Saturday, June 30, 2012

Fresh Mac Setup

The why

I'm an opinionated prick and I like things a certain way. When I get to a machine with a fresh install of OS X, I like to dive in and setup my base before doing any 'extra' stuff. Since I just got my hands on a new MacBook Pro 15" with Retina Display I figured I'd do the rundown and document it.

UPDATE [ 07/02/12 ]: I should have mentioned that this post is also an expansion of a previous post I did just over a year prior on running homebrew with pkgsrc. More is covered here but that's certainly part of it. Also I should probably share that if you're one of those Mac users who never uses Terminal because you're afraid of the command prompt, this post is probably not going to help you much.

User accounts

I create one admin user (first), then I create my regular user with no admin privileges. This is a safe guard against many possible no-nos, attacks, fat fingerings, etc.. 

Next I add my regular user account (user) to the /etc/sudoers file with a line like: 
    myuser ALL=(ALL) ALL

This ensures that I don't have to switch user accounts to get certain things done from the shell, where I spend about 90% of my time on a mac. 

App Store

While still in the admin account I log into the App Store and start downloading key pieces of software. For me this is XCode, FreeMemory, Better Snap Tool, & Caffeine

System Preferences

After making my normal user account (but while still logged in as admin), I go through System Preferences to do some verification and modification of settings.

Security & Privacy
  • General - Require password for sleep and screen saver (5 seconds)
  • General - Disable Automatic login (checked)
  • Firewall - Turn on Firewall
  • Privacy - Send diagnostic and usage data to Apple (unchecked)
  • Privacy - Enable Location Services (checked)
  • Privacy : Advanced - Automatically update safe downloads list (unchecked)


  • Remote Login (checked)  [ Note: This is for SSH only ]
  • Remote Login - Allow access for: Only these users (selected)  [ Add non-admin user ]
  • Everything else should be unchecked. 

Universal Access
  • Seeing : Zoom : Options - Use scrool wheel with modifier keys to zoom (checked)  [ I use '^' which is the control key ]
  • Seeing - Enable access for assistive devices

XBloat XCode

Click to install the main package. Once that is done go to the menu bar and navigate to XCode -> preferences -> Downloads and click to install Command Line Tools

With the above is't now time to login as my regular user and start customizing the environment

Login as User

The first thing I do is remove all of the application from the doc except Finder. Then open up Terminal and create a personal Applications directory in my users home directory: 
    $ mkdir ~/Applications/

then I link the System Applications directory under the one I created: 
    $ ln -s /Applications ~/Applications/SysApps
    $ open ~

I then drag the Applications directory to the doc for easy access. Now when I install applications for my own use (Chrome, Firefox, Adium, etc..) I can just drag them to my Applications directory without polluting the system Applications directory ( I wish there were a way to do this with apps from the App Store). 

List of essential apps

In order I grab the following and set them up: 
  • Google Chrome - With:  LastPass, XMarks, Ghostery, ScriptNo
  • Mozilla Firefox - With: LastPassXMarksGhostery, NoScript
  • Safari Extensions/Add ons: LastPassXMarks , Ghostery, JavaScript Blocker
  • iTerm2
  • SparkleShare
  • Wuala  Once they switched their model to not allow trading local storage they became useless to me
  • DropBox - I currently use it but I'm slowly moving things away as I don't trust them
  • CrossOver - Thankfully there are fewer and fewer apps written for Micro$oft platforms that I ever need to consider running. When one crops up, my first line of defense is CrossOver because it's a much more light-weight solution when compared with full virtualization system like VirtualBox, VMWare, Parallels, etc. Plus it's a great way to run Steam games that haven't been released for Mac (like Crayon Physics, which for some reason...holy crap it's now available for the Mac!!!)

