Installing OS X with an incompatible "OEM" disk

Like Windows, new Macs come with a preloaded disk in case you ever need to reinstall. What many users owning multiple machines -- or desperately borrowing friends' disks after their Mac becomes unbootable -- learn the first time they attempt to use it, however, is that the disk is designed to install on only the original Mac it was shipped with, informing only that the software is incompatible upon installation with no further explanation.

If the original Mac exists, booting the intended machine into Target Mode using FireWire and tricking the CD into installing onto the mounted hard drive is the easiest option. But what if the original Mac is missing, sold or no longer functional?

Editing and re-burning the disk, although illegal, is possible yet not the simplest solution by any means, not the least of which because most users don't have 8GB DVDs sitting around. You will still need a second Mac running the same version and architecture of OS X which you intend to install, a FireWire cable and the preloaded installation disk (more on architecture below).

1. Preparing the target drive
   
2. Building the installation from source
3. Filling in missing files
4. Repairing the drive
   
5. Booting the drive and running Setup Assistant
6. Common errors

Preparing the Drive
Begin by hooking up the target drive to another Mac via FireWire if it is already inside a machine, or via USB if you are installing on an external drive. If it is inside a Mac, start the machine in Target Mode by holding down the T key immediately after powering on, until the blue screen appears with the bouncing FireWire emblem.

It may take anywhere from several seconds to several minutes for your drive to mount. If the drive is already empty and partitioned, you will not need any preparation; if it contains any data or is not formatted correctly, you will need to repartition the drive.

Note: You do not need to format the disk if you are upgrading instead of reinstalling.

Be very sure to format the filesystem according to your architecture, or else after all the effort your drive will not be able to boot. Newer Macs such as MacBooks and iMac flatscreens use Intel x86 processors, while older models such as iBooks, PowerBooks and G5 towers use Apple's custom PowerPC architecture. The architecture of the machine can easily be determined by running the arch command. PowerPCs will return ppc, while Intel-based Macs will be either i386 or i686. This is important because PowerPCs must be formatted with the Apple Partition Scheme, while Intel Macs are partitioned using the GUID Partition Table. It is very important that the host Mac has the same architecture as the machine to be reinstalled, as the DVD installer will go off of its host's configuration to install the appropriate kernel extensions and drivers.







Format the drive according to your architecture by selecting Options from the Partitions tab.











Building the Installation
While installing this way is not "from source" in the strictest sense, it is an alternative to running the built-in installer application included on the disk as each package must be installed manually, and more or less in the correct order, although some deviation will not cause any long-term problems aside from the package refusing to install in the first place.

If you are installing on the command-line, navigate to /Volumes/Mac\ OS\ X\ Install\ DVD/System/Installation/Packages. From the Finder, this folder cannot be accessed directly but can be found by inserting the above location using Go -> Go to Folder. From the Finder, the packages listed herein can be installed by double-clicking. Note that the package will try to install by default on the machine you are currently sitting on. You must click "Change Install Location" and select the mounted drive for each package. From the command-line, install the packages with the installer command:

sudo installer -pkg package.pkg -target /Volumes/PowerBook\ HD

Install the packages in the following order. They may vary slightly by distribution.
BaseSystem.pkg
DeTier.pkg
Essentials.pkg
AdditionalEssentials.pkg
AdditionalFonts.pkg
Directory.pkg
Java.pkg
JavaTools.pkg
MigrationAssistant.pkg
X11User.pkg (optional if you want to use X11)
MediaFiles.pkg
ACL.pkg

Optional Applications:

AddressBook.pkg
Mail.pkg
Safari.pkg
iCal.pkg
iChat.pkg
iTunes.pkg
iPodSupport.pkg
DVDPlayer.pkg

You can of course install every package in the directory, including the extra language support and XCode Tools, but these files are what is needed for a minimalistic OS X installation. This will take roughly the same amount of time as a normal installation, so allow 30-45 minutes to complete. When finished, you will now have a bare minimum -- albeit only half-functional -- installation of Mac OS X.

Filling in the Holes
I have not been able to find the section of the disk which creates the hidden directories properly. (Please leave a comment if you do.) In the meantime, you will need to recreate the /private/etc and /usr directories, which although they are created during the installation do not contain many files needed to actually boot the system. You will need to clone them from another Mac, ideally one which has not had too many custom executables installed -- e.g. as close to the fresh installation state as possible.

The drive will not yet show up in the boot menu, so keep it mounted on the host Mac. Use the following commands to clone the missing directories:

sudo rsync -avH /usr /Volumes/PowerBook\ HD
sudo rsync -avH /private/etc /Volumes/PowerBook\ HD/private/

Be sure not to include the trailing / on /usr and /etc, as including it will copy the contents of the directories instead of the directories themselves.

