MacOS operatsioonisüsteemi kasutamine füüsilise MacBook Air M4 arvutiga

Sissejuhatus

TODO

Apple system level innovations

XNU hybrid kernel (Mach + BSD + I/O Kit).
Read-only, sealed root filesystem.
APFS (snapshots, sealing, native encryption).
Secure Enclave (separate CPU/resources).
Cryptographic boot chain (from Boot ROM → kernel → apps).
System Integrity Protection (SIP).
Gatekeeper & notarization.
Launchd (unified service/daemon manager).
Unified logging & tracing (dtrace, signpost).
Rosetta + Universal binaries (smooth arch transitions).
Quartz compositor + Core Animation (graphics pipeline).
Metal API (low-level GPU abstraction).
mälu pakkimine käigult (vt Activity Monitor -> Memory -> Bottom)

Misc

Aqua - desktop visuaal
Quartz - desktop mootor
UTM - qemu-based virtulization
AWDL (Apple Wireless Direct Link) - midagi Wifi-Direct laadset

Väited

Apple lahendustele on iseloomulik, et sama it shop kontrolli all on nii riistvara kui tarkvara (põhimõtteliselt sarnane olukord nagu kunagi Sun sparc lahendustega)
macos on pigem threaded orienteeritud lahendus (mitte process-is-single-thread) - märksõnad: Grand Central Dispatch, Operation Queues, Swift Concurrency)
nn 'giant lock (https://en.wikipedia.org/wiki/Giant_lock)' probleem on macos puhul pigem praktiliselt lahendatud, ju see on sama millest openbsd vabastamisega tegeldakse, nt https://www.openbsd.org/76.html - 'Removed net lock from sysctl(8) net.inet.ip.forwarding, net.inet6.ip6.forwarding, net.inet6.ip6.redirect, net.inet.ip.directed-broadcast.'

Riistvara

TODO

MacBook Air 13" M4 protsessoriga arvuti
compute resource - 1. cpu (risc arm), 2. gpu, 3. secure enclave, 4. neural engine
16 G ddr5 non-ecc memory - kõik compute resource'id kasutavad sama mälu, st ühisest pool'ist võetakse kasutuseks, ja antakse tagasi jne
kaks Dell monitori
kaks thunderbolt 4 kaablit
Logitech nö 9 eurone pc hiir
lai apple magic keyboard
väline andmekandja - SanDisk PRO-G40, https://www.apple.com/shop/mac/accessories/storage?f=thunderbolt3&fh=3783%2B47f6&page=1
port saver - https://www.delock.com/produkt/66433/merkmale.html
arvuti puhul ei ole kohta nagu pc arvuti puhul on 'enter bios' või 'enter setup' - ainuke realistlik sisenemiskoht on hoides alla toite nuppu arvuti käivitumise ajal

Väited

macbookpro, air jt on non-ecc mäluga; mac pro ja mac studio on ecc mäluga
arvuti on ühendatud ühe monitoriga TB4 kaabli abil
esimese monitoriga on ühendatud usb klaviatuur ja hiir
arvuti võrk töötab wifi abil, aga saaks töötada ka monitori rj45 ethernet kaabliga (arvutisse saabub üle thunderbolt neli nö signaali: 1. usb klaviatuur ja hiir, 2. ethenet, 3. video, 4. toide)
teine monitor on ühendatud esimesega teise TB4 kaabliga nn daisy-chain ühenduses
tundub, et monitoride pilt on vastuvõetava kvaliteediga ka non-4k režiimis (nt 3008 x 1692)

system_profiler SPHardwareDataType        # CPU, memory, model
system_profiler SPDisplaysDataType        # GPU / monitor info
system_profiler SPUSBDataType             # USB controllers and devices
system_profiler SPThunderboltDataType     # Thunderbolt controllers
system_profiler SPNetworkDataType         # Network interfaces

Näiteks

Imres-MacBook-Air:~ root# system_profiler SPHardwareDataType
Hardware:

    Hardware Overview:

      Model Name: MacBook Air
      Model Identifier: Mac16,12
      Model Number: MW0W3KS/A
      Chip: Apple M4
      Total Number of Cores: 10 (4 performance and 6 efficiency)
      Memory: 16 GB
      System Firmware Version: 11881.81.2
      OS Loader Version: 11881.81.2
      Serial Number (system): KGHGX652VT
      Hardware UUID: 27AE0C7C-DCC6-5F5C-A133-8F10726347EC
      Provisioning UDID: 00008132-001A618E0121801C
      Activation Lock Status: Enabled


Imres-MacBook-Air:~ root# system_profiler SPDisplaysDataType
Graphics/Displays:

    Apple M4:

      Chipset Model: Apple M4
      Type: GPU
      Bus: Built-In
      Total Number of Cores: 8
      Vendor: Apple (0x106b)
      Metal Support: Metal 3
      Displays:
        Color LCD:
          Display Type: Built-in Liquid Retina Display
          Resolution: 2560 x 1664 Retina
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Automatically Adjust Brightness: Yes
          Connection Type: Internal
        DELL U2725QE:
          Resolution: 6016 x 3384
          UI Looks like: 3008 x 1692 @ 120.00Hz
          Mirror: Off
          Online: Yes
          Rotation: Supported

Neural Engine

TODO

On-device machine learning
Siri's voice recognition
Image analysis in Photos
Real-time video processing in apps like FaceTime

Misc OS

cpu instructions - toimuvad kernel -> cpu vahel
syscalls - toimuvad rakendustarkvara -> kernel vahel
ei ole user-space-syscall'isid - kõik syscallid on nö kernel-space-syscall'd ehk lihtsalt syscall'id
macos ei ole real-time operating system
macos puhul on realiseeritud preemtion st ka tundlike kerneli kihi tegevuste puhul on võimalik teha nö katkestusi-tagasipöördumisi
ei ole sellist storage-io lahenduste mitmekesisust nagu on linux puhul (nt io-uring, libaio) - nimetatakse 'Dispatch I/O'
ei ole sellist network-io lahenduste mitmekesisust nagu on linux puhul (nt dpdk) - nimetatakse 'Network Framework'
dpdk, rdma jms puudub kuna macos puhul tegevused käivad läbi kernel selleks, et toimuv oleks maksimaalselt kontrolli all (toimub kernel by-pass)
tcp-offload jms siiski on kasutusel - kernel kontrollib siis ikkagi toimivat piisavalt

Palju on https://www.openbsd.org/innovations.html nimekirjast olemas macos puhul, kas otseselt või siis kontseptuaalselt, aga implementatsioon on macos juhtumile iseloomulik

OpenBSD: retguard uses a unique XOR-based canary on a function's return address to prevent a specific type of buffer overflow attack (ROP).
macOS: macOS does not have a feature called retguard. However, the same concept is implemented by Apple's Clang compiler. macOS has used stack canaries (or stack cookies) for years, which are values placed on the stack to detect if the return address has been overwritten. Both systems use different implementations to solve the same problem.
OpenBSD: pledge is a security mechanism where a program "pledges" to only use a limited set of system calls. If it tries to make a syscall outside of its "pledge," the program is killed.
macOS: macOS does not have a pledge equivalent. The concept is not present in the same form. Instead, macOS uses sandboxing, which is a more comprehensive and declarative security model. Sandboxing restricts an application's access to files, network connections, and system resources based on a detailed set of rules (called entitlements) defined in a profile, which is part of the application itself. It's a different, but arguably more powerful, approach to the same problem.
OpenBSD: W^X is a fundamental security policy that ensures a memory page is either writable or executable, but not both.
macOS: This concept is directly implemented and has been a core security feature of macOS for many years. It is an integral part of the kernel and is enforced on all applications, making it impossible for an attacker to write shellcode to a memory page and then execute it.
OpenBSD has long been a pioneer in security, and its implementation of ASLR is a core part of its "secure by default" philosophy.
macOS introduced ASLR in Mac OS X Leopard (10.5) and has since continuously improved and strengthened it with each new release. Today, ASLR on macOS is a mandatory security feature for all modern applications.
OpenBSD relinking
Randomizing per-process: Instead of a single, system-wide reordering at boot, dyld randomizes the base addresses of shared libraries for every single process that is launched.
Using a shared cache: To speed up program loading, macOS bundles commonly used system libraries into a single large file called the dyld_shared_cache. The location of this entire cache in memory is randomized at boot, and all processes then use this randomized location.

User mode vs Kernel mode

Väited

User mode ja Kernel mode on kaks erinevat protsessori olekut
esimesel puhul käitub arvuti nagu nö loogiline-masin, teisel juhul nagu riistvaraline-masin
kontseptuaalselt võiks ette kujutada, et arvutis on kaks protsessorit - üks on pidevalt füüsilises ja teine loogilises olekus
loogilist laadi tegevusteks on nt protsessi mällu laaditud mälu abil andmete sorteerimine, st kõik tegevused on taandatud matemaatikaks
füüsilist laadi tegevusteks on nt võrku andmete saatmine, või plokkseadmelt andmete lugemine

Seadme draiver

Ettekujutuseks on nvme storage seade. Selleks, et andmed jõuaksid füüsilise plokkseadme pealt ühe user-space protsessi mällu nt postgresql andmebaas, liiguvad andmed läbi sellistest lõikudest koosneva teekonna

                                           plokkseade
control plain peal toimuv käsu tulemusel     -> plokkseadmega seostatud fragment arvuti rom mälust
                                               -> cpu kopeerib andmed oma registrite abil user-space mällu
..

SanDisk PRO-G40

Arvutisse seadmega kaasas oleva Thunderbolt 3 kaabliga otse Thunderbolt 4 porti ühendatud seade paistab selline

kus

seadet koheldakse pcie siinile ühendatud nvme seadmena

Arvutisse seadmega kaasas oleva Thunderbolt 3 kaabliga otse Non-Thuderbolt-USB-C porti ühendatud seade paistab selline

TODO

kus

seadet koheldakse usb-storage ühendatud plokkseadmena

Kasutajaliides

Magic Apple Keyboard

klahvikombinatsioonid

command + nool paremale/vasakule - tekstikursori viimine vastavalt rea lõppu või algusse
command + nool paremale/vasakule - teksti plokki võtmine kursori asukohast alates vastavalt rea lõppu või algusse
command + shift + suurem/väiksem - mitme aknalise programmi akende vahel liikumine (nt iterm/terminal/chrome/safari)
option + nool paremale/vasakule - tekstikursori viimine vastavalt järgmise või eelmise sõna juurde
option + nool paremale/vasakule - teksti plokki võtmine kursori asukohast alates vastavalt sõna edasi või tagasi
command + tühik - spotlight otsingu avamine
control + nool paremal/vasakule - järgmise virtuaalse desktop juurde liikumine (spaces)
control + nool üles/esc - xxx vaate avamine (üleval on virtuaalsete desktopide riba)
command + nool üles/alla - teksti algusse või lõppu liikumine (nt chrome brauseris)
option + nool üles/alla - tekstis nö page-up-page-down võtta liikumine (nt chrome brauseris)

Touchpad

gestured

kahe sõrmega üles-alla swipe - hiirega skrollimine
kolme sõrmega vasakule-paremale swipe - virtuaalsete desktopide vahel liikumine

alt-grab - BetterTouchTool (BTT)

Tööpõhimõte

Tegevuse eesmärk on alt-grab kasutamine akna asukohta muutmiseks ja akna suuruse muutmiseks. Linux desktop (gnome, xfce4 jt) puhul paistab see olevat tavaline, et akna asukoha muutmiseks ei pea tingimata haarama hiire vasaku nupuga akna tiitelribast ja siis vedama; või akna suuruse muutmiseks haarama hiire vasaku nupuga täpselt nurgast või servast ja siis vedama. Piisab hoida vasakut alt klahvi all ja haarata kuskilt akna seest hiire vasaku nupuga ning vedada; või hoida vasakut alt klahivi all ja haarata akna seest nurga lähedusest hiire parema nupuga ning vedada.