 Shell environment

OS X defaults a users shell to BASH (Dear JKH, who the hell made that decision?). Bash annoys me to no end. Luckily OS X comes with KSH93 installed (albeit a VERY old version) as well as ZSH. So first up is installing my profile from . I download the .shrc file and copy it to .shrc in my home directoy, then there is a linking frenzy to make sure all the other shells get it right on startup: 
    $ ln -s ~/.shrc ~/.profile
    $ ln -s ~/.shrc ~/.zshrc
    $ ln -s ~/.shrc ~/.bash_profile
    $ ln -s ~/.shrc ~/.bashrc
    $ ln -s ~/.shrc ~/.kshrc
    $ ln -s ~/.shrc ~/.mkshrc #not installed yet, we'll fix that

Once that is done I can go about changing my shell: 
    $ sudo chsh -s /bin/zsh username
    Changing shell for username.

Then I launch a new shell session. Note: my preferred shell is general KSH but because we're about to install pythonbrew and rvm both of which make jack-assy assumptions that you'll be running BASH or ZSH I've decided to use the latter as it's far less irritating than BASH.

PythonBrew and RVM

The instructions may change for RVM and/or Python brew so I'll say only that you should follow whatever those instructions are from their respective sites; PythonBrew Installation & RVM Installation .  These are useful utilities if you work with python and/or ruby much (which I do). It is very unfortunate though that their authors have chosen non-standard (bash) shell code as the implementation (but I digress).

Unix-y tools and packages

There are many options on OSX for installing third party command-line utilities. Being the opinionated prick that I am, I feel pretty strongly about what I use on my machine but you can make up your own damned mind.  That said, here are you major options in summary: 
  • MacPorts - Is officially(?) sponsored by Apple, Inc. and (at least conceptually) is based in large part on the FreeBSD ports/package system.
  • Fink - Is based on debian's build/packaging system. 
  • Homebrew - Created out of a desire to have a better way to create, distribute, install and update applications.
  • Pkgsrc - The NetBSD Packages collection. It was built with high portability as a goal from the beginning and has been adapted to run and install applications on Darwin/OS X for quite some time.
I have run them all and decided that no one meets my needs fully. Pkgsrc is rich but doesn't include Aqua apps as they are not of use outside of OS X.  MacPorts and Fink have many packages but still have considerable problems when installed and operated as a non-privileged user. Last I checked fink suffered from apt's limitation of being able to run only one instance at a time because of file locking. In the past there have been MacPorts upgrades that were out-right onerous and often broken requiring a complete do-over. MacPorts, Pkgsrc, and Fink all suffer from the limitation of effectively only supporting one installed version of a given application at a time. Homebrew was built specifically with this consideration in mind but has pretty strict limitations on what gets included for distribution and therefore has far fewer applications available. One could go on like this for days, let's just cut to the chase and say I have chosen to use a combination of pkgsrc and homebrew together.

Installing Homebrew

First we need to prep the area:
    $ sudo mkdir -p /usr/local/src 
    $ sudo chown -R gcw:staff /usr/local/
    $ sudo chmod 775 /usr/local/*
Unfortunately the prescribed method for installing Homebrew no-longer works because they do a brain-dead check to see whether your user is an 'Administrator'. Which is ironic because they stress in the documentation that you should not need any special privileges to install software. In any course here's what to do :
    $ cd /usr/local
    $ mkdir homebrew && curl -L | tar xz --strip 1 -C homebrew
    $ mkdir -p /usr/local/bin/ && chmod 755 /usr/local/bin && ln -s /usr/local/homebrew/bin/brew /usr/local/bin/brew

Now you need to make sure that /usr/local/bin/ is in your path (and possibly /usr/local/sbin/). With my .shrc you can just type:
    $ my_reload

or alternately you could do:
    $ my_pathadd PATH /usr/local/bin/

Note: my_pathadd() was written specifically to avoid adding directories to a path variable if that directory either doesn't exist or is already in said path variable.

Once that is done you'll want to initial your brew base with:
    $ /usr/local/bin/brew update

Then test it with a simple application like most:
    $ brew install most
    $ which most
    $ ls -al /usr/local/bin/most

You're done with the Homebrew piece.

