Setting Up an Apple Mac for Software Development

This is a set of notes for setting up an Apple Mac, specifically as a development system. Current versions of OS X have a fairly good default configuration for general-purpose use, but you do need to to adjust some of the security settings. In addition, you will need to install several pieces of software in order to make the system useful for development.

Do This First!

Log in once, run Software Update, and ensure that the operating system is at the latest point release. After all of the updates have been applied, restart the computer.

Log in again and create an Admin user account for your use. If other people will be using the machine, create Standard accounts for them. Log out of the initial account, and log in to the Admin account that you have just created.

Always log in with this new Admin account. The benefit of leaving the initial account untouched is that it ensures that you always have a working account to login with.

Admin accounts have sudo privileges: All Admin accounts on a Mac may use sudo to run command-line utilities with administrative (root) privileges.

You should also find an external hard drive. Begin using Time Machine as soon as possible, as it provides the most easy method for backing up your system.

Configuring a User Account

Configuring The Trackpad

To make the trackpad behave correctly, ensure that these settings are enabled:

  • System Preferences > Trackpad > Tap to click
  • System Preferences > Accessibility > Mouse & Trackpad > Trackpad Options… > Enable dragging

Creating a Private Applications Folder

Once you have logged into your account, create a folder called Applications within your home folder. Whenever you are prompted to drag a new applications into the global Applications folder, put it in this private Applications folder instead. Some applications have to be installed to global folders, but in most cases you can keep the system directories clean by storing third-party products in your private Applications folder.

Securing the Safari Browser

Whether or not you use Safari, you should open it once, and change these settings:

  • Choose Safari > Preferences > General and deselect the option Open “safe” files after downloading.
  • Choose Safari > Preferences > Security and deselect the option Enable Java.

Both of these options have been proven to allow successful attacks on systems.

Configuring Security

Mac OS X is a reasonably secure operating system, but unfortunately convenience has won out over security in a few places. These can easily be corrected by changing a few settings. If you are using a laptop then you should probably make all of these changes as soon as possible.

Basic Settings

Select System Preferences > Security > General, and set the following:

  • On Snow Leopard and above: Require password immediately after sleep or screen saver begins
  • On Leopard: Require password to wake this computer from sleep or screen saver
  • Disable automatic login
  • Disable remote control infrared receiver (under Security > General > Advanced)

Under Firewall, choose Block all incoming connections, and disable Automatically allow signed software to receive incoming connections. On Leopard (Mac OS X 10.5) these options do not exist; instead set Allow only essential services.

New installations of Snow Leopard and above use secure virtual memory by default. For older systems, this is an option under Security > General > Advanced. If you enable secure virtual memory yourself, restart your system so that the feature is active.

Enable File Vault NOW

Current versions of Mac OS X include File Vault 2, a full-disk encryption system that has little in common with the much more limited File Vault 1. You should enable File Vault NOW, because it is the only protection against anyone with physical access to your computer. All other security measures will be completely bypassed if someone with physical access simply restarts the computer with a bootable pen drive.

File Vault really is secure, which means that you can permanently lose access to your data if you lose the passwords and the recovery key.

Requiring a Password on Bootup

Intel-based Macs include EFI firmware that runs when the machine is powered on, to start the operating system. This takes the place of the standard PC BIOS, or Open Firmware on older Macs. If your computer is frequently left in public places, then set a boot password. Otherwise, any malicious individual can change the firmware settings to boot from a disc or device of their choosing. If you did not enable File Vault, then the attacker will have complete access to all of the files on the system.

Apple Knowledge Base article HT1352 provides full details.

Setting Up Time Machine Backups

Time Machine is very, very simple to setup. Just take a suitably large external hard drive, plug it in to your Mac, and agree when prompted. The drive setup process will reformat the hard drive. The only settings that may need to change are the exclusions.

Choose System Preferences > Time Machine, and click Options. Add to the exclusions list any folders that contain ISO disk images, virtual machines, or database files (such as Entourage). If the external hard drive is short of space, exclude the System folder.

