Setup your MacBook Pro Ready for Developing in Ventura (OSX 13)
When you change laptops, upgrade OSX, or set up a new employer laptop, there is a litany of installation and configurations just to get working. I find myself reviewing my previous notes and “remembering” all of my settings. I do a lot of python development, so I am including setting up PyCharm Community and AWS CLI in this configuration guide.
Disclaimer: Actual Mileage and Preferences will vary
Step 1: Install internet downloadable (free) applications.
Choose the applications required for your environment.
- MacPorts — Provides CLI Linux tools to OSX (Python 3.10, Jupyter Notebook, etc)
- OnyX — OnyX is a multifunction utility that you can use to verify the structure of the system files; run miscellaneous maintenance and cleaning tasks; configure parameters in the Finder, Dock, Safari, and some Apple applications; delete caches; remove certain problematic folders and files; rebuild various databases and indexes; and more.
- Chrome — browser
- GitHub Desktop
- Firefox — browser
- iTerm2 — Better Terminal
- Docker Desktop
- OneNote (if you use it)
- Virtual Box (VirtualBox is a type-2 hypervisor for x86 virtualization)
- PyCharm — Community Version (or JetBrain Products)
- Visual Studio (If you use it)
- NeoOffice (Replacement for MS Office or Libre Office). This is a $29 version of Microsoft Office and is useful if your company uses Google Workspace.
- Slack — Messanger
- Zoom — Video Conferencing (Might just need to have it)
- XCode — At least the CLI tools for compiling MacPorts and source code. You will also need to accept the license. The full application can be downloaded here from the APP Store
- 1Password — Password Manager (or Keeper, or LastPass). I have changed to 1Password for ISO/NIST Compliance. Most of the companies I work for have this as a corporate application (the personal version is free with the corporate version). This allows you to have access to your personal passwords at work. The other really nice feature is a CLI version. The CLI version is installed with MacPorts.
- SQLite Browser — If you use SQLite databases. JetBrains also has DataGrip but that’s a paid option. The PyCharm Professional can also link databases but is also a paid option
- Namechanger — I Like the program for changing large numbers of files. Easier than the command line and remembering regex.
Step 2: Install XCode or XCode CLI.
XCode is apples native compiler (like GCC). If you are going to compile anything from source code at least the CLI tools need to be installed.
Either install the full application from the Apple App Store or use the following CLI commands.
xcode-select --install
sudo xcodebuild -license acceptStep 3: Install Open Source Binaries from MacPorts.
I install a bunch of tools that I always use. What I like about MacPorts over HomeBrew is the ability to install binaries for the whole computer, not just a user. I use multiple logins for my personal MacBook when I am consulting or working on a specific project for a customer. This allows me to not have to re-install everything for each user on the computer.
I use Python, AWS CLI2, Boto3, NPM, SQLite3, QT4/QT5, FFMpeg, and ImageMagic. I have also stayed with the BASH shell even though Apple wants me to change to zsh. I have too much time with BASH to switch. It is best to use the MacPorts installation if it exists for Python Libraries and other extensions. These will update together with the platform if installed.
At this time I am using Python 3.10 and NPM9. (Change the version to your version). Comment out any packages you are not using from the script.
After all of the installations, you will need to update the global paths in OSX. There are some “gotchas” after an OSX Upgrade or possibly an update. MacPorts will add a line to your local shell startup file. This will change later.
Make sure that MacPorts (port command) is on the path. Open a terminal window and type the following:
sudo port selfupdateThis will yield the following results if everything is good.
LAPTOPNAME:~ colin$ sudo port selfupdate
---> Updating MacPorts base sources using rsync
MacPorts base version 2.8.1 installed,
MacPorts base version 2.8.1 downloaded.
---> Updating the ports tree
---> MacPorts base is already the latest version
This is the script I use, tailor as needed. It is best to either do this one by one or create the script. The issue is if you cut and paste this, the “sudo” command will timeout along the way and hang up. If you create the script and run it with “sudo” the whole script will be in “sudo” and you can go get coffee.