Booting the Drive
You will now have a close-as-possible legit installation of OS X. Unmount the drive, disconnect the FireWire or USB cord, (some models will refuse to boot with it plugged in) insert the original installation disk into the new machine and boot into it. Click OK when the prompt appears informing you of incompatibility. From here, select Utilities -> Startup Disk from the menu and select your drive. Reboot and eject the disk. If you attempt to boot before this, you will find that while the drive may be seen, it will be unnamed and will freeze at the login screen.

Typically, you will now be run through the Setup Assistant and may proceed as you would with a normal installation. It may be frozen at the login screen for several moments before loading Setup Assistant, as it has attempted to load normally before realizing that no users exist, since it was not completed in the usual way.

Common errors
I encountered several errors during my first attempt; namely, I had booted prior to selecting the disk as the startup volume, which froze indefinitely at the login screen. This created a cache file which prevented Setup Assistant from being able to start.

The cache is located in /Library/Caches/LaunchServices/com.apple.LaunchServices-0140.csstore. There may be several with different trailing numbers depending on how many times you attempted to boot. Remove these files. Upon reboot, Setup Assistant will launch.

Setup Assistant will also not launch unless a file located in /var/db/.AppleSetupDone is missing. This file contains the registration information for your Mac. Removing it will allow you to re-register any Mac, although you may also edit the file if you simply want to change your name or address. If the file exists, remove it.


Several errors may be present due to the copying of the /etc and /usr directories. Most importantly, check that the modes on both directories are correct:

Minimac:/ root# ls -l | grep usr
drwxr-xr-x   12 root      wheel         408 Nov 23 10:34 usr

If they differ, use the following to correct them:

sudo chown -R root:wheel /private/etc /usr
sudo chmod 755 /private/etc /usr

The first time opening Terminal.app, you may be greeted with the following error instead of a prompt:

login: PAM Error (line 396): System error
login: Could not determine audit condition

[Process completed]

In the Finder, use Go to Folder to navigate to /usr/bin and drag the login file to the trash.

Sudo may also malfunction, if the /etc/sudoers file does not exist or its mode is wrong. The correct mode is 0440.

Depending on how long you remain logged in and allow the caches and databases to propagate, you should be be prompted with various updates and security fixes, during installation of which you should watch /var/log/system.log for possible errors.

You will now have a working, out-of-the-box installation of Mac OS X.
Read Full Post

Disable the Screen Sharing menu icon

Whether your boss has requested you keep an eye on a coworker or you just want to spy on your little brother, the menu icon that alerts users of your watchful presence can be an annoyance and a dead giveaway.

There are two ways to disable it. If you are using Apple Remote Desktop (ARD) to control Screen Sharing, you may simply hide it:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -clientopts -setmenuextra -menuextra no

If you are not using ARD, this will not work and you will have to remove the icon manually. The configuration is located in /System/Library/CoreServices/Menu Extras/RemoteDesktop.menu. You can either rename it, remove it completely or change its permissions to 000.

This will also work with any of the items in the Menu Extras directory, such as the volume, clock, or Fast User Switching menu.
Read Full Post

Customizing the OS X login screen

Changing the Background
The background image can be changed by simply replacing the file. In Leopard, the default background is located in /System/Library/CoreServices/DefaultDesktop.jpg. In Tiger, the file is /Library/Desktop Pictures/Aqua Blue.jpg. Rename the default to a different name and copy your file of choice over the original file.
















Customizing Users
There are many tweaks one can make to the user list. Say you want to create an invisible user only accessible via SSH. Or to hide all users with certain UIDs, or hide the Other user once the root account has been enabled.

First, if you mess up something too badly, it is always possible to remove your edits by using
defaults delete /Library/Preferences/com.apple.loginwindow and
defaults delete /Library/Preferences/com.apple.loginwindow HiddenUsersList to delete users you may have hidden. Any value using TRUE may also be reversed by substituting FALSE and vice-versa.

To hide a user from the login window, use:
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add 'jason'
You can use the user's UID instead as well. The user will also no longer appear in the Fast User Switching menu once someone has logged in.

To hide all users with UIDs under 500 -- e.g. root and the built-in Guest account:
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE

To hide the Other user:
defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE

Do not try and hide all your users as this will cause the login window to be unfunctional. The login screen with the three examples shown above:


Read Full Post

Editing Mac OS X menus and Preference Panes

There is always that one smart mystery student in the lab who manages to bypass the Parental Controls and mess with the machine settings, or keeps shutting them down at inconvenient times just to annoy. While settings such as showing the Shut Down option in the login screen exist, removing it from the menu once the user has logged in do not. If they have managed to access the System Preferences, this option can be unchecked anyway.