BTT kopeerimine ja paigaldamine

Väited

https://folivora.ai/
tundub, et BTT on usaldusväärne tarkvara (nt https://www.macworld.com/article/551700/mac-gems-bettertouchtool-review.html)
BetterTouchTool ei ole tasuta tarkvara
BetterTouchTool ei ole kõige parem lahendus nn alt-drag jaoks, aga paistab, et paremat ka pole (ja tundub, et ei saa olla kuna MacOS nö sisemiselt eriti ei võimalda alt-drag laadi tegevusi)
BTT abil saab akna suurust muuta ainult paremas alumises nurgas
akent ei saa ekraanilt osaliselt välja suruda üles suunas (nt alla saab)
tundub, et paigaldamisel antakse rakendusele rikkalikult privileege

Seadistamine

Tööpõhimõte

seadistatakse nö 'Top Level Trigger' väärtusega 'Leftclick + left alt + mouse down', millele vastab tegevus (action) 'Start Moving Windows'
seadistatakse nö 'Top Level Trigger' väärtusega 'Leftclick + left alt + mouse up', millele vastab tegevus 'Stop Moving Windows'
seadistatakse nö 'Top Level Trigger' väärtusega 'Rightclick + left alt + mouse down', millele vastab tegevus 'Start Resizing'
seadistatakse nö 'Top Level Trigger' väärtusega 'Rightclick + left alt + mouse up', millele vastab tegevus 'Stop Resizing'

alt-drag seadistamine paistab selliselt, rightclick triggeri ja vastava tegevuse (action) kirjeldamine, basic

kus

valitud programmid on For All Apps st kirjeldatavad võimed tekivad kõigi programmide akendele
valitud seade on Normal Mouse (mitte magic mouse)
on valitud ka modifer - opt (magic keyboard klahv 'option')

ning advanced

kus

Trigger Conditions - Trigger on Mouse Down (vaikimisi)

Analoogselt kirjeldatakse ülejäänud triggerid ja tegevused - seejuures tuleb kindlasti valida modifier, vastasel korral võib olla väga halb kasutuskogemus kuna hiire vasaku klahvi nö tavaline töö on häiritud).

Kasutamine

Kasutamine paistab välja natuke puudulikumalt kui linux desktop keskkonnas

suurust saab muuta vaid alumist paremat nurka sisse või väljapoole surudes (linux all saab tegeleda igas nurgas)
asukohta saab muuta kuid see mõjub fookuses olevale aknale (vahel on see üsna nö eba kogemus, et hiir on mitte fookuses oleva akna kohal ja kõrval oleva akna asukoht muutub)
tegelemise ajal on aken nö täidetud (linux all saab valida kas aken paistab nö täidetuna või wireframe'ina)

Kasulikud lisamaterjalid

https://community.folivora.ai/t/resize-window-on-modifier-right-mouse-button-press/41430

iterm2

TODO

timemachine

Tööpõhimõte

TODO

võrgus failiserver
võrgus avahi vms server
macos süsteem

Ettevalmistamine

Väited

tundub, et macos webgui kaudu ei õnnestu samba põhist tm lahendust ära seadistada, tuleb toimetada käsurealt (hüpotees on, et kuna cifs failisüsteemi monteerimisel Finder abil tekib .DS_Store vms faile automaatselt share peale, siis see eksitab tm lahendust

Samba serveri ettevalmistamine, Debian v. 12 (samba v. 4.17)

# apt-get install --no-install-recommends samba
# apt-get install samba-vfs-modules

# cat /etc/samba/smb.conf
[global]
   client min protocol = SMB3
   client max protocol = SMB3
   workgroup = MORAALCIFS
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server

[timemachine]
   path = /zpool_wdc/timemachine/
   browsable =yes
   writable = yes
   guest ok = no
   valid users = timemachine
   smb encrypt = required
   vfs objects = catia fruit streams_xattr
   fruit:metadata = stream
   fruit:resource = file
   fruit:time machine = yes
   fruit:time machine max size = 500G

käivitamine

# systemctl restart smbd

Varundatava arvuti ettevalmistamine

Imres-MacBook-Air:~ root# tmutil setdestination "smb://timemachine:parool@192.168.10.168/timemachine"
Imres-MacBook-Air:~ root# tmutil destinationinfo
====================================================
Name          : timemachine
Kind          : Network
URL           : smb://timemachine@192.168.10.168/timemachine
ID            : 2E3ED96D-4626-4D55-BDD5-A0ED6CDDF973

Varunduse käivitamine

Imres-MacBook-Air:~ root# tmutil startbackup --auto
Imres-MacBook-Air:~ root# log stream --predicate 'process == "backupd"' --info

ning

Imres-MacBook-Air:~ root# df -h
Filesystem                                                    Size    Used   Avail Capacity iused ifree %iused  Mounted on
/dev/disk3s1s1                                               228Gi    15Gi   157Gi     9%    412k  1.6G    0%   /
devfs                                                        205Ki   205Ki     0Bi   100%     709     0  100%   /dev
/dev/disk3s6                                                 228Gi    20Ki   157Gi     1%       0  1.6G    0%   /System/Volumes/VM
/dev/disk3s2                                                 228Gi    12Gi   157Gi     8%    1.3k  1.6G    0%   /System/Volumes/Preboot
/dev/disk3s4                                                 228Gi   692Mi   157Gi     1%     301  1.6G    0%   /System/Volumes/Update
/dev/disk1s2                                                 500Mi   6.0Mi   482Mi     2%       1  4.9M    0%   /System/Volumes/xarts
/dev/disk1s1                                                 500Mi   5.8Mi   482Mi     2%      35  4.9M    0%   /System/Volumes/iSCPreboot
/dev/disk1s3                                                 500Mi   1.6Mi   482Mi     1%      95  4.9M    0%   /System/Volumes/Hardware
/dev/disk3s5                                                 228Gi    42Gi   157Gi    22%    579k  1.6G    0%   /System/Volumes/Data
map auto_home                                                  0Bi     0Bi     0Bi   100%       0     0     -   /System/Volumes/Data/home
/dev/disk3s1                                                 228Gi    15Gi   157Gi     9%    426k  1.6G    0%   /System/Volumes/Update/mnt1
/dev/disk3s3                                                 228Gi   1.9Gi   157Gi     2%      76  1.6G    0%   /Volumes/Recovery
//timemachine@192.168.10.168/timemachine                     500Gi    20Gi   480Gi     5%     21M  503M    4%   /Volumes/.timemachine/192.168.10.168/CEF57214-AE85-44D1-86EB-D0D69E41EA1C/timemachine
/dev/disk5s1                                                  15Ti    20Gi   480Gi     4%    383k  5.0G    0%   /Volumes/Backups of Imre’s MacBook Air
com.apple.TimeMachine.2025-09-05-012346.local@/dev/disk3s5   228Gi    42Gi   157Gi    22%    579k  1.6G    0%   /Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Imre’s MacBook Air/2025-09-05-012346/Data
Imres-MacBook-Air:~ root#

Tulemusena

Imres-MacBook-Air:~ root# tmutil listbackups
/Volumes/.timemachine/E66ECC48-9693-41FB-82C4-3860C334D43D/2025-09-05-014511.backup/2025-09-05-014511.backup
/Volumes/.timemachine/E66ECC48-9693-41FB-82C4-3860C334D43D/2025-09-05-015533.backup/2025-09-05-015533.backup

ning

Imres-MacBook-Air:~ root# tmutil listlocalsnapshots /
Snapshots for volume group containing disk /:
com.apple.TimeMachine.2025-09-05-012346.local
com.apple.TimeMachine.2025-09-05-015510.local
com.apple.os.update-35F83766A7728F08A2DF1CFD45DF39CAB4C00F8C1A4A0DBECD314305426E5C549569F373D02B15DDC5C3E22E8E9D0A2F
com.apple.os.update-4278EFCBF37708F6ABE958C2E59447D754411B4697E4891DE3D58BC37F433306
com.apple.os.update-MSUPrepareUpdate

Kasutamine - üksiku faili taastamine

TODO

Kasutamine - süsteemi taastamine

TODO

Misc

tm destinationinfo esitamine

Imres-MacBook-Air:~ root# tmutil destinationinfo
> ==================================================
Name          : volume-tm-backup-01
Kind          : Local
Mount Point   : /Volumes/volume-tm-backup-01 1
ID            : B23C58B0-C5F1-4FE6-8CCE-B90B5FAA3C7A
====================================================
Name          : timemachine
Kind          : Network
URL           : smb://timemachine@192.168.10.168/timemachine
ID            : ECA95A15-3033-460C-B928-46E809CC1C58

korra läbi browsritud taaste vaates

Imres-MacBook-Air:~ root# df
Filesystem                                                    512-blocks        Used  Available Capacity  iused       ifree %iused  Mounted on
/dev/disk3s1s1                                                 478724992    21999480   35576296    39%   425955   177881480    0%   /
devfs                                                                457         457          0   100%      792           0  100%   /dev
/dev/disk3s6                                                   478724992     2097192   35576296     6%        1   177881480    0%   /System/Volumes/VM
/dev/disk3s2                                                   478724992    27846656   35576296    44%     2539   177881480    0%   /System/Volumes/Preboot
/dev/disk3s4                                                   478724992       11680   35576296     1%      101   177881480    0%   /System/Volumes/Update
/dev/disk1s2                                                     1024000       12328     982880     2%        1     4914400    0%   /System/Volumes/xarts
/dev/disk1s1                                                     1024000       11896     982880     2%       35     4914400    0%   /System/Volumes/iSCPreboot
/dev/disk1s3                                                     1024000        7176     982880     1%       98     4914400    0%   /System/Volumes/Hardware
/dev/disk3s5                                                   478724992   286441744   35576296    89%   658564   177881480    0%   /System/Volumes/Data
map auto_home                                                          0           0          0   100%        0           0     -   /System/Volumes/Data/home
/dev/disk5s1                                                  7813627488   991761888 6565607560    14%       24 32828037800    0%   /Volumes/PRO-G40
/dev/disk6s1                                                     2809776     1651936    1157840    59%    23183  4294944096    0%   /Volumes/GIMP 3.0 Install
/dev/disk8s1                                                      454256      447856       6400    99%        7  4294967272    0%   /Volumes/OpenVPN Connect
/dev/disk9s1                                                      327680      266560      61120    82%      379  4294966900    0%   /Volumes/Yubico Authenticator
/dev/disk10s2                                                    1289056     1289056          0   100%      716  4294966563    0%   /Volumes/Google Chrome
/dev/disk5s3                                                  7813627488   255310344 6565607560     4%   540589 32828037800    0%   /Volumes/volume-tm-backup-01 1
com.apple.TimeMachine.2025-09-19-012830.backup@/dev/disk5s3   7813627488   255149240 6565607560     4%   540567 32828037800    0%   /Volumes/.timemachine/35BBA18F-DB62-4677-950D-8894EDED1C88/2025-09-19-012830.backup
//timemachine@192.168.10.168/timemachine                      1048576000   125952000  922624000    13% 62975998   461312000   12%   /Volumes/.timemachine/192.168.10.168/047056C0-AAB6-4E9F-8C92-141CA6D6D72B/timemachine
/dev/disk11s1                                                31250000000   124258552  922624000    12%  1032839  4613120000    0%   /Volumes/Backups of Imre’s MacBook Air
com.apple.TimeMachine.2025-09-08-231904.backup@/dev/disk11s1 31250000000    71772048  922624000     8%   518638  4613120000    0%   /Volumes/.timemachine/E66ECC48-9693-41FB-82C4-3860C334D43D/2025-09-08-231904.backup
com.apple.TimeMachine.2025-09-09-124455.backup@/dev/disk11s1 31250000000   123731400  922624000    12%  1032839  4613120000    0%   /Volumes/.timemachine/E66ECC48-9693-41FB-82C4-3860C334D43D/2025-09-09-124455.backup
com.apple.TimeMachine.2025-09-19-014243.backup@/dev/disk5s3   7813627488   255262512 6565607560     4%   540588 32828037800    0%   /Volumes/.timemachine/35BBA18F-DB62-4677-950D-8894EDED1C88/2025-09-19-014243.backup
com.apple.TimeMachine.2025-09-05-014511.backup@/dev/disk11s1 31250000000    47434248  922624000     5%   500145  4613120000    0%   /Volumes/.timemachine/E66ECC48-9693-41FB-82C4-3860C334D43D/2025-09-05-014511.backup
com.apple.TimeMachine.2025-09-19-014357.backup@/dev/disk5s3   7813627488   255310288 6565607560     4%   540589 32828037800    0%   /Volumes/.timemachine/35BBA18F-DB62-4677-950D-8894EDED1C88/2025-09-19-014357.backup
com.apple.TimeMachine.2025-09-19-014353.local@/dev/disk3s5     478724992   286070368   35576296    89%   657972   177881480    0%   /Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Imre’s MacBook Air/2025-09-19-014353/Data
com.apple.TimeMachine.2025-09-19-012459.local@/dev/disk3s5     478724992   285761336   35576296    89%   657671   177881480    0%   /Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Imre’s MacBook Air/2025-09-19-012459/Data