Setting Up for Development

Every developer needs a text editor and a version control system. Mac OS X includes software for both of these jobs, but most developers prefer to install newer tools.

The first step, though, is to install a compiler. The easiest way to install one is with the Xcode Command Line Tools package.

Once you have the compiler that is provided by Xcode, you can use Homebrew to install everything else that you need. Homebrew itself manages packages for command-line tools and services. The Cask extension to Homebrew enables you to install graphical desktop applications.

Getting Xcode

Apple now provide the Xcode suite as a free download from the App Store. To install Xcode Command Line Tools, install Xcode from the App Store, then add the Command Line Tools using the Preferences > Downloads > Components.

Setting Up Homebrew

Homebrew provides a package management system for OS X, enabling you to quickly install and update the tools and libraries that you need. Follow the instructions on the site.

You should also amend your PATH, so that the versions of tools that are installed with Homebrew take precendence over others. To do this, edit the file .bash_login in your home directory to include this line:

export PATH="/usr/local/bin:/usr/local/sbin:~/bin:$PATH"

You need to close all terminal windows for this change to take effect.

To check that Homebrew is installed correctly, run this command in a terminal window:

brew doctor

To update the index of available packages, run this command in a terminal window:

brew update

Installing the Git Version Control System

Mac OS X includes Subversion, so that you can work with older source code repositories. The Xcode Command Line Tools include a copy of Git, which is now the standard for Open Source development, but this will be out of date.

To install a newer version of Git than Apple provide, use Homebrew. Enter this command in a terminal window:

brew install git

If you do not use Homebrew, go to the Web site and follow the link for Other Download Options to obtain a Mac OS X disk image. Open your downloaded copy of the disk image and run the enclosed installer in the usual way, then dismount the disk image.

Choosing a Text Editor

Mac OS X includes command-line versions of both Emacs and vim, as well as TextEdit, a desktop text editor. TextEdit is designed for light-weight word processing, and has no support for programming. Unless you already have a preferred editor, install Atom, which is a powerful graphical text editor.

Sublime Text is probably still the most popular text editor for programmers on Mac OS X, but it is under a proprietary license and the future of the product is unclear. Atom is functionally very similar to Sublime, but it is developed as an Open Source project with support from GitHub.

Whichever text editor you choose, remember to set the EDITOR environment variable in your ~/.bash_profile file, so that this editor is automatically invoked by command-line tools like your version control system. For example, put this line in your profile to make vim the favored text editor:

export EDITOR="vim"

To make Atom your default editor, use this line instead:

export EDITOR="atom -w"

Customizing Your Text Editor

You will massively improve your experience with your text editor by adding a useful set of extensions to it. The exact extensions that will benefit the most you depend upon the work that you do, but you should always look at version control integration, convenient access to the terminal, and linters for your preferred programming languages and data file formats.

The Atom community provides extensions as packages. This command installs a selection of popular and generally useful packages:

apm install atom-terminal file-icons git-plus jshint linter-csslint linter-js-yaml minimap

Atom automatically runs the appropriate linter for the files that you are editing. The file-icons package also requires no configuration. Refer to the pages for atom-terminal, git-plus and minimap for details on how to use them.

Browse the Atom package index for more specialized extensions, such as linter-ruby, rails-snippets and rails-transporter for Ruby on Rails development.

Setting Up A Directory Structure for Projects

To keep your projects tidy, I would recommend following the Go developer conventions. These guidelines may seem slightly fussy, but they pay off when you have many projects, some of which are on different version control hosts.

First create a top-level directory with a short, generic name like code. In this directory, create an src sub-directory. For each repository host, create a subdirectory in src that matches your username. Check out projects in the directory.

The final directory structure looks like this:

code/
  bin/
  doc/
  pkg/
  src/
    bitbucket.org/
      my-bitbucket-username/
        a-project/
    github.com/
      my-github-username/
        another-project/

If you set the top-level directory as the environment variable GOPATH, Go will compile to the bin, doc and pkg subdirectories. You can add the bin directory to your PATH to be able to run the compiled programs by typing their names. You may or may not choose to use these directories with other programming environments.

