Archive
ASR’s hidden documentation
As part of trying to trace down a separate mystery, the folks in the ##osx-server IRC room made an interesting discovery: Apple’s asr tool has hidden documentation.
Normally, to access Apple’s documentation on a command-line tool, you would use man toolname_here or toolname_here help. asr has both of those, but it also has a separate command that reveals additional asr options not mentioned in the regular man or help pages.
With asr help, you get the following output:
Usage: asr
is one of the following:
asr help | version
asr restore --source --target []
asr restore --source asr:/// --file []
asr server --source --config []
asr imagescan --source [--filechecksum] [--nostream] [--SHA1]
is in bytes but may end with a scale factor (b, k, m, g)
common are any of:
--source path or url to disk image file, mountpoint, or
web accessible disk image
--puppetstrings print out messages in format good for machine parsing
--verbose display verbose output
--debug display debug output
restore are any of:
--target path to volume or mountpoint
--erase formats target volume
--format target format when erasing (defaults to source)
--noprompt don't require confirmation on erase
--noverify don't checksum results
--buffers number of buffers to use in block copy
--buffersize size of buffers to use in block copy
--csumbuffers number of buffers for the checksum if different
--csumbuffersize size of buffers for the checksum if different
--timeout max wait for stream in multicast client mode
server are any of:
--interface Use 'if' as the interface for the server's
outgoing stream
--config server configuration file in plist format
imagescan are any of:
--filechecksum calculate file checksum
--nostream don't reorder file for multicast streaming
--SHA1 add a SHA-1 checksum to the image
However, when you run FULL_USAGE=1 asr help, you get the following output:
Usage: asr
is one of the following:
asr help | version
asr restore --source --target []
asr restore --source asr:/// --file []
asr server --source --config []
asr imagescan --source [--filechecksum] [--nostream] [--SHA1]
asr partition --target [--testsize ]
[--retestsize ] [--recoverysize ]
asr freeze --target [--testsize ]
[--retestsize ] [--recoverysize ]
asr thaw --target [--recovery] [--modifyrecovery]
asr adjust --target [--settype ]
is in bytes but may end with a scale factor (b, k, m, g)
common are any of:
--source path or url to disk image file, mountpoint, or
web accessible disk image
--puppetstrings print out messages in format good for machine parsing
--verbose display verbose output
--debug display debug output
restore are any of:
--target path to volume or mountpoint
--hidden restore to the hidden customer software partition
--erase formats target volume
--format target format when erasing (defaults to source)
--noprompt don't require confirmation on erase
--noverify don't checksum results
--buffers number of buffers to use in block copy
--buffersize size of buffers to use in block copy
--csumbuffers number of buffers for the checksum if different
--csumbuffersize size of buffers for the checksum if different
--timeout max wait for stream in multicast client mode
server are any of:
--interface Use 'if' as the interface for the server's
outgoing stream
--config server configuration file in plist format
imagescan are any of:
--filechecksum calculate file checksum
--nostream don't reorder file for multicast streaming
--SHA1 add a SHA-1 checksum to the image
There are now four additional options listed:
asr partition --target [--testsize ]
[--retestsize ] [--recoverysize ]
asr freeze --target [--testsize ]
[--retestsize ] [--recoverysize ]
asr thaw --target [--recovery] [--modifyrecovery]
asr adjust --target [--settype ]
The question I don’t know the answer to is “What do these options do?”
I’ve seen asr adjust used to correct an incorrectly set Recovery HD partition, but I’m not familiar with what asr freeze and asr thaw do.
Do you know? Let me know in the comments.
FileVault Setup.app – local FileVault 2 encryption setup and enforcement
I was recently asked to help test a new utility called FileVault Setup for setting up and enforcing FileVault 2 encryption. It’s designed to be a user-friendly interface for Apple’s fdesetup tool on OS X 10.8.x which supports turning on FileVault 2 encryption and enabling a single user account.
One nice thing about this tool from my perspective is that it’s designed to be independent of any server-based resources. To the best of my knowledge, this is the first tool I’ve seen that allows FileVault encryption to be enforced on a machine entirely from the machine’s own resources. See below the jump for the details.
Booting into single-user mode on a FileVault 2-encrypted Mac
I recently communicated with a Mac admin who was concerned about using FileVault 2 in his environment because he didn’t want to lose access to tools like single-user mode. Like a number of Mac admins, he’d found single-user mode valuable in helping to diagnose and fix issues on troublesome Macs.
