macshome: “With so many people running macOS in a VM right now here is a ProTip for Fusion on a TouchID Mac. Set: board-id.reflectHost = "FALSE" Now your auth dialog spins are gone!”
Craig Hockenberry: “I know a lot of developers who have been working with Apple’s products for decades. The overwhelming consensus is that we’re seeing something that will change our lives for decades to come. 1976 -> 1984 -> 1996 -> 2008 -> 2019”
Daniel Jalkut: “Apple has been doing hardware penance lately. I hope they realize that exiting the personal networking market (Airport) was as as misguided as exiting pro Mac, pro displays, etc. We’re ready for the big comeback.”
Derek Fulmer: “With the impending changes to macOS in 10.15, I’m giving zsh a go. Really digging its customizability. Feels way more modern. But, I’m still sentimental about bash.”
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!
At WWDC last week, there was a very interesting session on “Apple File Systems” (APFS). It covered the new split system layout in macOS Catalina with a read-only system volume, volume replication with APFS, and how external USB drives and SMB works on iPadOS.
Around the 13 minute mark, during the ‘Volume Replication’ segment, the engineer on stage talks about using asr (Apple Software Restore) tool to ‘replicate’ a system volume to several computers at once and gives the example of a computer lab. He then proceeds to explain the new options in asr regarding APFS volumes and snapshots.
The new features are hugely interesting and I think they will be very useful for backup solutions. There will probably be some applications for MacAdmins, but I disagree with the engineer on stage and some MacAdmins on Twitter and Slack:
Back in the Sierra days, there was this idea that the introduction of APFS would ‘kill’ imaging. The asr tool relied on many HFS+ behaviors and it was questionable that Apple could or would maintain that for APFS. But while there were some changes to asr in the High Sierra and Mojave upgrades, it still worked.
What killed imaging as a process for MacAdmins was the T2 system controller, first introduced with the iMac Pro. There are two main aspects:
NetBoot and external boot are defunct
Firmware needs to be updated with the system
Netboot and external boot are defunct
To re-image or re-install a system, you have to boot it off a different system volume (NetBoot, Recovery, external drive). Alternatively, you can put the system into target disk mode and image or install the system directly on the internal drive.
On Macs with the T2 system controller, NetBoot is explicitly defunct. External boot is disabled by default. It can be re-enabled, but the process is convuluted, requires at least one full setup process, and cannot be automated.
This leaves Recovery as the system to use to replace the system volume and, not surprisingly, there are a few tools that have focussed on using Recovery in the new T2 Mac world:
You could also put the target Mac in target disk mode and image its system. This will work, as long as the system on the image is the same version as the system that was installed before. We have been warned about this in the infamous HT208020 support article:
Apple doesn’t recommend or support monolithic system imaging as an installation method. The system image might not include model-specific information such as firmware updates.
Modern Macs don’t just require a few files on disk to make a bootable system. Inside your Mac are several subsystems that require their own systems (i.e. firmware) to run. Most prominent are the T1 or T2 system controllers which are actually independent custom ARM-based processers running a system called ‘iBridge’ which is an iOS derivate.
If you just exchange the ‘normal’ system files on the hard drive over TDM, without also updating the various firmwares in the system, you may get your Mac into state where it cannot boot.
This was most obvious with the macOS High Sierra upgrade. After re-imaging a 10.12 Sierra Mac to High Sierra running on APFS, would lead to a Mac that could not read the new system volume. The firmware update that came with High Sierra is needed, so the firmware can mount, read and start the APFS system volume.
How can I update or upgrade?
For security, only Apple’s ‘Install macOS’ application and the intermediate software and security update packages have the necessary entitlements to change the built-in firmware(s).
Firmware updates can be in system updates (minor version updates, i.e. 10.14.4 to 10.14.5), security updates, and major system upgrades (i.e. 10.13 to 10.15).
