 | PERMISSIONS 236 | 493 237 | TYPE 238 | 1 239 | UID 240 | 0 241 | 242 | 243 | CHILDREN 244 | 245 | GID 246 | 0 247 | PATH 248 | PrivilegedHelperTools 249 | PATH_TYPE 250 | 0 251 | PERMISSIONS 252 | 1005 253 | TYPE 254 | 1 255 | UID 256 | 0 257 | 258 | 259 | CHILDREN 260 | 261 | GID 262 | 0 263 | PATH 264 | QuickLook 265 | PATH_TYPE 266 | 0 267 | PERMISSIONS 268 | 493 269 | TYPE 270 | 1 271 | UID 272 | 0 273 | 274 | 275 | CHILDREN 276 | 277 | GID 278 | 0 279 | PATH 280 | QuickTime 281 | PATH_TYPE 282 | 0 283 | PERMISSIONS 284 | 493 285 | TYPE 286 | 1 287 | UID 288 | 0 289 | 290 | 291 | CHILDREN 292 | 293 | GID 294 | 0 295 | PATH 296 | Screen Savers 297 | PATH_TYPE 298 | 0 299 | PERMISSIONS 300 | 493 301 | TYPE 302 | 1 303 | UID 304 | 0 305 | 306 | 307 | CHILDREN 308 | 309 | GID 310 | 0 311 | PATH 312 | Scripts 313 | PATH_TYPE 314 | 0 315 | PERMISSIONS 316 | 493 317 | TYPE 318 | 1 319 | UID 320 | 0 321 | 322 | 323 | CHILDREN 324 | 325 | GID 326 | 0 327 | PATH 328 | Services 329 | PATH_TYPE 330 | 0 331 | PERMISSIONS 332 | 493 333 | TYPE 334 | 1 335 | UID 336 | 0 337 | 338 | 339 | CHILDREN 340 | 341 | GID 342 | 0 343 | PATH 344 | Widgets 345 | PATH_TYPE 346 | 0 347 | PERMISSIONS 348 | 493 349 | TYPE 350 | 1 351 | UID 352 | 0 353 | 354 | 355 | GID 356 | 0 357 | PATH 358 | Library 359 | PATH_TYPE 360 | 0 361 | PERMISSIONS 362 | 493 363 | TYPE 364 | 1 365 | UID 366 | 0 367 | 368 | 369 | CHILDREN 370 | 371 | 372 | CHILDREN 373 | 374 | GID 375 | 0 376 | PATH 377 | Shared 378 | PATH_TYPE 379 | 0 380 | PERMISSIONS 381 | 1023 382 | TYPE 383 | 1 384 | UID 385 | 0 386 | 387 | 388 | GID 389 | 80 390 | PATH 391 | Users 392 | PATH_TYPE 393 | 0 394 | PERMISSIONS 395 | 493 396 | TYPE 397 | 1 398 | UID 399 | 0 400 | 401 | 402 | GID 403 | 0 404 | PATH 405 | / 406 | PATH_TYPE 407 | 0 408 | PERMISSIONS 409 | 493 410 | TYPE 411 | 1 412 | UID 413 | 0 414 | 415 | PAYLOAD_TYPE 416 | 0 417 | PRESERVE_EXTENDED_ATTRIBUTES 418 | 419 | SHOW_INVISIBLE 420 | 421 | SPLIT_FORKS 422 | 423 | TREAT_MISSING_FILES_AS_WARNING 424 | 425 | VERSION 426 | 5 427 | 428 | PACKAGE_SCRIPTS 429 | 430 | POSTINSTALL_PATH 431 | 432 | PATH 433 | /Users/blake/code/packer-macos-11/scripts/setupsshlogin.sh 434 | PATH_TYPE 435 | 0 436 | 437 | PREINSTALL_PATH 438 | 439 | PATH_TYPE 440 | 0 441 | 442 | RESOURCES 443 | 444 | 445 | PACKAGE_SETTINGS 446 | 447 | AUTHENTICATION 448 | 1 449 | CONCLUSION_ACTION 450 | 2 451 | FOLLOW_SYMBOLIC_LINKS 452 | 453 | IDENTIFIER 454 | com.mygreatcompany.pkg.setupsshlogin 455 | LOCATION 456 | 0 457 | NAME 458 | 459 | OVERWRITE_PERMISSIONS 460 | 461 | PAYLOAD_SIZE 462 | -1 463 | REFERENCE_PATH 464 | 465 | RELOCATABLE 466 | 467 | USE_HFS+_COMPRESSION 468 | 469 | VERSION 470 | 1.0 471 | 472 | PROJECT_COMMENTS 473 | 474 | NOTES 475 | 476 | 477 | 478 | PROJECT_SETTINGS 479 | 480 | BUILD_PATH 481 | 482 | PATH 483 | build 484 | PATH_TYPE 485 | 1 486 | 487 | EXCLUDED_FILES 488 | 489 | 490 | PATTERNS_ARRAY 491 | 492 | 493 | REGULAR_EXPRESSION 494 | 495 | STRING 496 | .DS_Store 497 | TYPE 498 | 0 499 | 500 | 501 | PROTECTED 502 | 503 | PROXY_NAME 504 | Remove .DS_Store files 505 | PROXY_TOOLTIP 506 | Remove ".DS_Store" files created by the Finder. 507 | STATE 508 | 509 | 510 | 511 | PATTERNS_ARRAY 512 | 513 | 514 | REGULAR_EXPRESSION 515 | 516 | STRING 517 | .pbdevelopment 518 | TYPE 519 | 0 520 | 521 | 522 | PROTECTED 523 | 524 | PROXY_NAME 525 | Remove .pbdevelopment files 526 | PROXY_TOOLTIP 527 | Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. 528 | STATE 529 | 530 | 531 | 532 | PATTERNS_ARRAY 533 | 534 | 535 | REGULAR_EXPRESSION 536 | 537 | STRING 538 | CVS 539 | TYPE 540 | 1 541 | 542 | 543 | REGULAR_EXPRESSION 544 | 545 | STRING 546 | .cvsignore 547 | TYPE 548 | 0 549 | 550 | 551 | REGULAR_EXPRESSION 552 | 553 | STRING 554 | .cvspass 555 | TYPE 556 | 0 557 | 558 | 559 | REGULAR_EXPRESSION 560 | 561 | STRING 562 | .svn 563 | TYPE 564 | 1 565 | 566 | 567 | REGULAR_EXPRESSION 568 | 569 | STRING 570 | .git 571 | TYPE 572 | 1 573 | 574 | 575 | REGULAR_EXPRESSION 576 | 577 | STRING 578 | .gitignore 579 | TYPE 580 | 0 581 | 582 | 583 | PROTECTED 584 | 585 | PROXY_NAME 586 | Remove SCM metadata 587 | PROXY_TOOLTIP 588 | Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. 589 | STATE 590 | 591 | 592 | 593 | PATTERNS_ARRAY 594 | 595 | 596 | REGULAR_EXPRESSION 597 | 598 | STRING 599 | classes.nib 600 | TYPE 601 | 0 602 | 603 | 604 | REGULAR_EXPRESSION 605 | 606 | STRING 607 | designable.db 608 | TYPE 609 | 0 610 | 611 | 612 | REGULAR_EXPRESSION 613 | 614 | STRING 615 | info.nib 616 | TYPE 617 | 0 618 | 619 | 620 | PROTECTED 621 | 622 | PROXY_NAME 623 | Optimize nib files 624 | PROXY_TOOLTIP 625 | Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. 626 | STATE 627 | 628 | 629 | 630 | PATTERNS_ARRAY 631 | 632 | 633 | REGULAR_EXPRESSION 634 | 635 | STRING 636 | Resources Disabled 637 | TYPE 638 | 1 639 | 640 | 641 | PROTECTED 642 | 643 | PROXY_NAME 644 | Remove Resources Disabled folders 645 | PROXY_TOOLTIP 646 | Remove "Resources Disabled" folders. 647 | STATE 648 | 649 | 650 | 651 | SEPARATOR 652 | 653 | 654 | 655 | NAME 656 | setupsshlogin 657 | PAYLOAD_ONLY 658 | 659 | 660 | 661 | TYPE 662 | 1 663 | VERSION 664 | 2 665 | 666 | 667 | --------------------------------------------------------------------------------