Storage

Mõisted

Seal
Secure Enclave
FileVault
Volume Group

Tööpõhimõte

füüsiline salvestusseade on jaotatud partitsioonideks
partitsioonile vastab nn konteiner
konteinerile vastab midagi lvm volume group või zfs pool laadset
konteineris sisaldub hulk volume'eid
volumile vastab failisüsteem (apfs - apple file system)
sama konteineri sees asuvad failisüsteemid opereerivad sama jagatud vaba ruumi tingimustes

Imres-MacBook-Air:~ root# diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *251.0 GB   disk0
   1:             Apple_APFS_ISC Container disk1         524.3 MB   disk0s1
   2:                 Apple_APFS Container disk3         245.1 GB   disk0s2
   3:        Apple_APFS_Recovery Container disk2         5.4 GB     disk0s3

/dev/disk3 (synthesized):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      APFS Container Scheme -                      +245.1 GB   disk3
                                 Physical Store disk0s2
   1:                APFS Volume Macintosh HD            16.0 GB    disk3s1
   2:              APFS Snapshot com.apple.os.update-... 16.0 GB    disk3s1s1
   3:                APFS Volume Preboot                 13.1 GB    disk3s2
   4:                APFS Volume Recovery                2.1 GB     disk3s3
   5:                APFS Volume Data                    45.9 GB    disk3s5
   6:                APFS Volume VM                      20.5 KB    disk3s6

ning

Imres-MacBook-Air:~ root# df -h
Filesystem                                                    Size    Used   Avail Capacity iused ifree %iused  Mounted on
/dev/disk3s1s1                                               228Gi    15Gi   156Gi     9%    412k  1.6G    0%   /
devfs                                                        205Ki   205Ki     0Bi   100%     713     0  100%   /dev
/dev/disk3s6                                                 228Gi    20Ki   156Gi     1%       0  1.6G    0%   /System/Volumes/VM
/dev/disk3s2                                                 228Gi    12Gi   156Gi     8%    1.3k  1.6G    0%   /System/Volumes/Preboot
/dev/disk3s4                                                 228Gi   692Mi   156Gi     1%     301  1.6G    0%   /System/Volumes/Update
/dev/disk1s2                                                 500Mi   6.0Mi   482Mi     2%       1  4.9M    0%   /System/Volumes/xarts
/dev/disk1s1                                                 500Mi   5.8Mi   482Mi     2%      35  4.9M    0%   /System/Volumes/iSCPreboot
/dev/disk1s3                                                 500Mi   1.6Mi   482Mi     1%      95  4.9M    0%   /System/Volumes/Hardware
/dev/disk3s5                                                 228Gi    43Gi   156Gi    22%    582k  1.6G    0%   /System/Volumes/Data
map auto_home                                                  0Bi     0Bi     0Bi   100%       0     0     -   /System/Volumes/Data/home
/dev/disk3s1                                                 228Gi    15Gi   156Gi     9%    426k  1.6G    0%   /System/Volumes/Update/mnt1
/dev/disk3s3                                                 228Gi   1.9Gi   156Gi     2%      76  1.6G    0%   /Volumes/Recovery
com.apple.TimeMachine.2025-09-05-012346.local@/dev/disk3s5   228Gi    42Gi   156Gi    22%    579k  1.6G    0%   /Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Imre’s MacBook Air/2025-09-05-012346/Data
com.apple.TimeMachine.2025-09-05-015510.local@/dev/disk3s5   228Gi    42Gi   156Gi    22%    579k  1.6G    0%   /Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Imre’s MacBook Air/2025-09-05-015510/Data

Juurika suhtes ressursid

Imres-MacBook-Air:/ root# ls -lO /
total 10
lrwxr-xr-x   1 root  admin  -                   36 Jan 15  2025 .VolumeIcon.icns -> System/Volumes/Data/.VolumeIcon.icns
----------   1 root  admin  -                    0 Jan 15  2025 .file
drwxr-xr-x   2 root  wheel  -                   64 Jan 15  2025 .nofollow
drwxr-xr-x   2 root  wheel  -                   64 Jan 15  2025 .resolve
drwxr-xr-x   2 root  wheel  hidden              64 Jan 15  2025 .vol
drwxrwxr-x  16 root  admin  sunlnk             512 Sep  5 12:56 Applications
drwxr-xr-x  66 root  wheel  sunlnk            2112 Sep  3 21:05 Library
drwxr-xr-x@ 10 root  wheel  restricted         320 Jan 15  2025 System
drwxr-xr-x   5 root  admin  sunlnk             160 Sep  2 22:41 Users
drwxr-xr-x   6 root  wheel  hidden             192 Sep  7 11:57 Volumes
drwxr-xr-x@ 39 root  wheel  restricted,hidden 1248 Jan 15  2025 bin
drwxr-xr-x   2 root  wheel  hidden              64 Jan 15  2025 cores
dr-xr-xr-x   4 root  wheel  hidden            5047 Sep  5 01:14 dev
lrwxr-xr-x@  1 root  wheel  restricted,hidden   11 Jan 15  2025 etc -> private/etc
lrwxr-xr-x   1 root  wheel  hidden              25 Sep  5 01:14 home -> /System/Volumes/Data/home
drwxr-xr-x   2 root  wheel  hidden              64 Jan 15  2025 opt
drwxr-xr-x   6 root  wheel  sunlnk,hidden      192 Sep  5 01:14 private
drwxr-xr-x@ 77 root  wheel  restricted,hidden 2464 Jan 15  2025 sbin
lrwxr-xr-x@  1 root  wheel  restricted,hidden   11 Jan 15  2025 tmp -> private/tmp
drwxr-xr-x@ 11 root  wheel  restricted,hidden  352 Jan 15  2025 usr
lrwxr-xr-x@  1 root  wheel  restricted,hidden   11 Jan 15  2025 var -> private/var

kus

sunlnk - apfs lahendusele iseloomulik nn sünteetline link (teine variatsioon on firmlink)
/private sisuks on tegelikult volume /System/Volumes/Data
/ on unionfs laadne lahendus, st kokku on kogutud erinevad ressrussid, mõned on read-only, mõned on read-write
/ endale vastav /dev/disk3s1s1 on /dev/disk3s1 read-only apfs snapshot - sedasi on väga madalas kihis tagatud süsteemi osa immutability

ning

Imres-MacBook-Air:~ root# diskutil apfs list
APFS Containers (3 found)
|
+-- Container disk3 71D88332-123F-4F15-99AA-FDD26D7118F7
    ====================================================
    APFS Container Reference:     disk3
    Size (Capacity Ceiling):      245107195904 B (245.1 GB)
    Capacity In Use By Volumes:   77898416128 B (77.9 GB) (31.8% used)
    Capacity Not Allocated:       167208779776 B (167.2 GB) (68.2% free)
    |
    +-< Physical Store disk0s2 F202FF0C-8102-4C98-8DEA-BFC6BE9C61B4
    |   -----------------------------------------------------------
    |   APFS Physical Store Disk:   disk0s2
    |   Size:                       245107195904 B (245.1 GB)
    |
    +-> Volume disk3s1 9D894F4B-1ADA-47A9-9864-CECA47F5CC54
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk3s1 (System)
    |   Name:                      Macintosh HD (Case-insensitive)
    |   Mount Point:               /System/Volumes/Update/mnt1
    |   Capacity Consumed:         15970652160 B (16.0 GB)
    |   Sealed:                    Broken
    |   FileVault:                 Yes (Unlocked)
    |   Encrypted:                 No
    |   |
    |   Snapshot:                  E4EE5A50-F503-4DC3-BB9E-6C3EF76A9105
    |   Snapshot Disk:             disk3s1s1
    |   Snapshot Mount Point:      /
    |   Snapshot Sealed:           Yes
    |
    +-> Volume disk3s2 5C7FF5F7-C059-4568-879D-AEE09DB60CF7
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk3s2 (Preboot)
    |   Name:                      Preboot (Case-insensitive)
    |   Mount Point:               /System/Volumes/Preboot
    |   Capacity Consumed:         13066547200 B (13.1 GB)
    |   Sealed:                    No
    |   FileVault:                 No
    |
    +-> Volume disk3s3 8A6ADAED-7C32-4DFB-8731-005DA53BB3FF
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk3s3 (Recovery)
    |   Name:                      Recovery (Case-insensitive)
    |   Mount Point:               /Volumes/Recovery
    |   Capacity Consumed:         2082414592 B (2.1 GB)
    |   Sealed:                    No
    |   FileVault:                 No
    |
    +-> Volume disk3s5 53270D80-303A-47F4-83DE-D2B9228E9FC7
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk3s5 (Data)
    |   Name:                      Data (Case-insensitive)
    |   Mount Point:               /System/Volumes/Data
    |   Capacity Consumed:         45915893760 B (45.9 GB)
    |   Sealed:                    No
    |   FileVault:                 Yes (Unlocked)
    |
    +-> Volume disk3s6 5B9AA026-E765-4922-BFEA-B48FD11A79C6
        ---------------------------------------------------
        APFS Volume Disk (Role):   disk3s6 (VM)
        Name:                      VM (Case-insensitive)
        Mount Point:               /System/Volumes/VM
        Capacity Consumed:         20480 B (20.5 KB)
        Sealed:                    No
        FileVault:                 No

iostat esitab ainult füüsiliste seadmete kohta info, huvitaval kombel ka time machine lahendusele vastava seadme (disk4) oma

imreoolberg@Imres-MacBook-Air ~ % iostat 5
              disk0               disk4       cpu    load average
    KB/t  tps  MB/s     KB/t  tps  MB/s  us sy id   1m   5m   15m
   17.03   37  0.61    52.37    0  0.00   3  1 96  1.12 1.52 1.63
    6.17    7  0.04     0.00    0  0.00   2  1 97  1.11 1.51 1.63
    4.00    2  0.01     0.00    0  0.00   1  1 98  1.11 1.51 1.63
...