There are three options to apply a system update (e.g. from 10.14.4 to 10.14.5) or security update:
‘Install macOS *’ application, either manually or with the startosinstall tool
Software Update, either manually or through the command line tool
system or security update pkg installer downloaded from support.apple.com
When you want to upgrade a Mac through a major version change (e.g. 10.13 to 10.14 or 10.15), there is only one option:
‘Install macOS *’ application, either manually or with the startosinstall tool
The one remaining use case for imaging
Given the above limitations, there is one use case left for imaging. When you have full control over the macOS version installed on the Mac and its firmware and the image matches that version, then you can image.
However, since NetBoot and external boot are defunct, you will have to image either over target disk mode (fast, but only a few Macs at a time) or using the Recovery (hard to automate, comparatively slow).
The remaining strength of the imaging workflow is the raw speed. Some application suites measure several Gigabytes, if not tens of Gigabytes. With installation workflows, these have to be downloaded, decompressed (pkg installers are compressed archives) and copied to the system drive, a process that takes a lot of time. With imaging, these can be layed down with fast block copies.
For example, the re-installation of a MacBook Pro I tested recently took about 25 minutes. This time includes downloading the 6GB ‘Install macOS’ application and the entire re-installation process. (I could probably have sped this up with a caching server or by pre-installing the full ‘Install macOS’ applications.) If I could have used imaging this would take 2–3 minutes.
If you are in a situation where you have to restore Macs to a pre-defined state frequently and quickly, then imaging might still be a useful workflow. One use case may be MacBooks that get frequently handed out as loan units, where the users get administrative privileges, so they can install extra software and configure the loan units.
You will have to invest extra effort during updates or upgrades to apply them first on the devices, to ensure the firmware gets updated, and then to update the image, as well. In some use cases this extra effort can be worthwhile.
MDM (and DEP) is required
With modern macOS there are other considerations for deployment that make classic imaging workflows less practical. Before macOS 10.13 High Sierra, MacAdmins could manage their Mac fleet without an MDM server. In High Sierra 10.13.4 Apple added two things to the MDM protocol:
‘user-approved’ MDM
Kernel extension white listing via configuration profile
The second feature (white listing Kernel extensions) requires the first (user-approved MDM). You cannot manage Kernel Extensions or Privacy Preferences Control settings in Mojave, with out a user-approved MDM. In mosts organizations, these are not limitations you can work around. An MDM is now a requirement to manage Macs in an organization.
From what we can glean from the WWDC sessions, the (UA)MDM controls will be increased even further with Catalina. It will be driven even further: DEP or ‘Automated Device Enrollment’ with Apple Business Manager or Apple School Manager will be required for some new management features, such as ‘bootstrap tokens’ for FileVault.
Each Mac client needs to be enrolled in the MDM individually. The MDM enrollment cannot be part of an image. The easiest way to get a Mac enrolled is with Automated Device Enrollment (formerly known as DEP), which happens at first boot after installation.
Third party software
It is not just the macOS system that needs to individually enroll with the MDM server. Many third party solutions now also require subscriptions or licenses to be activated on each device individually. All these additional configurations that need to happen after installation or imaging, decrease the usefulness of including all software and configuration in an image.
Patching and software updates
Most imaging deployments, used a workflow where the image was kept ‘static’ or ‘frozen’ for longer periods of time, usually six or twelve months. This will minimize the effort to update the image, system and software.
However, modern operating systems and third party software have update frequencies of 4–10 weeks. Modern security requirements will require these updates to be applied in a timely matter. Critical security problems can strike at any time, requiring fast updates from the vendors and the Mac Admins.
As with the MDM above, having a system in place that allows the MacAdmin to easily and quickly deploy and, when necessary, enforce an update or patch to the entire fleet of devices is an important requirement.
Software and patch management of non-App Store applications is not part of the MDM protocol. Nevertheless, many MDM solutions also include additional functionality for software management, with varying degree of usefulness.
Some MacAdmins prefer to combine their MDM solution with the open source solution Munki instead. Munki is considered to be the best software management solution for macOS, but does not include MDM functionality itself.