Editing the Main Menu OS X's user interface is entirely composed of .plist and .xib files, both of which are text. Although generally difficult to find, in theory it is possible to change the appearance of nearly anything. Always make a copy of the entire .nib directory in case something goes wrong, since displacing a single line could render your Finder unusable. The interface file for the Main Menu is located in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ HIToolbox.framework/Versions/A/Resources/English.lproj/StandardMenus.nib/  If you are using a different language, change the English.lproj appropriately.

The file to be edited is objects.xib. Any command-line, text-based or XML editor will work; I am using vi. Locate the section of the file containing the object to be removed; you will notice that there are two different sections for Restart and Shut Down. Remove both.

UPDATE: For 10.7 users (Lion), you will also need to remove the "Reference" line at the bottom of the file, corresponding to the ID # of the object you are removing. In the above example, the object ID is "284". The ID numbers will vary depending on the version of OS X.

You will need to log out and back in before any changes will take effect. You can in fact remove everything in the menu, including Log Out and Force Quit.

Editing the Preference Panes

A Preference Pane is the individual icon related to a particular configuration within System Preferences. What if you have a paranoid coworker who insists on disabling SSH and VNC, making your job as sysadmin much more difficult when his machine crashes? Or someone who keeps changing the Energy Saver settings, having it shut down before the company-wide backups are made at midnight?

There are two possible ways to modify a Preference Pane -- removing it altogether, or simply changing components within it. You want the coworker to be able to control his Printer Sharing, but not his Remote Access.

These particular instructions will work only with Leopard or later.

The configuration for the default Preference Panes is located in /System/Library/PreferencePanes, while those for custom applications will be in /Library/PreferencePanes. The file for the Remote Login service in particular is located in /System/Library/PreferencePanes/SharingPref.prefPane/Contents/Resources/servicelist.xml.

Locate the enclosed service to disable in the xml file and remove it. You will see that the service no longer appears in the Sharing list:

By removing the SharingPref.prefPane directory, or changing its permissions to 000, it will disappear from the System Preferences entirely.

Read Full Post

Use VNC on an existing X display

VNC can be incredibly useful, particularly in a work environment where a troubled coworker could be in an entirely separate subdivision of the building. Mac OS X's proprietary implementation of VNC, known as Screen Sharing, will allow control of whoever is logged in at the moment, while under Linux starting a VNC server will create an entirely new X session independent of anyone already using the machine.

In order to use VNC on Linux in the same way as Screen Sharing, we can use a small VNC server called x11vnc. This link is a standard tarball; there may also be a binary distribution available at the x11vnc website.

To start the VNC server, use:
x11vnc -rfbauth ~/.vnc/passwd -display :0 -auth guess

If you have used VNC before, ~/.vnc/passwd will already exist. If not, you can use vncpasswd to generate one.

The auth switch will depend on your display manager. If you are using xinit, -auth guess should be able to detect the current session cookie, but if you are using GDM you will have to provide it manually.

If you are using xinit and x11vnc cannot detect the cookie, running ps auxw | grep serverauth will return something similar to
xinit /etc/X11/xinit/xinitrc -- /usr/bin/X :0 -auth /home/drsavoye/.serverauth.3033
/home/drsavoye/.serverauth.3033 will replace the guess parameter.

If you are using GDM, the cookie can be found by running ps auxw | grep cookie, which will return
/usr/bin/Xorg :0 -br -verbose -auth /var/run/gdm/auth-cookie-XX756E9U-for-gdm -nolisten tcp
/var/run/gdm/auth-cookie-XX756E9U-for-gdm will replace the guess parameter.

Now, on the client side, you can use whichever VNC viewer you choose.
Read Full Post

Disabling / enabling SSH timeout

Read from remote host ariel.localhost: Connection reset by peer
Connection to ariel.localhost closed.

There are two ways to prevent SSH from timing out when left idle. The first is on the server, the second on the client. Both require editing the SSH config file.

The configuration is split between two files: On Linux, /etc/ssh/ssh_config and /etc/ssh/sshd_config. On OS X, they tend to reside in /etc/ssh_config and /etc/sshd_config. ssh_config is the configuration for the SSH program itself on the client, while sshd_config is the configuration for the SSH daemon on the server.

On the server machine uncomment, or add if it does not exist, the line:
ClientAliveInterval 60

On the client side, the line is:
ServerAliveInterval 60

The interval is in seconds, so you may specify any time period you like. On the server side, this defines the timeout interval after which no data has been received from the client that it should send a quick poke to request a response from the idle client. If the interval is set to 0, or the line does not exist, these messages will not be sent.

Similarly, on the client side, the interval is how often it should send a message to the server indicating that the connection is still active.

You must restart the sshd daemon after editing the file.
On Linux:
/etc/init.d/sshd restart

and on OS X: launchctl unload /System/Library/LaunchDaemons/ssh.plist and
launchctl load /System/Library/LaunchDaemons/ssh.plist

You can also restart sshd on OS X by unchecking and rechecking the box in System Preferences:


Read Full Post