Automaatse monteerimise vältimine

Imres-MacBook-Air:~ root# diskutil info "/Volumes/macOS Restored" | grep "Volume UUID"
   Volume UUID:               CB4A4A81-A9EE-471D-90CA-7A116C740AC6
Imres-MacBook-Air:~ root# diskutil info "/Volumes/macOS Restored - Data" | grep "Volume UUID"
   Volume UUID:               6AB10166-A262-4E22-8FE6-0D5C97C731FB

Imres-MacBook-Air:~ root# vifs

Imres-MacBook-Air:~ root# cat /etc/fstab
#
# Warning - this file should only be modified with vifs(8)
#
# Failure to do so is unsupported and may be destructive.
#

UUID=6AB10166-A262-4E22-8FE6-0D5C97C731FB none apfs rw,noauto
UUID=CB4A4A81-A9EE-471D-90CA-7A116C740AC6 none apfs rw,noauto

Vastasel korral süsteem otsib teiselt volume'ilt ka nt Applicationid üles

Kopeerimine failisüsteemis

Imres-MacBook-Air:~ root# ditto /Applications/Yubico\ Authenticator.app/ /Users/imreoolberg/Documents/Yubico\ Authenticator.app/

Finder GUI liidesega programm.

USB pulk abil apsf opereerimine, volume lisamine

Imres-MacBook-Air:~ root# diskutil eraseDisk APFS "USBTEST" /dev/disk4

Imres-MacBook-Air:~ root# diskutil apfs unlockVolume /dev/disk5s4

Imres-MacBook-Air:~ root# diskutil apfs addVolume disk5 APFS volume-05
Will export new APFS Volume "volume-05" from APFS Container Reference disk5
Started APFS operation on disk5
Preparing to add APFS Volume to APFS Container disk5
Creating APFS Volume
Created new APFS Volume disk5s5
Mounting APFS Volume
Setting volume permissions
Disk from APFS operation: disk5s5
Finished APFS operation on disk5

Imres-MacBook-Air:~ root# diskutil unmount /dev/disk5s5
Volume volume-05 on disk5s5 unmounted
Imres-MacBook-Air:~ root# diskutil mount /dev/disk5s5
Volume volume-05 on /dev/disk5s5 mounted

Imres-MacBook-Air:~ root# diskutil apfs deleteVolume /dev/disk5s4
Started APFS operation
Deleting APFS Volume from its APFS Container
Unmounting disk5s4
Erasing any xART session referenced by 9AC9146E-455D-45BA-99EC-3FE32D2CE59B
Deleting Volume
Removing any Preboot and Recovery Directories
Finished APFS operation

Konteinerid ja volume'id

Imres-MacBook-Air:~ root# df -h | grep part- | sort
/dev/disk5s1                               1.9Gi   1.0Mi   1.9Gi     1%     109   19M    0%   /Volumes/part-01-volume-01
/dev/disk6s1                               3.7Gi   1.0Mi   3.7Gi     1%     109   39M    0%   /Volumes/part-02-volume-01
/dev/disk7s1                                11Gi   1.0Mi    11Gi     1%     113  119M    0%   /Volumes/part-03-volume-01
/dev/disk8s1                                12Gi   992Ki    11Gi     1%     105  120M    0%   /Volumes/part-04-volume-01
/dev/disk8s2                                12Gi   988Ki    11Gi     1%     105  120M    0%   /Volumes/part-04-volume-02
/dev/disk8s3                                12Gi   1.0Mi    11Gi     1%     105  120M    0%   /Volumes/part-04-volume-03

ning

Imres-MacBook-Air:~ root# diskutil list disk4
/dev/disk4 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *30.8 GB    disk4
   1:                        EFI EFI                     209.7 MB   disk4s1
   2:                 Apple_APFS Container disk5         2.0 GB     disk4s2
   3:                 Apple_APFS Container disk6         4.0 GB     disk4s3
   4:                 Apple_APFS Container disk7         12.2 GB    disk4s4
   5:                 Apple_APFS Container disk8         12.4 GB    disk4s5

kus

füüsiline ketas on /dev/disk4
füüsilise ketta partitsioonid on konteinerid /dev/disk5, /dev/disk6 jne
konteinerite sees on volume'id, nt disk8 sees on kolm tükki, s1, s2 ja s3

ning

kus

TODO

Failide arhiveerime ja kopeerimine süsteemist välja

imreoolberg@Imres-MacBook-Air ~ % ditto -ck --sequesterRsrc /Users/imreoolberg /Volumes/imre-data-01/users-imreoolberg.zip

TRIM

Imres-MacBook-Air:~ root# system_profiler SPNVMeDataType
NVMExpress:

    Apple SSD Controller:

        APPLE SSD AP0256Z:

          Capacity: 251 GB (251,000,193,024 bytes)
          TRIM Support: Yes
          Model: APPLE SSD AP0256Z
          Revision: 2,077.140
          Serial Number: 0ba028eb8328ce39
          Detachable Drive: No
          BSD Name: disk0
          Partition Map Type: GPT (GUID Partition Table)
          Removable Media: No
          S.M.A.R.T. status: Verified
          Volumes:
            iSCPreboot:
              Capacity: 524.3 MB (524,288,000 bytes)
              BSD Name: disk0s1
              Content: Apple_APFS_ISC
            Macintosh HD:
              Capacity: 245.11 GB (245,107,195,904 bytes)
              BSD Name: disk0s2
              Content: Apple_APFS
            Recovery:
              Capacity: 5.37 GB (5,368,664,064 bytes)
              BSD Name: disk0s3
              Content: Apple_APFS_Recovery

    Generic SSD Controller:

        WD_BLACK SN850XE 4000GB:

          Capacity: 4 TB (4,000,787,030,016 bytes)
          TRIM Support: Yes
          Model: WD_BLACK SN850XE 4000GB
          Revision: 624131EX
          Serial Number: 24525S801688
          Link Width: x4
          Link Speed: 8.0 GT/s
          Detachable Drive: No
          BSD Name: disk4
          Partition Map Type: GPT (GUID Partition Table)
          Removable Media: No
          S.M.A.R.T. status: Verified
          Volumes:
            EFI:
              Capacity: 209.7 MB (209,715,200 bytes)
              File System: MS-DOS FAT32
              BSD Name: disk4s1
              Content: EFI
              Volume UUID: 0E239BC6-F960-3107-89CF-1C97F78BB46B
            PRO-G40:
              Capacity: 4 TB (4,000,577,273,856 bytes)
              BSD Name: disk4s2
              Content: Apple_APFS

kus

TRIM Support: Yes - trim on nendel seadmetel asuvatel apfs failisüsteemidel võimalik ja kohal st sisselülitatud
apfs trim on ext4 fstab 'discard' sarnane, mitte 'fstrim /' cron jobs abil ütlemise sarnane
Model: APPLE SSD AP0256Z - '256' väljendab suurust 256 GB, nt teine mudel on AP1024Z ja väljendab suurust 1 TB

Launchd kasutamine

Imres-MacBook-Air:/ root# cat /Library/LaunchDaemons/com.myname.addroute.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.myname.addroute</string>
    <key>ProgramArguments</key>
    <array>
        <string>/sbin/route</string>
        <string>-n</string>
        <string>add</string>
        <string>192.0.2.1/32</string>
        <string>192.168.64.2</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

käivitamiseks

Imres-MacBook-Air:/ root# launchctl load /Library/LaunchDaemons/com.myname.addroute.plist

tulemusena

Imres-MacBook-Air:/ root# netstat -nr | grep 192.0.
192.0.2.1/32       192.168.64.2       UGSc            bridge100

Ta on olemas globaalses launched listis

Imres-MacBook-Air:/ root# launchctl list | grep myn
-	0	com.myname.addroute

Põhimõtteliselt peaks töötama ka unload, aga antud juhul ei oma see toimet selle konkreetse nähtuse one-shot olemuse tõttu

Imres-MacBook-Air:/ root# launchctl unload /Library/LaunchDaemons/com.myname.addroute.plist

Cron

TODO

Imres-MacBook-Air:~ root# plutil -p /System/Library/LaunchDaemons/com.apple.tmp_cleaner.plist
{
  "Label" => "com.apple.tmp_cleaner"
  "LowPriorityIO" => 1
  "Nice" => 1
  "ProgramArguments" => [
    0 => "/usr/libexec/tmp_cleaner"
  ]
  "StartCalendarInterval" => {
    "Hour" => 0
  }
}

Virtualiseerimine - UTM

Süsteemis kirjeldatud virtuaalsed arvutid

Imres-MacBook-Air:/ root# /System/Volumes/Data/Applications/UTM.app/Contents/MacOS/utmctl list
UUID                                 Status   Name
DE2A3E49-B049-40F9-9D79-3C1448B446C9 started  vm-deb13-01

Virtuaalse arvuti virtuaalne plokkseade

Imres-MacBook-Air:/ root# du -sh /Users/imreoolberg/Library/Containers/com.utmapp.UTM/Data/Documents/vm-deb13-01.utm/Data/2BBCF278-9AA7-4741-95B5-1886EC71C110.qcow2
5.9G	/Users/imreoolberg/Library/Containers/com.utmapp.UTM/Data/Documents/vm-deb13-01.utm/Data/2BBCF278-9AA7-4741-95B5-1886EC71C110.qcow2

Virtuaalsele arvutile vastav võrgundus

Imres-MacBook-Air:/ root# ifconfig bridge100
bridge100: flags=8a63<UP,BROADCAST,SMART,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether fa:73:df:a0:51:64
	inet 192.168.64.1 netmask 0xffffff00 broadcast 192.168.64.255
	inet6 fe80::f873:dfff:fea0:5164%bridge100 prefixlen 64 scopeid 0x19
	inet6 fda5:2ff0:49ee:6d45:14d7:6e80:6b22:c592 prefixlen 64 autoconf secured
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x0
	member: vmenet0 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 24 priority 0 path cost 0
	Address cache:
		5e:7f:36:30:6b:51 Vlan1 vmenet0 1161 flags=0<>
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active

Imres-MacBook-Air:/ root# ifconfig vmenet0
vmenet0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	ether b2:7a:48:40:de:47
	media: autoselect
	status: active

Võrk

Riistvara

Võrguliidese MTU muutmiseks

imreoolberg@Imres-MacBook-Air ~ % networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
USB 10/100/1G/2.5G LAN
USB 10/100/1G/2.5G LAN 2
Thunderbolt Bridge
Wi-Fi

imreoolberg@Imres-MacBook-Air ~ % networksetup -getMTU Wi-Fi
Active MTU: 1500 (Current Setting: 1500)

# networksetup -setMTU Wi-Fi 1400

Ruuting

ipv4 ruutingutabeli esitamine

Imres-MacBook-Air:~ root# netstat -nr -f inet
Routing tables

Internet:
Destination        Gateway            Flags               Netif Expire
default            192.168.134.77     UGScg                 en0
127                127.0.0.1          UCS                   lo0
127.0.0.1          127.0.0.1          UH                    lo0
169.254            link#12            UCS                   en0      !
192.168.134        link#12            UCS                   en0      !
192.168.134.2/32   link#12            UCS                   en0      !
192.168.134.77/32  link#12            UCS                   en0      !
192.168.134.77     64:d1:54:a7:cc:99  UHLWIir               en0   1199
192.168.134.255    ff:ff:ff:ff:ff:ff  UHLWbI                en0      !
224.0.0/4          link#12            UmCS                  en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI                en0
255.255.255.255/32 link#12            UCS                   en0      !