#!/bin/bash
# Install Non-Pythonic builds
sudo -H port -N install qt5
sudo -H port -N install ImageMagick
sudo -H port -N install sqlite3 sqlite3-tools
#sudo -H port -N install mongo
sudo -H port -N install texlive-xetex
sudo -H port -N install pandoc
sudo -H port -N install AtomicParsley
sudo -H port -N install mediainfo
sudo -H port -N install texlive-xetex
sudo -H port -N install pandoc
sudo -H port -N install cmake
sudo -H port -N install py-numpy
sudo -H port -N install ffmpeg-devel +gpl2 +gpl3 +nonfree
sudo -H port -N install libdvdnav
sudo -H port -N install lsdvd
sudo -H port -N install x264transcode
sudo -H port -N install HandBrake
sudo -H port -N install HandBrake71
sudo -H port -N install HandBrakeCLI
sudo -H port -N install 1password-cli
sudo -H port -N install dlib
sudo -H port -N install opencv4
sudo -H port -N install py-pyqt5
sudo -H port -N install sqlite3-tcl
sudo -H port -N install pandoc
# INSTALL NODEJS AND NPM
sudo -H port install -N npm9
sudo -H port install -N nodejs19
sudo -H npm install --save-dev webpack webpack-cli
# Install Python and libraries
# Install Basic Python first
sudo -H port -N install python310
sudo -H port -N install py310-pip
# This installs basic python 310 at the same time
sudo -H port select --set pip pip310
sudo -H port select --set pip3 pip310
sudo -H port select --set python python310
sudo -H port select --set python3 python310
# Install Jypyter Lab 310
# There are some various issues where you might want to install Jupyter
# Manually (with PIP) most of the time this is fine.
sudo -H port -N install py-jupyter py310-jupyterlab
# Install Additional Python Modules directly.
sudo -H port -N install py310-yaml
sudo -H port -N install py310-xmltodict
sudo -H port -N install py310-beautifulsoup4 py310-soupsieve
sudo -H port -N install py310-openssl
sudo -H port -N install py310-validators
sudo -H port -N install py310-numpy py310-Pillow
sudo -H port -N install py310-opencv4
sudo -H port -N install py310-awscli2
# Select Versions
sudo -H port select --set cython cython310
sudo -H port select --set ipython py310-ipython
sudo -H port select --set ipython3 py310-ipython
sudo -H port select --set pygments py310-pygments
# Load DBUS
sudo -H port load dbus
# Install Python Modules not in MacPorts
sudo -H pip3 install ffmpeg-pythonNote:
If you don’t use “sudo”, then it will be installed for the local user only. There is also maintenance work you do with the port command. “port selfupdate” and “port upgrade outdated”
Step 4: Customize your operating system's global settings.
Create the file $HOME/.bash_profile
This creates colorization and reads in the .bash_rc (non-interactive profile)
# Bash Profile
# # Interactive Login
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# Colorize the shell
export CLICOLOR=1
export LSCOLORS=GxFxCxDxBxegedabagacedCreate the file $HOME/.bashrc
# Bash non-interactive settings
# Allow Biometric login for 1Password CLI
export OP_BIOMETRIC_UNLOCK_ENABLED=trueModify the global paths.
You may need to do both steps depending on how OSX interacts with python versions that are not native. After any major upgrade to OSX, it’s best to check your path variables.
Method 1: (After)
Install the paths to /etc/paths.d. This will append these paths to the existing paths. (AFTER). If you get the wrong python version, use method 2 to put them (BEFORE). Note the manpath variable needs to be set regardless of version.
sudo sh -c "echo "/opt/local/bin" > /etc/paths.d/mac-ports"
sudo sh -c "echo "/opt/local/sbin" > /etc/paths.d/mac-ports"
sudo bash -c "echo 'MANPATH=/opt/local/share/man:\$MANPATH' > /etc/manpaths.d/mac-ports"Method 2: (Before)
sudo sed -i ‘’ -e $’1i\\\n/opt/local/bin’ /etc/paths
sudo sed -i ‘’ -e $’2i\\\n/opt/local/sbin’ /etc/pathsTest to see if it works:
python3 --versionIt should return the correct version. If it doesn’t verify the path with “which python3”
Step 5: Configure SSH.