Fortunately, Apple makes it reasonably easy to boot into single-user mode on a FileVault 2-encrypted system. Here’s how to boot into single-user on a FileVault 2-encrypted system:
1. Hold down Command-S after powering the system.
2. The Mac will be begin booting into single user, then the FileVault 2 pre-boot login screen will appear.
3. Authenticate at the FileVault 2 pre-boot login screen by selecting an account and providing the account’s password.
4. The Mac will then unlock and continue booting into single-user mode.
To show what this looks like, I’ve made a short video showing the process. In this instance, I booted into single-user mode and performed a disk check using fsck, then continued with the rest of the boot process.
Managing Safari’s Java whitelist
Safari 6.0.4 and later (for Mac OS X 10.7.x and 10.8.x), and 5.1.9 and later (for Mac OS X 10.6.x) now prompts you to enable the Java browser plug-in on a website-by-website basis. When a Java applet is allowed, it is added to a whitelist in Safari’s Security settings.
This was going to be an issue at my workplace, as we have a couple of applications that rely on Java applets running through the browser. To help fix this and manage the Safari Java whitelist, I’ve written a couple of scripts. These scripts are designed to add websites to Safari’s Java whitelist without overwriting existing entries. For more details, see below the jump.
Update – 10-22-2013: These scripts do not work to manage the Java whitelist on Safari 6.1 and higher. If you are using either of these scripts, please do not use them with Safari 6.1 or higher on Mountain Lion or Mavericks as they may cause Safari to crash.
Migrating OS X VMs files without VMware Standalone Converter
In one of the comments to my earlier post about migrating OS X VMs to ESXi, Alan Gordon mentioned another way to convert an OS X VM’s vmdk file to an ESXi-compatible format.
Since the process I developed is ultimately about getting the OS X VM’s vmdk file up to the ESXi server, then building a new VM on the ESXi server to use that vmdk file, this is an easier technique because it allows us to skip using VMware Standalone Converter altogether. Instead, this procedure will use the vmware-vdiskmanager tool included with VMware Fusion and the VMware vSphere Client application. See below the jump for details.
Running Java 7 in a VMware Fusion 10.8.x VM
As mentioned previously, I’ve moved the majority of my testing to OS X VMs running in either VMware Fusion or VMware ESXi. However, there has been one component of my build testing that I still needed actual Macs for: testing Oracle’s Java 7 updates. The reason for this is that Java 7 crashes when run inside of a VMWare Fusion VM.
Oracle has certified the following virtualization solutions as being Oracle JDK 7 and JRE 7 Certified System Configurations:
Certified:
Not certified:
VMware virtualization solutions
Microsoft virtualization solutions
Unfortunately, that meant unless Oracle or VMware stepped up, Java 7 wasn’t going to run inside an OS X VM. Fortunately, VMware stepped up. There is now a script available from VMware to patch liblwawt.dylib in the Java 7 Runtime Environment. The patch addresses the Java 7 crashing issue, allowing Java 7 Update 17 to run normally in an OS X 10.8.3 VM.
The patch is specific to 10.8.x VMs and does not work in 10.7.x VMs at this time.
I’ve posted a copy of the Python script that applies the patch here on my GitHub repo:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/vmware_fusion_java_7_patch
I’ve also built a payload-free package to run the script:
Migrating OS X VMs to a VMware ESXi server
I’ve started using ESXi servers more and more for hosting my test Macs, both here and at work. As part of that, I’ve found it to be considerably easier for me to build the VM inside of VMware Fusion on my Mac and move it to ESXi, then build it from scratch on my ESXi server.
That said, I’ve found the process for moving OS X VMs has not been straightforward. When I first tried moving 10.8.x VMs, I tried both VMware’s OVF Tool and VMware’s Standalone Converter, but neither initially appeared to provide me with the ability to transfer working OS X 10.8.x VMs.
In the end, I was able to find a way to use VMware’s Standalone Converter to transfer 10.8.x VMs, but the process involves some extra steps on the ESXi server’s end.
The process I’ve developed involves using a Windows 7 VM running inside of VMware Fusion, with the VMware Standalone Converter application installed. One thing to note before proceeding further is that I did not try this with a vSphere server. All my work has been done with VMware’s free ESXi server, so it may be that there’s an easier way to do this with vSphere. See below the jump for details.
Der Flounder 
Recent Comments