Võrk - bluetooth

Kuigi 2025 aastal müüdavate Apple Magic Keyboard puhul paljuski väljendatakse, et nad on kasutatavad wireless režiimis ja jääb mulje, et ainult nii, siis osutub, et tegelikult neil on toiteks mõeldud usb kaabel usb siiski ka andmevahetuseks võimaline. non-radio kasutamiseks

system setting - bluetooth osakonnas lülitada välja bluetooth terviklikult, näiteks
klaviatuur jätkab töötamist

Võrk - wireless

Imres-MacBook-Air:/ root# wdutil info | head -n 44
————————————————————————————————————————————————————————————————————
NETWORK
————————————————————————————————————————————————————————————————————
    Primary IPv4         : en0 (Wi-Fi / 9B1345E5-7303-47E8-9C98-5C1D150E7921)
                         : 192.168.134.2
    Primary IPv6         : None
    DNS Addresses        : 8.8.8.8
    Apple                : Reachable
————————————————————————————————————————————————————————————————————
WIFI
————————————————————————————————————————————————————————————————————
    MAC Address          : <redacted> (hw=<redacted>)
    Interface Name       : en0
    Power                : On [On]
    Op Mode              : STA
    SSID                 : <redacted>
    BSSID                : <redacted>
    RSSI                 : -80 dBm
    CCA                  : 11 %
    Noise                : -96 dBm
    Tx Rate              : 24.0 Mbps
    Security             : WPA2 Personal
    PHY Mode             : 11g
    MCS Index            : 0
    Guard Interval       : 800
    NSS                  : 0
    Channel              : 2g1/20
    Country Code         : EE
    Scan Cache Count     : 1
    NetworkServiceID     : 9B1345E5-7303-47E8-9C98-5C1D150E7921
    IPv4 Config Method   : DHCP
    IPv4 Address         : 192.168.134.2
    IPv4 Router          : 192.168.134.77
    IPv6 Config Method   : Automatic
    IPv6 Address         : fe80::4e5:1ca6:3b6c:4355
    IPv6 Router          : None
    DNS                  : 8.8.8.8
    BTC Mode             : Off
    Desense              :
    Chain Ack            : []
    BTC Profile 2.4GHz   : Disabled
    BTC Profile 5GHz     : Disabled
    Sniffer Supported    : YES
    Supports 6e          : Yes

SSH kaugligipääs

TODO

Tarkvara haldus

Mõisted

DMG - disk image

Sissejuhatus

Üldiselt tekib tarkvara macos süsteemi kolmest allikast

süsteemne tarkvara - nö süsteemi enda paigaldamise tagajärel, nt Safari brauser
App Store - apple.com standardne viis tarkvara levitada, nt Yubico Authenticator
tootja levitab - igasugused huvilised, ausama ja vähem ausamad levitavad .dmg formaadis tõmmist oma veebikohas/repos/jms - nt BetterTouchTool

Tarkvara paigaldamisel võiks eelistada App Store lahendust võimalusel

tarkvara on läbinud teatud turvalisuse jms kaanonitega seotud protseduurid
paigaldamise järgne uuendamine toimub automaatselt, sarnaselt põhisüsteemi tarkvaraga

Rakenduste jaoks on üldiselt kolm asukohta failisüsteemis

/System/Applications - read only
/Applications - read write
~/Applications ehk nt /Users/imreoolberg/Applications - read write

~/Applications kataloogi on realistlik paigaldada nö lihtsat tarkvara, nt mis ei sisalda kernel extensioneid vms (nt OpenVPN ei saa, aga XCA saab). Paigaldamine toimub Finder gui liideses .dmg sees oleva .app kataloogi vedamise teel ~/Applications kataloogi või käsureal nt

$ ditto /Volumes/XCA/xca.app ~/Applications

Tarkvara allikad

TODO

Mitte-ametlikud registrid

Tööpõhimõte - drag-and-drop install

Tundub, et lihtsamal juhul tarkvara paigaldamine seisneb lihtsalt failide kopeerimises .dmg failist arvuti kataloogi /Applications. .dmg faili moodustamine

imreoolberg@Imres-MacBook-Air ~ % hdiutil create -ov -fs "APFS" -size 200m -volname "SimpleCalc" MyDisk.dmg

monteerimine

imreoolberg@Imres-MacBook-Air ~ % hdiutil attach MyDisk.dmg

Sisu moodustamine

imreoolberg@Imres-MacBook-Air ~ % date > /Volumes/SimpleCalc/testfile.txt

lahti ühendamine

imreoolberg@Imres-MacBook-Air ~ % hdiutil detach /Volumes/SimpleCalc

teisendamine

imreoolberg@Imres-MacBook-Air ~ % hdiutil convert MyDisk.dmg -format UDZO -o SimpleCalc-1.0.dmg

Kui on soov läbi proovida nö omatehtud .dmg ja elamus, siis sobib

mingi olemasolev lihtne .app põhine rakendus võtta aluseks - nt xca rakendus
tema sisu kopeerida omatehtud .dmg sisse
lõpuks selle abil tarkvara paigaldada

Osutub, et kui Finderis öelda Open siis monteeritaks .dmg nagu virtuaalne failipõhine plokkseade, mille juurkataloogi sisuks on peamiselt kaks sissekannet

link /Applications kataloogile
xca.app kataloog rakendusega

Ja Open avab ka nö erilises vaates Finderi, kus on näha nö traditsiooniline hiirega drag-and-drop install vaade, tehniliselt toimub tavaline kataloog-kopeeritakse-kataloogi muudatus.

MacOS sellist drag viisil tehtud tarkvara paigalduse ei registreeri kuskil keskses tarkvara-registris vms. Selline tarkvara paigaldamine on tehniliselt kataloogi kopeerimine, millega kaasneb signatuuri kontroll jms administratiivne element.

Tööpõhimõte - installer packages

$ pkgutil --packages
$ pkgutil --files paketinimi

Paigaldatud tarkvara nimekirja esitamine

GUI

System Settings -> General -> System report -> Software -> Applications -> not obtained-from Apple

käsurealt

imreoolberg@Imres-MacBook-Air ~ % system_profiler SPApplicationsDataType | grep -B 3 -A 5 "Identified De" | head -n 20
    Google Chrome:

      Version: 140.0.7339.81
      Obtained from: Identified Developer
      Last Modified: 30.08.2025, 01:47
      Kind: Universal
      Signed by: Developer ID Application: Google LLC (EQHXZ8M8AV), Developer ID Certification Authority, Apple Root CA
      Location: /Applications/Google Chrome.app
      Get Info String: Google Chrome 140.0.7339.81, Copyright 2025 Google LLC. All rights reserved.
--
    iTerm:

      Version: 3.5.14
      Obtained from: Identified Developer
      Last Modified: 16.05.2025, 02:59
      Kind: Universal
      Signed by: Developer ID Application: GEORGE NACHMAN (H7V7XYVQ7D), Developer ID Certification Authority, Apple Root CA
      Location: /Applications/iTerm.app
      Get Info String: 3.5.14
--

Üks viis on küsida failisüsteemis

imreoolberg@Imres-MacBook-Air ~ % ls -ld /Applications/* | grep imreoo
drwxr-xr-x@ 3 imreoolberg  staff   96 Sep  3 11:10 /Applications/BetterTouchTool.app
drwxrwxr-x@ 3 imreoolberg  admin   96 Aug 30 01:47 /Applications/Google Chrome.app
drwxr-xr-x@ 3 imreoolberg  staff   96 May 16 02:59 /Applications/iTerm.app
drwxr-xr-x@ 3 imreoolberg  admin   96 Apr  8 08:11 /Applications/UTM.app
drwxr-xr-x@ 3 imreoolberg  admin   96 Jul 25 15:41 /Applications/Visual Studio Code.app

imreoolberg@Imres-MacBook-Air ~ % ls -ld /Applications/* | grep qdigi
drwxr-xr-x@ 3 root         wheel   96 Sep  8 16:56 /Applications/qdigidoc4.app

kus

sõltuvalt paigaldusviisist on faili omanik erinev
põhimõtteliselt tekib sellisest lähenemisest probleeme, nt mis siis kui süsteemil on mitu kasutajat, installinud kasutaja eemaldatakse jne - üks viis on kasutada süsteemis ühte non-personal administraator kasutajat kes tegeleb tarkvara paigaldamisega jms, ja ülejäänud kasutavad tarkvara
@ tähistab asjaolu, et failiga on seotud apfs failisüsteemi extended attributs omadused, nt registreeritakse sedasi autor

imreoolberg@Imres-MacBook-Air ~ % xattr -p com.apple.appstore.vendor_name "/Applications/Yubico Authenticator.app"
Yubico

Paigaldamine - App Store

TODO

kus

pressida Get -> Install -> Open
tarkvara 'Obtained from' väärtuseks on 'App store'
online otsing - https://www.apple.com/us/search/yubico?src=globalnav

Paigaldamine - tootja juurest kopeerides

TODO

Tarkvara uuendamine

Väited

tarkvara uuendusi ei väljastata kindlaksmääratud aegadel (nt nagu Ubuntu või OpenBSD puhul)
tarkvara uuendusi väljastatakse mitmel korral aastas ja vastavalt vajadusele
tarkvara uuendused jaotuvad: 1. turva-uuendused, 2. vigade parandused, 3. funktsionaalsed muudatused
tarkvara uuendusi koheldatakse terviklikult, st ei ole eraldi nt süsteemi osas ja rakendustarkvara, või pakettide nimekiri, millest saab teha käesoleva uuenduse korra jaoks valiku

Nt 2025 aastal on olnud selline uuenduste ajalugu

January 27: macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3 were released with security patches.
February 10: An urgent security update, macOS Sequoia 15.3.1, was released.
March 11: macOS Sequoia 15.3.2 was released, addressing security vulnerabilities in WebKit.
March 31: macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5 were released.
April 16: macOS Sequoia 15.4.1 was released, providing security patches.
May 12: macOS Sequoia 15.5, macOS Sonoma 14.7.6, and macOS Ventura 13.7.6 were released.
July 29: macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7 were released.
August 20: macOS Sequoia 15.6.1 was released with security updates.

Käsundamine

imreoolberg@Imres-MacBook-Air ~ % sw_vers
ProductName:		macOS
ProductVersion:		15.3
BuildVersion:		24D2059

imreoolberg@Imres-MacBook-Air ~ % softwareupdate -l
Software Update Tool

Finding available software
Software Update found the following new or updated software:
* Label: macOS Sequoia 15.6.1-24G90
	Title: macOS Sequoia 15.6.1, Version: 15.6.1, Size: 6160384KiB, Recommended: YES, Action: restart,

Logi

TODO

Misc

Screen Lock

Tundub, et caffeinate on hästi efektiivne

$ caffeinate -di

Watchdog

Väited

hardware watchdog on paratamatult sisse lülitatud
software watchdog on seaditatav, vaikimisi on sisse lülitatud

TODO

Programm

Käivitamine

imreoolberg@Imres-MacBook-Air ~ % open -a BetterTouchTool
imreoolberg@Imres-MacBook-Air ~ %

imreoolberg@Imres-MacBook-Air ~ % "/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator"
13:09:53.164 [desktop.init] INFO: Logging initialized, outputting to stderr
13:09:53.173 [desktop.init] INFO: Window hidden on startup: false
13:09:53.174 [desktop.init] INFO: Starting Helper subprocess: /Applications/Yubico Authenticator.app/Contents/Resources/helper/authenticator-helper
13:09:53.175 [desktop.init] INFO: Helper process started
13:09:53.176 [main] INFO: Running Yubico Authenticator...
{app_version: 7.2.3, dart: 3.8.1 (stable) (Wed May 28 00:47:25 2025 -0700) on "macos_arm64", os: macos, os_version: Version 15.6.1 (Build 24G90)}
13:09:53.302 [helper.ykman.logging] INFO: Logging at level: INFO
13:09:53.302 [helper.helper.device] INFO: Log level set to: INFO
13:09:53.302 [desktop.init] INFO: Helper log level set
13:09:53.327 [desktop.devices] INFO: USB state change
{"data":{"state":5740354900026072187,"pids":{}},"actions":["get","scan"],"children":{}}
13:09:53.327 [desktop.devices] INFO: USB state updated, unaccounted for: {}
..