Creating SSH Keys

You will frequently use SSH to access Git repositories or remote UNIX systems. Mac OS X includes the standard OpenSSH suite of tools.

To create an SSH key, run the ssh-keygen command in a terminal window. For example:

ssh-keygen -t rsa -b 4096 -C "Me MyName (MyDevice) <me@mydomain.com>"

Use 4096-bit RSA keys for all systems. The older DSA standard only supports 1024-bit keys, which are now too small to be considered secure.

Setting Up pyenv for Python Development

Mac OS X includes a copy of Python 2. To maintain current and clean Python environments, use the pyenv system and the pyenv-virtualenv plugin.

Enter this command to install pyenv using Homebrew:

brew install pyenv pyenv-virtualenv

Next, add this line to the .bashrc file in your home directory:

 if which pyenv > /dev/null; then eval "$(pyenv init -)"; fi

Open a new Terminal window and enter these commands:

pyenv install 3.5.1
pyenv global 3.5.1

These install Python 3.5 and make it the default Python run-time.

Setting Up RVM for Ruby Development

Mac OS X includes a copy of Ruby, but it is outdated. To maintain current and clean Ruby environments, use the RVM system.

RVM relies on Git, so you must have a working installation of Git before you can set up RVM.

Then enter this command to install GCC and other requirements using Homebrew:

brew install libksba autoconf automake

Finally, you can speed up installation of gem packages by disabling the generation of local documentation. To do this, create a file in your home directory with the name .gemrc and put this line in it:

gem: --no-ri --no-rdoc

MariaDB and MySQL

If you develop any kind of database-driven application, it is useful to have a version of the database server available on your system. The majority of Web applications use either MySQL or MariaDB, which you can easily set up.

Installing MariaDB or MySQL

To install MariaDB using Homebrew, enter this command in a terminal window:

brew install mariadb

To install MySQL using Homebrew, enter this command in a terminal window:

brew install mysql

These commands install the server, the command-line tools, and the client libraries that are needed to compile adapters for programming languages. To start the server, follow the instructions that are displayed after the installation process is completed.

For compatibility, MariaDB uses the same names for command-line tools as MySQL.

Securing the Server

Set a password for the root accounts. First, login with the mysql command-line utility:

mysql -u root -q

The -q Option Disables Command History: By default, the command-line client stores the full text of every command in a history file. If you know that you are going to run statements that include passwords or other sensitive data, use the -q option.

Run these statements to change the password for root access:

UPDATE mysql.user SET password = PASSWORD ('yourpassword') WHERE user LIKE ‘root’; FLUSH PRIVILEGES; EXIT;

You now need a password to login to the installation as root. To login with root again, use this command:

mysql -u root -p

Enter the password when prompted.

You should also remove the anonymous accounts and test database that MySQL automatically includes:

DROP DATABASE test; DELETE FROM mysql.user WHERE user = ’’; FLUSH PRIVILEGES;

If you intend to duplicate a production environment for testing, create a configuration file on your Mac. Production installations of MySQL should be configured with appropriate SQL modes to enable data integrity safeguards. By default, MySQL permits various types of invalid data to be entered.

Desktop Applications

Mac OS X has a double identity - it is both a UNIX operating system, and a proprietary graphical desktop system. This enables it to host a broad range of products from both strands of software development.

The ready-to-use versions of VirtualBox are free for personal use, but not actually Open Source. If you want to pay for a virtual machine application with better desktop integration, VMWare Fusion is probably the best product available.

Other Resources

Online Resources

Apple offer overviews and task-orientated help on their support Web site.

Every new user should probably read How to switch to the Mac, by Rui Carmo.

Books

The single best book on Mac OS X is the Missing Manual, by David Pogue. Once you have this, you only need to buy books that are specifically relevant to your fields of interest.

Rubyists will also benefit from getting a PDF version of Programming Ruby (the Pickaxe book). This may not be the best resource for learning Ruby, but it is the most complete reference, and is very useful to have on your computer in a searchable form.