Whichever software management solution you use, once you have that in place, it will be easier to manage (i.e. install and enforce) software through the management system, than to keep an image up-to-date and re-applying it.
You will end up with a ‘thin’ base image and everything else deployed and managed by the management system. At that point you might as well switch to an installation based workflow.
But, the engineer on stage said…
Here are all the limitations on imaging, summarized:
NetBoot and external boot are defunct
system firmware needs to be updated with the system
MDM and DEP are required
frequent security updates and patches require continuous software management
The asr tool exists because Apple needs a tool to image the operating system to new Macs in the factory. Obviously, Apple has absolute control over the versions of macOS and firmwares deployed to the systems, so they ensure they all match. Speed is a priority, so Apple needs and maintains asr.
Other uses of asr, including the use as an imaging tool for administrators have always been secondary.
As mentioned earlier, when your environment has similar requirements (fast re-deployment) and can provide tight control over the macOS and firmware versions, then imaging might still be a useful workflow for you.
You can already do this with High Sierra or Mojave. You do not have to wait for the new Catalina features for this.
In general, a simpler (albeit slower) installation-based workflow is less complex to deploy and maintain. (Imaging might seem less complex, because it is more familiar.)
So, the new features in the presentation are pointless?
The other use case for asr in the presentation, backups, are very exciting. They will allow the system to take a snapshot and then copy the data of the snapshot to a backup while the system keeps running and changing files. You may also be able to restore a system from a snapshot stored elsewhere.
The split of system volume and user data volume in Catalina is also very intriguing for Mac Admins. This may of course, break some third party software. (Start testing now.) But it may also open up new options for management. One of these (user enrollment) is introduced in the “Managing Apple Devices” WWDC video.
One possible workflow could be to snapshot and/or image the data volume and leave the system volume intact (you have to, it is read-only and SIP protected). It is still questionable how well this might work, since the firmlink connections between the system and the data volume might not survive the replacement of their targets. You can start testing this now, but keep in mind that the details of the new file system layout will still change during the beta phase.
Summary
The changes introduced to the file system in macOS Catalina at WWDC are major and will enable new workflows for MacAdmins.
Start testing Catalina now.
The limitations that ‘killed’ imaging, still apply or might be re-inforced. Imaging is still dead
We got new previews of all of Apple’s operating systems, including a new, stand-alone, more powerful iPadOS. We got a look at the new Mac Pro with a high-end new 6K display. We got Marzipan… er Project Catalyst. And we got a quick peak at a new Swift-native user interface framework.
There were tons of interesting pieces for MacAdmins already. Apple is switching the default shell to zsh, will stop bundling scripting frameworks with the system, has released new management documentation, is moving to a read-only system partition, and more… And there will be more today when ‘What’s new in Managing Apple Devices’ is presented.
It will take weeks and months to sort through all the changes. Make sure to subscribe to the developer program for the earliest betas, AppleSeed for IT (ask your Apple representative), or the public beta, so you can start testing early and often! And keep reading this news summary, so you know what to look out for.
If you are using the Exit Code prompt setup from my post last week: co-worker Mattias found an embarrassing error that may have resulted in all exit codes being a happy green checkmark. The code in the post is now fixed (only the last line changed). On the other hand I will be posting how to do that with zsh soon.
After finishing the first ‘Scripting macOS’ class at Pro Academy last week, we have new dates on October 23 and 24 for the next class here in our training rooms in Amsterdam. I will be busy updating the class for macOS Catalina. There will also be a ‘Supporting macOS’ class on September 18 and 19. If you are interested, then please contact us through the form on the website. You can also use the contact form if you are interested but the dates do not fit your schedule. We will consider your preferences for further scheduling.
Michael Palermiti: “Pssst. Hey, I’ve got some exciting news for our enterprise customers… Shared Mailbox support is now in TestFlight for @Outlook for iOS! We need your help to try it out and give us feedback. And before anyone asks, yes, Android support is not far behind!”