edasi

Imres-MacBook-Air:/ root# file "/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator"
/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64:Mach-O 64-bit executable arm64]
/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator (for architecture x86_64):	Mach-O 64-bit executable x86_64
/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator (for architecture arm64):	Mach-O 64-bit executable arm64
Imres-MacBook-Air:/ root#

imreoolberg@Imres-MacBook-Air Documents % cat hello.c
#include <stdio.h>

int main() {
    printf("Hello, World!\n");
    return 0;
}

kompileerimine

imreoolberg@Imres-MacBook-Air Documents % clang hello.c -o hello

käivitamine

imreoolberg@Imres-MacBook-Air Documents % ./hello
Hello, World!

otool abil binary uurimine

imreoolberg@Imres-MacBook-Air Documents % otool -L hello
hello:
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1351.0.0)

yubico authenticator binary uurimine

Imres-MacBook-Air:/ root# otool -L "/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator"
/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator (architecture x86_64):
	@rpath/desktop_drop.framework/Versions/A/desktop_drop (compatibility version 1.0.0, current version 1.0.0)
	@rpath/file_picker.framework/Versions/A/file_picker (compatibility version 1.0.0, current version 1.0.0)
	@rpath/local_notifier.framework/Versions/A/local_notifier (compatibility version 1.0.0, current version 1.0.0)
	@rpath/path_provider_foundation.framework/Versions/A/path_provider_foundation (compatibility version 1.0.0, current version 1.0.0)
	@rpath/screen_retriever_macos.framework/Versions/A/screen_retriever_macos (compatibility version 1.0.0, current version 1.0.0)
	@rpath/shared_preferences_foundation.framework/Versions/A/shared_preferences_foundation (compatibility version 1.0.0, current version 1.0.0)
	@rpath/tray_manager.framework/Versions/A/tray_manager (compatibility version 1.0.0, current version 1.0.0)
	@rpath/url_launcher_macos.framework/Versions/A/url_launcher_macos (compatibility version 1.0.0, current version 1.0.0)
	@rpath/window_manager.framework/Versions/A/window_manager (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1345.120.2)
	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (compatibility version 45.0.0, current version 2487.60.105)
	/usr/lib/swift/libswiftCore.dylib (compatibility version 1.0.0, current version 0.0.0)
	/usr/lib/swift/libswiftCoreAudio.dylib (compatibility version 1.0.0, current version 6.0.0, weak)
	/usr/lib/swift/libswiftCoreFoundation.dylib (compatibility version 1.0.0, current version 120.100.0, weak)
	/usr/lib/swift/libswiftCoreImage.dylib (compatibility version 1.0.0, current version 2.0.0, weak)
	/usr/lib/swift/libswiftCoreMedia.dylib (compatibility version 1.0.0, current version 3110.8.2, weak)
	/usr/lib/swift/libswiftDarwin.dylib (compatibility version 1.0.0, current version 0.0.0, weak)
	/usr/lib/swift/libswiftDispatch.dylib (compatibility version 1.0.0, current version 41.0.0, weak)
	/usr/lib/swift/libswiftIOKit.dylib (compatibility version 1.0.0, current version 1.0.0, weak)
	/usr/lib/swift/libswiftMetal.dylib (compatibility version 1.0.0, current version 343.19.0, weak)
	/usr/lib/swift/libswiftOSLog.dylib (compatibility version 1.0.0, current version 4.0.0, weak)
	/usr/lib/swift/libswiftObjectiveC.dylib (compatibility version 1.0.0, current version 8.0.0, weak)
	/usr/lib/swift/libswiftQuartzCore.dylib (compatibility version 1.0.0, current version 3.0.0, weak)
	/usr/lib/swift/libswiftUniformTypeIdentifiers.dylib (compatibility version 1.0.0, current version 791.2.12, weak)
	/usr/lib/swift/libswiftXPC.dylib (compatibility version 1.0.0, current version 36.100.8, weak)
	/usr/lib/swift/libswiftos.dylib (compatibility version 1.0.0, current version 1049.100.4, weak)
	@rpath/FlutterMacOS.framework/Versions/A/FlutterMacOS (compatibility version 0.0.0, current version 0.0.0)
	/usr/lib/swift/libswiftFoundation.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/swift/libswiftAppKit.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/swift/libswiftCoreGraphics.dylib (compatibility version 1.0.0, current version 120.100.0, weak)
/Applications/Yubico Authenticator.app/Contents/MacOS/Yubico Authenticator (architecture arm64):
	@rpath/desktop_drop.framework/Versions/A/desktop_drop (compatibility version 1.0.0, current version 1.0.0)
	@rpath/file_picker.framework/Versions/A/file_picker (compatibility version 1.0.0, current version 1.0.0)
	@rpath/local_notifier.framework/Versions/A/local_notifier (compatibility version 1.0.0, current version 1.0.0)
	@rpath/path_provider_foundation.framework/Versions/A/path_provider_foundation (compatibility version 1.0.0, current version 1.0.0)
	@rpath/screen_retriever_macos.framework/Versions/A/screen_retriever_macos (compatibility version 1.0.0, current version 1.0.0)
	@rpath/shared_preferences_foundation.framework/Versions/A/shared_preferences_foundation (compatibility version 1.0.0, current version 1.0.0)
	@rpath/tray_manager.framework/Versions/A/tray_manager (compatibility version 1.0.0, current version 1.0.0)
	@rpath/url_launcher_macos.framework/Versions/A/url_launcher_macos (compatibility version 1.0.0, current version 1.0.0)
	@rpath/window_manager.framework/Versions/A/window_manager (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1345.120.2)
	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (compatibility version 45.0.0, current version 2487.60.105)
	/usr/lib/swift/libswiftCore.dylib (compatibility version 1.0.0, current version 0.0.0)
	/usr/lib/swift/libswiftCoreAudio.dylib (compatibility version 1.0.0, current version 6.0.0, weak)
	/usr/lib/swift/libswiftCoreFoundation.dylib (compatibility version 1.0.0, current version 120.100.0, weak)
	/usr/lib/swift/libswiftCoreImage.dylib (compatibility version 1.0.0, current version 2.0.0, weak)
	/usr/lib/swift/libswiftCoreMedia.dylib (compatibility version 1.0.0, current version 3110.8.2, weak)
	/usr/lib/swift/libswiftDarwin.dylib (compatibility version 1.0.0, current version 0.0.0, weak)
	/usr/lib/swift/libswiftDispatch.dylib (compatibility version 1.0.0, current version 41.0.0, weak)
	/usr/lib/swift/libswiftIOKit.dylib (compatibility version 1.0.0, current version 1.0.0, weak)
	/usr/lib/swift/libswiftMetal.dylib (compatibility version 1.0.0, current version 343.19.0, weak)
	/usr/lib/swift/libswiftOSLog.dylib (compatibility version 1.0.0, current version 4.0.0, weak)
	/usr/lib/swift/libswiftObjectiveC.dylib (compatibility version 1.0.0, current version 8.0.0, weak)
	/usr/lib/swift/libswiftQuartzCore.dylib (compatibility version 1.0.0, current version 3.0.0, weak)
	/usr/lib/swift/libswiftUniformTypeIdentifiers.dylib (compatibility version 1.0.0, current version 791.2.12, weak)
	/usr/lib/swift/libswiftXPC.dylib (compatibility version 1.0.0, current version 36.100.8, weak)
	/usr/lib/swift/libswiftos.dylib (compatibility version 1.0.0, current version 1049.100.4, weak)
	@rpath/FlutterMacOS.framework/Versions/A/FlutterMacOS (compatibility version 0.0.0, current version 0.0.0)
	/usr/lib/swift/libswiftFoundation.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/swift/libswiftAppKit.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/swift/libswiftCoreGraphics.dylib (compatibility version 1.0.0, current version 120.100.0, weak)

kus

@rpath viitab rakenduse kapsli sisestele ressurssidele

dtruss

Imres-MacBook-Air:/ root# dtruss -p 65630 2>&1 | tail -n 1

: probe description syscall:::entry does not match any probes. System Integrity Protection is on

imreoolberg@Imres-MacBook-Air Documents % dtruss ./hello
dtrace: system integrity protection is on, some features will not be available
dtrace: failed to initialize dtrace: DTrace requires additional privileges

Screenshot

Tähistatud ala

Command + Shift + 4

Kogu ekraan

Command + Shift + 3

Vaikimisi asub pildistus iseloomuliku nimega failis desktopil.

Süsteemi taastamine

Recovery meedia ettevalmistamine

Imres-MacBook-Air:/ root# diskutil eraseDisk JHFS+ "MyVolume" /dev/disk4
Started erase on disk4
Unmounting disk
Creating the partition map
Waiting for partitions to activate
Formatting disk4s2 as Mac OS Extended (Journaled) with name MyVolume
Initialized /dev/rdisk4s2 as a 28 GB case-insensitive HFS Plus volume with a 8192k journal
Mounting disk
Finished erase on disk4

Imres-MacBook-Air:/ root# /Applications/Install\ macOS\ Sequoia.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume
Ready to start.
To continue we need to erase the volume at /Volumes/MyVolume.
If you wish to continue type (Y) then press return: y
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying essential files...
Copying the macOS RecoveryOS...
Making disk bootable...
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
Install media now available at "/Volumes/Install macOS Sequoia"
Imres-MacBook-Air:/ root# echo $?
0

# diskutil unmount /Volumes/Install\ macOS\ Sequoia

Protseduur

1. Create a New APFS Volume The first step is to create a new, separate volume on your internal drive where you will restore the backup.

Boot from your USB installer by holding the Option key on startup.

In the macOS Utilities window, select Disk Utility and click Continue.

In Disk Utility, go to the menu bar and select View > Show All Devices.

In the sidebar, select the APFS container (the device, not the volume) that holds your current macOS installation.

Click the + button in the toolbar to add a new APFS volume.

Give the new volume a name (e.g., "macOS Restored") and click Add. This process is very fast as APFS volumes share the same free space.

Once the new volume appears in the sidebar, close Disk Utility.

2. Restore the Backup to the New Volume Now that the new volume is ready, you can restore your Time Machine backup to it.

From the macOS Utilities window, select Restore From Time Machine Backup and click Continue.

Follow the on-screen instructions, selecting your Time Machine backup drive when prompted.

When the installer asks you to choose a destination disk, you will see your original macOS volume and the new "macOS Restored" volume you just created.

Select the new "macOS Restored" volume as the destination for the restoration. The installer will then proceed to restore the system to that specific volume only.

After the restoration is complete, you can restart your Mac and, by holding down the Option key, you will be able to choose between your original macOS system and the restored system on the second volume.

homebrew

imre@imre-mac ~ % /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
==> Checking for `sudo` access (which may request your password)...
Password:
==> This script will install:
/opt/homebrew/bin/brew
/opt/homebrew/share/doc/homebrew
/opt/homebrew/share/man/man1/brew.1
/opt/homebrew/share/zsh/site-functions/_brew
/opt/homebrew/etc/bash_completion.d/brew
/opt/homebrew
/etc/paths.d/homebrew
==> The following new directories will be created:
/opt/homebrew/bin
/opt/homebrew/etc
/opt/homebrew/include
/opt/homebrew/lib
/opt/homebrew/sbin
/opt/homebrew/share
/opt/homebrew/var
/opt/homebrew/opt
/opt/homebrew/share/zsh
/opt/homebrew/share/zsh/site-functions
/opt/homebrew/var/homebrew
/opt/homebrew/var/homebrew/linked
/opt/homebrew/Cellar
/opt/homebrew/Caskroom
/opt/homebrew/Frameworks
==> The Xcode Command Line Tools will be installed.