mkdir $HOME/.ssh
chmod 700 $HOME/.ssh
touch $HOME/.ssh/config
touch $HOME/.ssh/authorized_keys
touch $HOME/.ssh/known_hosts
# Set permissions
chmod 600 .ssh/authorized_keys
chmod 600 .ssh/known_hosts
chmod 600 .ssh/configGenerate a key pair
ssh-keygen -t rsa -b 4096Results:
LAPTOPNAME:.ssh colin$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/colin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/colin/.ssh/id_rsa
Your public key has been saved in /Users/colin/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ujBhWvMctWsE6HMMkW2LbMREznU/30zZL1DNAHeckao colin@LAPTOPNAME.local
The key's randomart image is:
+---[RSA 4096]----+
| ++o. . ..+*=|
| o++o. . o *+|
| o=o... o . + .|
| .+o.o . o * .|
| .B + S o + .|
| + B + . E . |
| . o + o |
| o o |
| . |
+----[SHA256]-----+I generally don’t use a passphrase. There are good reasons to use them if you are working with more sensitive information.
Now set the permissions on your keys. They should have been correct, but we want to make sure.
chmod 600 .ssh/id_rsa
chmod 600 .ssh/id_rsa.pubCreate an ssh “config” file.
This makes life a lot easier especially if you have to use a proxy (bastion host)
edit the file “$HOME/.ssh/config”
# SSH Config file
#
# Hosts you connect to go here
Host myserver
hostname my.server.com
port 22
IdentityFile ~/.ssh/id_rsa
User colin
Host myserver
hostname 192.168.1.10
port 22
IdentityFile ~/.ssh/santaclause_rsa
User santaclause
# General Settings
#########################################################################################
Host *
# Compression yes
# ControlMaster auto
# ControlPath ~/.ssh/ssh-ctrl_%r@%h:%p
ForwardAgent yes
LogLevel quiet
ServerAliveCountMax 4
ServerAliveInterval 240
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
AddKeysToAgent yes
User colin
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
##########################################################################################
# Proxy Configuration
##########################################################################################
Host *+*
ProxyCommand ssh -T -A $(echo %h |cut -d+ -f1) nc $(echo %h |cut -d+ -f2) %p 2>/dev/null
Note:
You can add a default user to the general settings (“User”) and you can send all known hosts to /dev/null if the hosts change and you don’t want notifications.
Customize as needed. Examples are here
Configure GIT if used
Git no longer allows passwords for access. If you are using git you will need to have a token setup. Additionally, you can configure HTTP or SSH (use SSH config).
# Add your name and email address.
git config --global user.name "John Doe"
git config --global user.email johndoe@example.com
git config --global color.ui trueCreate a personal access token. Instructions are here
The token becomes your password. Be sure to put it in your password manager for future reference.
Aliases
A note for people new to OSX or Linux CLIs. When you have a preference for commands you want to run, using an alias is useful. I use them to start/stop docker containers or just customize a command for my usual preferences.
For instance, if you want to run “ls -lah” instead of “ls” because that is the version you use most frequently. We could also create a custom command ll to be ls -lah.
alias ls="ls -lah"
alias ll="ls -la"This will change the ls command to ls -lah. Add this line to your $HOME/.bashrc file we created earlier
# Add to .bashrc
# alias alias_name="command_to_run"
# Long format list
alias ll="ls -la"
# Print my public IP
alias myip='curl ipinfo.io/ip'Security By Design
One of the requirements for companies to be certified in SOC2, ISO 27001, NIST 800–171, NIST 800–53, HITRUST, and others is security by design. This involves having a “well” setup laptop. (Windows or Mac)
Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards, and adherence to best programming practices.
Basic things:
- Turn on automatic updates for the operating system, browsers, and key applications. Only turn this off if there is a possibility for disaster from updates. If it’s turned off, set a schedule on your calendar to check and update the applications at least monthly.
- Only use CIS level 1 hardened containers and VMs for development work. It’s easier to do this than it is to figure out how to harden something already working.
- Never put passwords, keys, or other secrets into Github or in code.
- Never “Hack” something “To make it work”. Understand the settings and where the vendor wants them set.
- When writing code use a linter to make sure your code is good and to standard.
- Make sure libraries that you include “pip install xxx” are licensed for the work you do. Just because it is open source doesn’t mean it can be used for government work or commercial work.
- Use Snyk freemium for checking or something similar.
- Import only the part of the library you need in python from xxx import yyyy.
- Don’t be in the password business if you can avoid it. (Auth0 for instance)
- If you write a web application, make sure it supports cut-and-paste from at least two different password managers.
- Don’t bind yourself to specific versions of languages (python 3.8 v 3.10 v generic 3.x). Upgrading to the new version should never be an issue.