Nick Takayama: “Shouldn’t it be called the WWDC Beer Zsh Now?”
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!
zsh (I believe it is pronounced zee-shell, though zish is fun to say) will succeed bash as the default shell. bash has been the default shell since Mac OS X 10.3 Panther.
The bash binary bundled with macOS has been stuck on version 3.2 for a long time now. bash v4 was released in 2009 and bash v5 in January 2019. The reason Apple has not switched to these newer versions is that they are licensed with GPL v3. bash v3 is still GPL v2.
zsh, on the other hand, has an ‘MIT-like’ license, which makes it much more palatable for Apple to include in the system by default. zsh has been available as on macOS for a long time. The zsh version on macOS 10.14 Mojave is fairly new (5.3). macOS 10.15 Catalina has the current zsh 5.7.1.
Is bash gone!?
No.
macOS Catalina still has the same /bin/bash (version 3.2.57) as Mojave and earlier macOS versions. This change is only for new accounts created on macOS Catalina. When you upgrade to Catalina, a user’s default shell will remain what it was before.
Many scripts in macOS, management systems, and Apple and third party installers rely on /bin/bash. If Apple just yanked this binary in macOS 10.15 Catalina or even 10.16. Many installers and other solutions would break and simply cease to function.
Users that have /bin/bash as their default shell on Catalina will see a prompt at the start of each Terminal session stating that zsh is now the recommended default shell. If you want to continue using /bin/bash, you can supress this message by setting an environment variable in your .bash_profile or .bashrc.
Apple is strongly messaging that you should switch shells. This is different from the last switch in Mac OS X 10.3 Panther, when Apple switched the default to bash, but didn’t really care if you remained on tcsh. In fact, tcsh is still present on macOS.
Apple’s messaging should tell us, that the days of /bin/bashare numbered. Probably not very soon, but eventually keeping a more than ten year old version of bash on the system will turn into a liability. The built-in bash had to be patched in 2014 to mitigate the ‘Shellshock’ vulnerability. At some point Apple will consider the cost of continued maintenance too high.
Another clue is that a new shell appeared on macOS Catalina (and is mentioned in the support article). The ‘Debian Almquist Shell’ dash has been added to the lineup of shells. dash is designed to be a minimal implementation of the Posix standard shell sh. So far, in macOS (including Catalina),sh invokes bash in sh-compatibility mode.
As Apple’s support article mentions, Catalina also adds a new mechanism for users and admins to change which shell handles sh invocations. MacAdmins or users can change the symbolic link stored in /var/select/sh to point to a shell other than /bin/bash. This changes which shell interprets scripts the #!/bin/sh shebang or scripts invoked with sh -c. Changing the interpreter for sh should not, but may change the behavior of several crucial scripts in the system, management tools, and in installers, but may be very useful for testing purposes.
All of these changes are indicators that Apple is preparing to remove /bin/bash at some, yet indeterminate, time in the future.
Do I need to wait for Catalina to switch to zsh?
No, zsh is available Mojave and on older macOS versions. You can start testing zsh or even switch your default shell already.
If you want to just see how zsh works, you can just open Terminal and type zsh:
$ zsh
MacBook%
The main change you will see is that the prompt looks different. zsh uses the % character as the default prompt. (You can change that, of course.) Most navigation keystrokes and other behaviors will remain the same as in bash.
If you want to already switch your default shell to zsh you can use the chsh command:
$ chsh -s /bin/zsh
This will prompt for your password. This command will not change the current shell, but all new ones, so close the current Terminal windows and tabs and open a new one.
How is zsh different?
Like bash (‘Bourne again shell’ ), zshderives from the ‘Bourne’ family of shells. Because of this common ancestry, it behaves very similar in day-to-day use. The most obvious change will be the different prompt.