Press RETURN/ENTER to continue or any other key to abort:
==> /usr/bin/sudo /usr/bin/install -d -o root -g wheel -m 0755 /opt/homebrew
==> /usr/bin/sudo /bin/mkdir -p /opt/homebrew/bin /opt/homebrew/etc /opt/homebrew/include /opt/homebrew/lib /opt/homebrew/sbin /opt/homebrew/share /opt/homebrew/var /opt/homebrew/opt /opt/homebrew/share/zsh /opt/homebrew/share/zsh/site-functions /opt/homebrew/var/homebrew /opt/homebrew/var/homebrew/linked /opt/homebrew/Cellar /opt/homebrew/Caskroom /opt/homebrew/Frameworks
==> /usr/bin/sudo /bin/chmod ug=rwx /opt/homebrew/bin /opt/homebrew/etc /opt/homebrew/include /opt/homebrew/lib /opt/homebrew/sbin /opt/homebrew/share /opt/homebrew/var /opt/homebrew/opt /opt/homebrew/share/zsh /opt/homebrew/share/zsh/site-functions /opt/homebrew/var/homebrew /opt/homebrew/var/homebrew/linked /opt/homebrew/Cellar /opt/homebrew/Caskroom /opt/homebrew/Frameworks
==> /usr/bin/sudo /bin/chmod go-w /opt/homebrew/share/zsh /opt/homebrew/share/zsh/site-functions
==> /usr/bin/sudo /usr/sbin/chown imre /opt/homebrew/bin /opt/homebrew/etc /opt/homebrew/include /opt/homebrew/lib /opt/homebrew/sbin /opt/homebrew/share /opt/homebrew/var /opt/homebrew/opt /opt/homebrew/share/zsh /opt/homebrew/share/zsh/site-functions /opt/homebrew/var/homebrew /opt/homebrew/var/homebrew/linked /opt/homebrew/Cellar /opt/homebrew/Caskroom /opt/homebrew/Frameworks
==> /usr/bin/sudo /usr/bin/chgrp admin /opt/homebrew/bin /opt/homebrew/etc /opt/homebrew/include /opt/homebrew/lib /opt/homebrew/sbin /opt/homebrew/share /opt/homebrew/var /opt/homebrew/opt /opt/homebrew/share/zsh /opt/homebrew/share/zsh/site-functions /opt/homebrew/var/homebrew /opt/homebrew/var/homebrew/linked /opt/homebrew/Cellar /opt/homebrew/Caskroom /opt/homebrew/Frameworks
==> /usr/bin/sudo /usr/sbin/chown -R imre:admin /opt/homebrew
==> Searching online for the Command Line Tools
==> /usr/bin/sudo /usr/bin/touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
==> Installing Command Line Tools for Xcode-16.4
==> /usr/bin/sudo /usr/sbin/softwareupdate -i Command\ Line\ Tools\ for\ Xcode-16.4
Software Update Tool

Finding available software

Downloading Command Line Tools for Xcode

Downloaded Command Line Tools for Xcode
Installing Command Line Tools for Xcode
Done with Command Line Tools for Xcode
Done.
==> /usr/bin/sudo /usr/bin/xcode-select --switch /Library/Developer/CommandLineTools
Password:
Sorry, try again.
Password:
==> /usr/bin/sudo /bin/rm -f /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
==> Downloading and installing Homebrew...
remote: Enumerating objects: 310493, done.
remote: Counting objects: 100% (16399/16399), done.
remote: Compressing objects: 100% (608/608), done.
remote: Total 310493 (delta 15991), reused 15838 (delta 15791), pack-reused 294094 (from 3)
remote: Enumerating objects: 55, done.
remote: Counting objects: 100% (34/34), done.
remote: Total 55 (delta 33), reused 33 (delta 33), pack-reused 21 (from 1)
==> /usr/bin/sudo /bin/mkdir -p /etc/paths.d
==> /usr/bin/sudo tee /etc/paths.d/homebrew
/opt/homebrew/bin
==> /usr/bin/sudo /usr/sbin/chown root:wheel /etc/paths.d/homebrew
==> /usr/bin/sudo /bin/chmod a+r /etc/paths.d/homebrew
==> Updating Homebrew...
==> Downloading https://ghcr.io/v2/homebrew/portable-ruby/portable-ruby/blobs/sha256:20fa657858e44a4b39171d6e4111f8a9716eb62a78ebbd1491d94f90bb7b830a
################################################################################################################################################################ 100.0%
==> Pouring portable-ruby-3.4.5.arm64_big_sur.bottle.tar.gz
==> Installation successful!

==> Homebrew has enabled anonymous aggregate formulae and cask analytics.
Read the analytics documentation (and how to opt-out) here:
  https://docs.brew.sh/Analytics
No analytics data has been sent yet (nor will any be during this install run).

==> Homebrew is run entirely by unpaid volunteers. Please consider donating:
  https://github.com/Homebrew/brew#donations

==> Next steps:
- Run these commands in your terminal to add Homebrew to your PATH:
    echo >> /Users/imre/.zprofile
    echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/imre/.zprofile
    eval "$(/opt/homebrew/bin/brew shellenv)"
- Run brew help to get started
- Further documentation:
    https://docs.brew.sh

imre@imre-mac ~ %

pyhton 3.13

imre@imre-mac ti % brew install python@3.13
==> Fetching downloads for: python@3.13
==> Downloading https://ghcr.io/v2/homebrew/core/python/3.13/manifests/3.13.7
#################################################################################################################### 100.0%
==> Fetching dependencies for python@3.13: mpdecimal, ca-certificates, openssl@3, readline, sqlite and xz
==> Downloading https://ghcr.io/v2/homebrew/core/mpdecimal/manifests/4.0.1
#################################################################################################################### 100.0%
==> Fetching mpdecimal
...

`idle3.13` requires tkinter, which is available separately:
  brew install python-tk@3.13

See: https://docs.brew.sh/Homebrew-and-Python
==> Summary
🍺  /opt/homebrew/Cellar/python@3.13/3.13.7: 3,620 files, 66.6MB
==> Running `brew cleanup python@3.13`...
Disable this behaviour by setting `HOMEBREW_NO_INSTALL_CLEANUP=1`.
Hide these hints with `HOMEBREW_NO_ENV_HINTS=1` (see `man brew`).
==> No outdated dependents to upgrade!
==> Caveats
==> python@3.13
Python is installed as
  /opt/homebrew/bin/python3

Unversioned symlinks `python`, `python-config`, `pip` etc. pointing to
`python3`, `python3-config`, `pip3` etc., respectively, are installed into
  /opt/homebrew/opt/python@3.13/libexec/bin

`idle3.13` requires tkinter, which is available separately:
  brew install python-tk@3.13

See: https://docs.brew.sh/Homebrew-and-Python
imre@imre-mac ti % 

(py_venv) imre@imre-mac ti % brew tap hashicorp/tap
==> Tapping hashicorp/tap
Cloning into '/opt/homebrew/Library/Taps/hashicorp/homebrew-tap'...
remote: Enumerating objects: 5818, done.
remote: Counting objects: 100% (1132/1132), done.
remote: Compressing objects: 100% (221/221), done.
remote: Total 5818 (delta 1015), reused 913 (delta 911), pack-reused 4686 (from 3)
Receiving objects: 100% (5818/5818), 1.01 MiB | 1.18 MiB/s, done.
Resolving deltas: 100% (4104/4104), done.
Tapped 2 casks and 32 formulae (93 files, 1.3MB).
(py_venv) imre@imre-mac ti % brew install hashicorp/tap/vault

Xcode Command Line Tools

Xcide CLI koosseisu kuuluvad muu hulgas

git
clang
gcc

Paigaldamiseks sobib öelda

# xcode-select --install

to check

imreoolberg@Imres-MacBook-Air ~ % xcode-select -p
/Library/Developer/CommandLineTools

Spaces

Väited

Spaces võimaldab tegeleda macos peal virtuaalsete desktop'idega
käitumist kontrollib üldiselt 'System Settings -> Desktop & Dock -> Displays have separate Spaces' väärtus (vaikimisi 'On')
F3 klahv abil saab Spaces riba kuvada monitoride üleosas
Space'i saab liigutada monitoride vahel hiirega tirides, v.a. aktiivset space'i
Space'ide vahel saab liikuda Control + left/righ arrow key abil
Rakendust saab liigutada space'ide vahel minnes nn Mission Control vaatesse ja siis hiirega rakenduse akent lohistades
Space sulgemisel paigutatakse vastavad aknad eelmisele space'ile

Kellaaeg

Süsteemi aeg

Imres-MacBook-Air:~ root# date
Sat Sep 13 23:36:17 EEST 2025

NTP serverilt kellaaja küsimine

Imres-MacBook-Air:~ root# sntp time.apple.com
+0.049514 +/- 0.014280 time.apple.com 17.253.38.35

Väärtuse küsimine

Imres-MacBook-Air:~ root# systemsetup -getnetworktimeserver
Network Time Server: time.euro.apple.com

Väärtuse muutmine

Imres-MacBook-Air:~ root# systemsetup -setnetworktimeserver time.euro.apple.com

Logist kellaajaga seotud sündmuste kohta küsimine

Imres-MacBook-Air:~ root# log stream --predicate 'subsystem == "com.apple.timed"

Kas kellaaeg automaatne hoidmine on kasutuses

Imres-MacBook-Air:~ root# systemsetup -getusingnetworktime
Network Time: On

BSD pärand

imreoolberg@Imres-MacBook-Air ~ % which openssl
/usr/bin/openssl
imreoolberg@Imres-MacBook-Air ~ % openssl version
LibreSSL 3.3.6

Imres-MacBook-Air:~ root# ssh -V
OpenSSH_9.9p2, LibreSSL 3.3.6

Imres-MacBook-Air:~ root# pfctl -v
No ALTQ support in kernel
ALTQ related functions disabled

Imres-MacBook-Air:~ root# netstat -nr -f inet

Süsteemsete kasutajate nimed algavad alakriipsuga (nt sarnaselt toimib OpenBSD), nt timed (ntp local protsess) töötab kasutajana _timed

Imres-MacBook-Air:~ root# ps aux | grep timed
_timed             373   0.0  0.0 426967056   4576   ??  Ss   Tue02PM   0:03.41 /usr/libexec/timed

/etc/passwd failis on palju nö legacy kasutajad mille nimi viitab nö klassikalisele lahendusele

Imres-MacBook-Air:~ root# egrep "_postgres|_dovenull|_postfix|_avamis|_clamav|_cyrus|_mailman|_cvs|_mysql|_jabber|_ftp" /etc/passwd
_postfix:*:27:27:Postfix Mail Server:/var/spool/postfix:/usr/bin/false
_cvs:*:72:72:CVS Server:/var/empty:/usr/bin/false
_mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false
_cyrus:*:77:6:Cyrus Administrator:/var/imap:/usr/bin/false
_mailman:*:78:78:Mailman List Server:/var/empty:/usr/bin/false
_clamav:*:82:82:ClamAV Daemon:/var/virusmails:/usr/bin/false
_jabber:*:84:84:Jabber XMPP Server:/var/empty:/usr/bin/false
_ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false
_postgres:*:216:216:PostgreSQL Server:/var/empty:/usr/bin/false
_dovenull:*:227:227:Dovecot Authentication:/var/empty:/usr/bin/false

Süsteemi paigaldamine

Eesmärk

paigaldada töötav töökoha keskkond
valmituda juhtumiks kui kasutaja parool kaob ja on vaja seda taastada (teha reset)

TODO

Google Chrome brauser

TODO

Google Chrome brauseril on lubatud kuvada ssh privaatset võtit, nt

file:///Users/imreoolberg/.ssh/id_ed25519

Analoogliselt on see lubatud Ubuntu 24.04 platvormil, aga nt OpenBSD puhul mitte (tänu unveil tehnoloogiale).