Installing Pkgsrc

There is a git mirror of the pkgsrc repositories which I prefer to use over the CVS system documented at Here's how to use it
    $ git clone /usr/local/pkgsrc 
    $ cd /usr/local/pkgsrc/bootstrap
    $ ./bootstrap --pkgdbdir /usr/local/var/db/pkg --unprivileged --prefix /usr/local/pkg

That will all take a while to run. Once it's complete you will have a directory where things get installed /usr/local/pkg/ and one where you go to do the building and installation /usr/local/pkgsrc/.  You'll want to add /usr/local/pkg/bin and possibly /usr/local/pkg/sbin to your PATH. Let's do a test with most:
    $ cd /usr/local/pkgsrc/misc/most
    $ /usr/local/pkg/bin/bmake install
    $ which -a most
    $ ls -al /usr/local/pkg/bin/most

You're done. Now you can install your apps with either pkgsrc or homebrew as you see fit.

Side notes: Brew is pretty picky about the versions of some utilities it uses. Make sure that the /usr/local/ stuff precedes the /usr/local/pkg* stuff in your PATH variables.  Learn to use brew doctor

UPDATE [ 07/02/12 ]: A buddy of a buddy of a friend of mine mentioned that "installing software is superuser duty (in the UNIX world), nothing wrong with requiring root to install stuff". Generally I would not need to disagree. Mac's, however are different. For desktop operating systems, especially, it's  important to avoid mucking thing up. As root, it's simply easier to accidentally do said mucking, whether by fat-fingering a command, doing an errant copy/paste, or running a program that has been compromised. My belief is that you should do as much as you can as a non-privileged user, but there are those who disagree with me.

Essential tools/utilities

The list of stuff I install immediately after getting brew and pkgsrc installed includes:
  • fossil - (brew) My version control system of choice (yes even over git and mercurial)
  • tmux - (brew) If you use split or GNU screen, you should really upgrade to a terminal multiplexer that not only doesn't suck echidna balls but also rock.
  • lua - (brew) If you don't know.... you really need to find out.
  • mutt - (brew) The only mail user agent that doesn't make me want to choke people out. [ with the sidbar and pgp-verbose patches ]
  • macvim - (brew) already comes with python and ruby extension support I add the --with-lua option
  • nvi - (pkgsrc editors/nvi) I love VIM for things like coding but when I want a real vi I use nvi. It's faster and much more light weight.
  • gpg2 - (brew) I hope I don't have to explain this one...
  • nawk, gawk, mawk, & runawk - (pkg - /lang/) I do quite a bit of scripting in awk and I need to make sure it's portable.
  • v8 & Node - (brew) If you're stuck building non-browser apps in javascript these are a must
  • msmtp - (brew) sendmail interface to authenticated SMTP for command line programs looking to send mail
  • mksh - (pkg - shells/mksh) MirOS Korn Shell is a PDKSH derivative that's much faster and smaller than BASH
  • ast-ksh - (pkg - shells/ast-ksh) The Original (still under active Open Source development) Korn Shell. KSH93 has been my shell of choice since about 1997. 
  • w3m - (brew) Text-mode browser. It's a must
  • openssh - (pkg - security/openssh) The HPN patch makes this one invaluable

Once this is done there's a bunch of configuration, symbolic linking, cursing, and pining for a pint but I'm essentially done with the big stuff once I've hit this point. Good luck.. I hope some of this is helpful to other people.

UPDATE [ 07/02/12 ]: I forgot to mention that much of the linking is of standard config files that I share across machines via SparkleShare. My vimrc, tmux-conf, muttrc are all kept current with SparkleShare running from an encrypted volume on one of my servers. Also after all of that is setup I go into System Preferences and turn on File Vault's full disk encryption.  


  1. Hi,

    In the beginning of the homebrew installation you do `sudo mkdir -p /usr/local/src` - why? I don't see that src folder used anywhere.


    1. Nice catch!

      It's a habit. I use /usr/local/src for so much that I just make sure it's there and generally that happens when I'm installing HomeBrew. Strictly speaking it's not required (or even used) by/for the installation.

  2. The one critic about homebrew not allowing some formulae has basically vanished since homebrew supports "tabs":

    1. "basically": yes, but not entirely. The convenience of using pkgsrc with vetted packages centrally managed is great, especially as compared to the ad hoc nature of trying to work with multiple Taps.