A macOS deployment utility developed by Mozilla IT
Перейти к файлу
Jonathan Lin 65ced6a30f
update ffirefox-bookmarks.sh
update firefox-bookmarks.sh to go with #234
2022-02-17 11:24:20 -08:00
resources remove all bookmarks except sso 2022-02-17 11:06:33 -08:00
.gitattributes kcpassword got lost when I moved it. LFS fail. 2018-05-30 14:53:56 -07:00
.gitignore adding ignore file 2017-11-13 15:49:31 -08:00
.travis.yml Fixing travis.yml to attempt to unbreak multi-language support. 2018-12-19 17:34:59 -08:00
CODE_OF_CONDUCT.md Update CODE_OF_CONDUCT.md 2019-04-26 12:26:37 -07:00
CONTRIBUTING.md Update CONTRIBUTING.md 2018-12-21 15:31:56 -08:00
CREDITS Adding my name to the credits 2018-12-19 15:46:44 -08:00
LICENSE
README.md formatting fix 2018-12-26 09:39:19 -08:00
ambient_display_manifest.json Upd8 lfsfix corsica (#203) 2020-11-13 15:02:05 -05:00
dino_engine.py update autohash to work with fx80 format 2020-08-25 11:07:59 -04:00
dinobuildr.sh Needed to variablize bits of the initial download URL. 2019-07-12 16:23:16 -07:00
production_manifest.json update ffirefox-bookmarks.sh 2022-02-17 11:24:20 -08:00

README.md

dinobuildr

dinobuildr at Mozilla

The dinobuildr project is the current production macOS deployment and configuration tool at Mozilla. All Mozilla IT deployed Macs use this repo for initial system configuration via the following procedure:

  1. Install and/or update to the latest revision of the current release of macOS using Apple sanctioned installation methods
  2. Follow the macOS Setup Assistant to create a user account for the person that will be receiving the machine, and set some basic configurations
  3. Utilize the dinobuildr.sh script to pull down a verified commit of the dino_engine.py configuration script and run it on behalf of the user account created in step 2
  4. Enable Filevault and ensure that the password for the user account is set to something sufficiently random and complicated and hand over the machine to the person who requested it

dinobuildr is intended to be a transparent, reliable, and auditable deployment solution. Anyone may inspect the automated components of our build, review what software is being deployed by default, and what configuration changes are made to a machine. Unlike most deployment and configuration management solutions dinobuildr is intended to be easy to understand, contribute to, and to audit. It does not rely on management binaries or other artifacts to work as it operates using Python 2.7 (which is built into macOS) and uses no external Python libraries. All configuration scripts exist in code that has been written and audited by Mozilla IT and all software packages come from trusted sources and are independently hashed by Mozilla IT.

Background

dinobuildr is a macOS deployment utility developed by Mozilla IT. It provides a relatively flexible framework for deploying software and shell scripts to macOS clients running relatively new versions of macOS; relying on public-facing infrastructure such as Github and official vendor binary repositories that are exposed over the internet to deliver a consistent configuration. It is intended to be straightforward, simple, and is not feature rich - instead it offers a level of simplicity and transparency that may be useful in certain environments.

dinobuildr relies on a JSON manifest to specify the actions the build will take (and it what order) as well as providing URLs and SHA256 hash values for all the scripts, files, and packages in the build. Updating a package is generally as straightforward as changing the version and hash attributes in the JSON manifest. The current version of dinobuildr supports hosting arbitrary files, scripts, pkg files, and dmg files in the following locations:

  • Arbitrary Files - Github LFS
  • .pkg - Github LFS, HTTP(S)/FTP
  • .dmg - HTTP(S)/FTP
  • Bash Scripts - Github
  • .mobileconfig Files - Github