Launchd Tools Released

Launchd Tools are for reading and creating launchd jobs.

For example, to see info about all Apple LaunchAgents and LaunchDaemons.

launchd2cmd /System/Library/Launch*/*

Or to create your own launchd job from an existing command:

cmd2launchd /usr/local/bin/daemond -d --mode foreground

Check it out here: https://github.com/kcrawford/launchd_tools

Advertisements

dockutil 1.1 released

Version 1.1 of dockutil is out:

  • fixes many issues with paths (should now work with Default User Template and other paths with spaces)
  • adds option to not restart the dock (–no-restart)
  • fixes issue where item would be added multiple times (use –replacing to update an existing item)
  • resolves deprecation warnings
  • adds option to remove all items (–remove all)
  • fixes issue with removals when a url exists in a dock
  • adds option –version to output version

Snow Leopard Apache Web Server SSL Pass phrase Error

If you are getting errors “Pass phrase incorrect” in your apache logs on Snow Leopard server, it is because the key is protected by a password.  I found the answer here.

The password for the key is stored in the System Keychain.  It is a password entry called “Mac OS X Server certificate management”.  You can open the entry and select “Show Password”.  You may also use the security command line tool to dump the password.

security find-generic-password -l "Mac OS X Server certificate management" -g

or

security dump-keychain -d # look in data for password which will look like a GUID

Once you have the password, you can create a copy of the key without the password using openssl:

openssl rsa -in /etc/certificates/server.domain.com.uniqueid.key.pem \
 -out /etc/certificates/server.domain.com.uniqueid.passwordlesskey.pem

You can then replace the password protected key with the passwordless key or point apache to the passwordless key in your /etc/apache2/sites/sitename.conf file.

Parsing Mac OS X System Profiler

It is pretty cool how Apple System Profiler has a command line equivalent (system_profiler). And it is pretty cool how system_profiler has a -xml option to allow for easier parsing. You might use this info for extracting asset information into a database or for puppet facter facts.

However if you’ve ever looked at that xml, you know that it is a tree full of unpredictable semi-structured data that was designed specifically for the GUI app. So even though you can parse it with your favorite plist parser, there is still a lot more work to do to get to the data you care about.

The tree structure is nice for a browsing through on a single machine, but not so good for reporting across many machines.

Apple stores most of the same data as key value pairs in its database for ARD reporting, but they do a lot of massaging of the data to get it that way.

It is possible to get at this data in an ARD database if you have an ARD collection server, but an ARD collection server isn’t for everyone and doesn’t serve every use case.

You can still get at the nicely formatted ARD information. ARD client includes a tool that outputs most, if not all of the asset information you care about in a much nicer structured format for reporting.

The tool is called sysinfocachegen and you use it like this:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sysinfocachegen -p /tmp/com.yourorganization.systeminfo.plist

Just use your favorite language’s plist parser to read the plist.

Set DirectoryService debug level

Apple’s document on Extending and Troubleshooting Directory Services has a lot of good info.

One correction though is that the debug level must be an integer.
sudo defaults write /Library/Preferences/DirectoryService/DirectoryServiceDebug "Debug Logging Priority Level" -integer 2

I’ve notified Apple, so this may be fixed by the time you read this.

Update: That link is dead. Here is an article that offers some similar information.