GateKeeper

Kui kopeerida internetist tarkvara nt .dmg kujul ja paigaldada, siis esimesel käivitamisel küsib süsteem, et kas ikka käivitada see internetist kopeeritud programm, küsimus ja vastusega tegelemine on seotud xattr parameetriga com.apple.quarantine

Imres-MacBook-Air:~ root# xattr -p com.apple.quarantine /Applications/KeePassXC.app
0181;68c6f083;Chrome;AF698614-F806-4A2B-B66C-4B09CB133779

ja

# spctl

ja

Imres-MacBook-Air:~ root# sqlite3 /Users/imreoolberg/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
SQLite version 3.43.2 2023-10-10 13:08:14
Enter ".help" for usage hints.

sqlite> .schema
CREATE TABLE LSQuarantineEvent (  LSQuarantineEventIdentifier TEXT PRIMARY KEY NOT NULL,  LSQuarantineTimeStamp REAL,  LSQuarantineAgentBundleIdentifier TEXT,  LSQuarantineAgentName TEXT,  LSQuarantineDataURLString TEXT,  LSQuarantineSenderName TEXT,  LSQuarantineSenderAddress TEXT,  LSQuarantineTypeNumber INTEGER,  LSQuarantineOriginTitle TEXT,  LSQuarantineOriginURLString TEXT,  LSQuarantineOriginAlias BLOB );
CREATE INDEX LSQuarantineEventIndex  ON LSQuarantineEvent (  LSQuarantineEventIdentifier );
CREATE INDEX LSQuarantineTimeStampIndex  ON LSQuarantineEvent (  LSQuarantineTimeStamp );

sqlite> select * from LSQuarantineEvent;
9446C9BF-45BE-49C7-8EBE-2F15796AC8C8|778543831.0|com.google.Chrome|Chrome||||0|||
BDC2404B-51CD-4561-B50B-97C0C4272BF4|778543831.0|com.google.Chrome|Chrome||||0|||
295142B0-B654-4691-9F45-774441058E9A|778543831.0|com.google.Chrome|Chrome||||0|||
E806F7A8-856B-4A57-ADD6-0FFC2CAEECCB|778543833.0|com.google.Chrome|Chrome||||0|||

Transparency, Consent, and Control (TCC)

Esmakordsel käivitamisel küsitakse vahel kataloogide ja failide avamise õiguse kohta, sellega tegeleb TCC. Tulemus on paista nt

System Settings -> Privacy & Security -> KeePassXC -> xxx

Imres-MacBook-Air:~ root# mdls -name kMDItemCFBundleIdentifier /Applications/KeePassXC.app
kMDItemCFBundleIdentifier = "org.keepassxc.keepassxc"

ning eemaldamiseks

Imres-MacBook-Air:~ root# tccutil reset All org.keepassxc.keepassxc
Successfully reset All approval status for org.keepassxc.keepassxc

Kasutajate haldamine

Kasutaja tekitamiseks sobib

System Settings -> Users & Groups -> Add User -> ...

Teise kasutajana lisaks sisse logimiseks sobib kasutada

System Settings -> Control Center -> Fast User Switching -> ...

Eesti id kaart

TODO

Peale paigaldamist on

System Settings -> ID-updater

Finder

Finder programm on sarnane nö vana-aja Windows Explorer programmile või XFCE4 prorammile Thunar.

Vasaku sidebar ehk paneeli sisu muutmiseks sobib kasutada Finder -> Settings ja nt muuta nähtavaks kasutaja kodukataloog.

XQuartz

Väited

X11 põhiste rakenduste töötamiseks vajalik tarkvara (nö linux traditsiooni juhtumiks)
X2go töötamise eelduseks

Locale

MacOS on väga utf-8 keskne süsteem, graafiliste rakenduste ja käsurea osakonnas

imreoolberg@Imres-MacBook-Air ~ % env | grep LANG
LANG=en_US.UTF-8

imreoolberg@Imres-MacBook-Air ~ % locale
LANG="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_CTYPE="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_ALL=

Juhtimiseks sobib kasutada faili ~/.zshrc

Mälu haldus

Käesolevat mälukasutust saab jälgida Activity Monitor utiliidi abil

kus

physical memory - arvuti riistvaralise mälu hulk
memory used - mälu hulk mida operatsioonisüteem moel või teisel aktiivsemalt/vähem-aktiivsemalt/jne kasutab
swap used - plokkseadmele/failisüsteemi salvestatud/puhverdatud mälu sisu

Memory Used koosneb neljast osast

app memory - operatsioonisüsteemi, rakenduste koodi ja andmete jms kasutusel olev mälu mis on välja swapitav, kokku pakitav jms paindlik
wired memory - operatsioonisüsteemi, rakenduste koodi ja andmete jms kasutusel olev mälu mis ei ole välja swapitav, kokku pakitav jms paindlik
cached files - apfs jt failisüsteemide cache, st mällu puhverdatud sisu (tõenäoliselt teeb lugemise oluliselt kiiremaks)
kokku pakitud mälule vastav maht mis kulub pakitud sisu hoidmiseks (mis on pakitud kujul)

'Compressed' väärtus väljendab, milline kokkupakkimata maht õnnestus kokku pakkida.

Väited

arvutis on 'available memory' maht 16.00 - 12.84 = 3.16 G mälu - st see on ressurss, mida saab süsteem kohe kasutada täiendavate vajaduste jaoks
kokku pakitud kujul olevate andmete maht on 12.84 - 5.90 - 2.17 - 3.30 = 1.47
kokku pakkkimise efektiivsus on 3.96/1.47 = 2.69 st peaaegu 3x
kuigi süsteemis on vaba mälu, siis on süsteem otsustanud siiski 175.6 MB välja swappida, ju ta teab mis teeb, ja nii on olnud otstarbekas
cached files maht on selline ressurss, mille saab süsteem kiiresti võtta uude kasutusse, st nt rakenduse koodi jaoks

Swap asub failisüsteemis kataloogis /private/var/vm.

Yubikey

TODO

Kui ssh kliendi kasutamisel tekib olukord

... sign_and_send_pubkey: signing failed for ECDSA .. from agent: agent refused operation

võib abistada

% ssh-add -e /usr/local/lib/libykcs11.dylib
Card removed: /usr/local/lib/libykcs11.dylib

% ssh-add -s /usr/local/lib/libykcs11.dylib
Enter passphrase for PKCS#11:
Card added: /usr/local/lib/libykcs11.dylib

%

Apple riistvara-tarkvara ajalugu

Küsimus chatgpt'le

'what operating system apple computers have used, please give timeline of cpu and operating system with mentioning whether is was single or two-mode privilege separation solution'

Vastus chatgpt'lt - eristatakse 6 ajastut

The Early Days (1976-1984)

Computer: Apple I, Apple II series.
CPU: MOS Technology 6502.
Operating System: Apple DOS, ProDOS.
Privilege Mode: Single-mode. The CPU and OS lacked a concept of privilege separation. All software, including the operating system, ran with full, unrestricted access to the hardware.

The Early Macintosh (1984-1987)

Computer: Macintosh 128K, Macintosh Plus, Mac SE.
CPU: Motorola 68000.
Operating System: System Software (System 1.0 - 4.0).
Privilege Mode: The CPU had a two-mode (Supervisor/User) architecture. However, the early Mac OS did not fully use it for memory protection. The OS was based on a cooperative multitasking model, and a buggy program could still crash the entire system.

The 32-bit Transition (1987-1994)

Computer: Macintosh II series.
CPU: Motorola 68020, 68030, 68040.
Operating System: Mac OS (System 5.0 - 7.5).
Privilege Mode: The CPUs were fully capable of two-mode operation. The OS began to use some of these features, but it was still not a truly protected-mode, preemptive multitasking system.

The PowerPC Era (1994-2006)

Computer: Power Macintosh series.
CPU: PowerPC 601, 603, G3, G4.
Operating System: Mac OS 7.5 - Mac OS 9.
Privilege Mode: The PowerPC was a modern two-mode RISC architecture with a robust privilege model. Despite the powerful hardware, the underlying Mac OS remained non-preemptive and lacked true memory protection between applications. This was a key reason why Apple chose to adopt a BSD-based foundation for its next-generation OS.

The Intel Era (2006-2020)

Computer: MacBook, MacBook Pro, iMac, Mac Mini, Mac Pro (Intel models).
CPU: Intel Core 2 Duo, Core i3/i5/i7/i9, Xeon (x86 architecture).
Operating System: Mac OS X (versions 10.4 to 10.15), later renamed macOS (from 10.12 onward).
Privilege Mode: Two-mode (Ring 0 for the kernel, Ring 3 for applications). This was a pivotal time for Apple, as their BSD-based Mac OS X was finally running on a CPU architecture with a robust, industry-standard privilege model. The operating system could now fully leverage preemptive multitasking and true memory protection, making the Mac far more stable and secure than in the previous eras.

The ARM Era (2020-Present)

Computer: MacBook Air, MacBook Pro, iMac, Mac Mini (Apple Silicon models).
CPU: Apple Silicon (M1, M2, M3, and so on), which are custom ARM-based processors.
Operating System: macOS (starting with macOS 11 Big Sur).
Privilege Mode: The ARM architecture uses a sophisticated multi-level privilege model. The OS runs in EL1 (Kernel Mode), while user applications run in EL0 (User Mode). The system also utilizes EL2 (Hypervisor Mode) for virtualization and security features. The transition to ARM allowed Apple to fully integrate hardware and software, creating a highly efficient platform where the CPU, GPU, and memory are on a single chip. The macOS operating system is built specifically to take advantage of this architecture and its robust privilege model.

Apple Continuity

Apple Continuity initsiatiiv võimaldab ühe appleid konto külge kinnitatud seadmete vahel teha koostööd, nt selliste seadmete ja tegevuste osas

veebikaamera
Universal Control - clipboard st kopi-paste üle seadmete (Synergy/Barrier/jms sarnane)
rakenduste kasutamise jätkamine - nt brauser
Contacts

Kasulikud lisamaterjalid

https://www.apple.com/macos/continuity/

MacOS operatsioonisüsteemi kasutamine füüsilise MacBook Air M4 arvutiga

Sissejuhatus

Riistvara

Neural Engine

Misc OS

User mode vs Kernel mode

Seadme draiver

SanDisk PRO-G40

Kasutajaliides

Magic Apple Keyboard

Touchpad

alt-grab - BetterTouchTool (BTT)

Tööpõhimõte

BTT kopeerimine ja paigaldamine

Seadistamine

Kasutamine

Kasulikud lisamaterjalid

iterm2

timemachine

Tööpõhimõte

Ettevalmistamine

Kasutamine - üksiku faili taastamine

Kasutamine - süsteemi taastamine

Misc

Storage

TRIM

Launchd kasutamine

Cron

Virtualiseerimine - UTM

Võrk

Riistvara

Ruuting

Võrk - bluetooth

Võrk - wireless

SSH kaugligipääs

Tarkvara haldus

Mõisted

Sissejuhatus

Tarkvara allikad

Tööpõhimõte - drag-and-drop install

Tööpõhimõte - installer packages

Paigaldatud tarkvara nimekirja esitamine

Paigaldamine - App Store

Paigaldamine - tootja juurest kopeerides

Tarkvara uuendamine

Logi

Misc

Screen Lock

Watchdog

Programm

dtruss

Screenshot

Süsteemi taastamine

Recovery meedia ettevalmistamine

homebrew

Xcode Command Line Tools

Spaces

Kellaaeg

BSD pärand

Süsteemi paigaldamine

Google Chrome brauser

GateKeeper

Transparency, Consent, and Control (TCC)

Kasutajate haldamine

Eesti id kaart

Finder

XQuartz

Locale

Mälu haldus

Yubikey

Apple riistvara-tarkvara ajalugu

Apple Continuity

Kasulikud lisamaterjalid

Navigeerimismenüü

Otsing