Insecure startup item disabled

As a follow-up to my post about startup items, I want to point out that a Startup Item must have proper permissions or it will be disabled at startup with the following message:

The error message saying a startup item has been disabled

In my case, the files under /Library/StartupItems/MyApache still belonged to me instead of root:wheel.

Fixed with a simple:

mbp:StartupItems florent$ sudo chown -Rv root:wheel /Library/StartupItems/MyApache/

It also appears that StartupItems permissions need to be set to 755 (executable/script file) and 644 (plist file) respectively.

Seitunes, an iTunes command-line interface

My home main computer is a MacBook Pro, on which I frequently play music with iTunes. However, I’m often on my laptop, without direct access to the MBP’s screen or keyboard/mouse to pause, change song, change volume, etc. I can connect to the MBP using VNC, but I was looking for something more lightweight.

I therefore decided to design a command-line interface for iTunes, that I would run via SSH. I called it Seitunes for reasons I can’t really remember right now, but there it is!

Seitunes is

– written in C and interfaces with iTunes through AppleScript
– designed for OS X – should be compatible with quite old versions actually, because it doesn’t rely on a lot of cutting edge features
– built upon the curses library
– very very small
– still under development
– Free software (GPLv3)
– available here

Features

> Display iTunes playing track and status

Seitunes main screen

> Control iTunes playback (play/pause, volume, next song/previous song)

Seitunes, main screen, playing, with help

> If iTunes is stopped when Seitunes starts, it starts iTunes and starts a song from the Library.

To do

> Add more tests to better check iTunes state and not trigger Applescript errors
> Add info about playlists in order to be able to play a specific playlist instead of the whole library
> Add an option to toggle shuffle
> Implement the “quit iTunes” function and check that it doesn’t cause more Applescript problems

Known bugs

> An error message flickers when an Applescript error is triggered (often when iTunes quit while Seitunes is opened)

Startup Items: launch services at boot

This post is a follow-up on the setup of your own Apache web server (although the technique can be used to start about anything of course).

Unlike classical Linuces that stock programs to launch at boot in a /etc/init.d folder for example; OS X uses a mechanism called Startup Items. These items can be found in /Library/StartupItems/, ~/Library/StartupItems and /System/Library/StartupItems.

One particular strength of the Startup Items is that you can specify in which order to launch them.

Let’s say I’ll make a startup item called MyApache. I’ll start by create the folder:

mbp:~ florent$ sudo mkdir /Library/StartupItems/MyApache

This folder will contain at least two files: an executable script called MyApache, and a file called StartupParameters.plist.

The script will be called at startup and shutdown, and will look like this:

#!/bin/sh

## Apache Web Server ; custom install ##

. /etc/rc.common
StartService (){
    ConsoleMessage "Starting Apache"
    /usr/local/apache2/bin/launchctl start
}

StopService (){
    ConsoleMessage "Stopping Apache"
    /usr/local/apache2/bin/launchctl stop
}

RestartService (){
    ConsoleMessage "Restarting Apache"
    /usr/local/apache2/bin/launchctl restart
}

RunService "$1"

The StartupParameters.plist file will contain data about the information to launch. It’s an XML file that will look like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Description</key>
    <string>My own Apache webserver</string>
    <key>Messages</key>
    <dict>
        <key>start</key>
        <string>Starting my Apache</string>
        <key>stop</key>
        <string>Stopping my Apache</string>
    </dict>
    <key>Preference</key>
    <string>Late</string>
    <key>Provides</key>
    <array>
        <string>MyApache</string>
    </array>
    <key>Requires</key>
    <array>
        <string>Network</string>
    </array>
    <key>Uses</key>
    <array>
        <string>Disks</string>
    </array>
</dict>
</plist>

We can see that Apache Requires the networks to be up, and will use Disks.

Let’s imagine I want to launch my Apache after my Jabber server for some reason. I’ll just create a StartupItem called “Jabber”, the same way as we just did, then add the following line to MyApache’s StartupParameters.plist “Requires” section:

                <string>Jabber</string>

Now at startup, OS X will launch Jabber and wait until it’s up and running before launching Apache.

Compiling and installing Apache on Mac OS X

Update: instead of the completely manual method, I’d now recommend using the most excellent Homebrew. The “missing package manager for OS X” will automatically download and compile the latest version and verify the checksums, amongst other niceties. It’s awesome, and only gaining more momentum.

Original post:

As you may already know, Apple bundles a version of Apache into Mac OS X. This httpd can be started in System Preferences > Sharing > Web Sharing. Its configuration files are located in /etc/apache2/.

Unfortunately, given Apple’s habit of not releasing patches too often, OS X’s Apache might lag a few versions behind. For example, bundled version on Snow Leopard at the time I’m writing this is 2.2.13; while the latest version is 2.2.15. It contains some (small to medium-ish depending on your setup) security fixes.

Hence, here I’m going to speak about building and installing your own Apache on OS X.

First, let’s get our hands on the sources: download the latest version from the Apache Foundation. Save it somewhere and check the integrity of the archive using MD5:

mbp:~ florent$ md5 ~/Downloads/httpd-2.2.15.tar.bz2
MD5 (/Users/florent/Downloads/httpd-2.2.15.tar.bz2) = 016cec97337eccead2aad6a7c27f2e14

Or SHA1:

mbp:~ florent$ shasum ~/Downloads/httpd-2.2.15.tar.bz2
5f0e973839ed2e38a4d03adba109ef5ce3381bc2  /Users/florent/Downloads/httpd-2.2.15.tar.bz2

These computed hashes should match the values given on the Apache website1.

Now time to configure our httpd.

Untar the archive, `cd` into the installation folder, and:

mbp:httpd-2.2.15 florent $ ./configure --prefix=/my/path

Here, the prefix we choose is the folder where apache will be installed. By default, it is set to /usr/local/apache2.

Now we just have to build and install Apache:

mbp:httpd-2.2.15 florent$ make && sudo make install

All set!

You can use apachectl to start the newly installed server:

mbp:~ florent$ sudo /usr/local/apache2/bin/apachectl start

1. If they don’t, you have quite a big problem: try downloading the archive again. If still no match, you may be the victim of a Man in the Middle attack; but a sloppy one (if you’re being tricked into downloading a fake archive, the attacker should be able to send you fake hashes too). Or more probably an infected mirror. Or even more probably you’re not reading the right hashes on the Apache website. : )

Screenshots and OS X: capturing a single window

One pretty awesomely simple thing under Mac OS is making great screenshots.

You might already be familiar with Mac OS X’s classical shortcuts for screenshots, Shift+Cmd+3 (full screen) and Shift+Cmd+4 (selection). But did you know you can shoot a single window without the hassle of selecting it from edge to edge, or worse, cropping from a full screenshot?

Press Shift+Cmd+4, then press the space bar.

A little camera appears, and allows you to capture the highlighted window of your choice.

The resulting image can be found at the same place as usual screenshots – by default, on the desktop, as a PNG file. With transparency and drop shadows, nothing less!

NB: apart from “real windows”, this camera can also capture the Dock, the menu bar, the desktop wallpaper, and even widgets.