The main difference between bash and zsh is configuration. Since zsh ignores the bash configuration files (.bash_profile or .bashrc) you cannot simply copy customized bash settings over to zsh. zsh has much more options and points to change zsh configuration and behavior. There is an entire eco-system of configuration tools and themes called oh-my-zsh which is very popular.
zsh also offers better configuration for auto-completion which is far easier than in bash.
I am planning a separate post, describing how to transfer (and translate) your configurations from bash to zsh.
What about scripting?
Since zsh has been present on macOS for a long time, you could start moving your scripts from bash to zsh right away and not lose backwards compatibility. Just remember to set the shebang in your scripts to #!/bin/zsh.
You will gain some features where zsh is superior to bash v3, such as arrays and associative arrays (dictionaries).
There is one exception where I would now recommend to use /bin/sh for your scripts: the Recovery system does not contain the /bin/zsh shell, even on the Catalina beta. This could still change during the beta phase, or even later, but then you still have to consider older macOS installations where zsh is definitely not present in Recovery.
When you plan to use your scripts or pkgs with installation scripts in a Recovery (or NetInstall, or bootable USB drive) context, such as Twocanoes MDS, installr or bootstrappr, then you cannot rely on /bin/zsh.
Since we now know that bash is eventually going away, the only common choice left is /bin/sh.
When you build an installer package, it can be difficult to anticipate all the contexts in which it might be deployed. So, for installation pre- and postinstall scripts, I would recommend using /bin/sh as the shebang from now on.
I used to recommend using /bin/bash for everything MacAdmin related. /bin/sh is definitely a step down in functionality, but it seems like the safest choice for continued support.
Summary
Overall, while the messaging from Apple is very interesting, the change itself is less dramatic than the headlines. Apple is not ‘replacing’ bash with zsh, at least not yet. Overall, we will have to re-think and re-learn a few things, but there is also much to be gained by finally switching from a ten-year-old shell to a new modern one!
Between Memorial Day in the US, Ascension Day in parts of Europe, and WWDC looming next week, this was a quiet news week.
Apple did have one more thing to get out before WWDC: the iPod touch was updated with the A10 processor.
Now, only the Mac Pro remains as a device that has not been updated in the last two years. (MacBook barely makes the two years limit with its last update in June 2017.)
Graham Pugh: “IBM SPSSStatistics 26 still needs Java installed in order to get installed on Mac, but installs a JRE as part of the installation. How hard would it be to put the JRE in the installer itself?”
Timo Perfitt: “Right Click->Open to Install?… ” (Click for image)
Tom Bridge: “So, I’ve spent a little time with Mosyle + Google SSO + DEP tonight, and I gotta hand it to the team at @mosyle_biz : That’s a helluva beta. I can see that being HIGHLY useful.”
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!
The intriguing prompt displayed a symbol indicating whether the previous command exited successful (exit code zero) or failed (non-zero exit code).
You can always get the exit code of the previous command from the $? variable, but seeing it right there and in color, is more direct.
While I find fish andzsh quite intriguing, I am still unwilling to move my setup for just a single feature. “This has to be possible in bash,” I thought… And it is, though the implementation was a bit more complex than I expected. But I learned a lot more about how the bash prompt worked.
The trick for changeable or dynamic prompts in bash is to create a bash function that assembles the PS1 variable, on every prompt. You can enable that function by setting the PROMPT_COMMAND environment variable to your custom function.
Obviously, you should not overload your function with time intensive processes, but with modern processing power, a lot can be done in a short time.
After a lot of experimentation, I settled on this setup:
Update: there was an error in the code that would prevent the prompt from ever showing a red exit code. I fixed it now, the change is in the last line. (Thanks to co-worker Mattias for pointing that out.)
You can add this code to your .bash_profile or .bashrc. (If you do not know what that means, read this post.)
I experimented with special characters and even Emoji to signify the exit code, but then settled on colors and the square root symbol √ (option-V on the US and international keyboard, looks like a checkmark) for success and the question mark ? with the exit code for errors.
No quiet before the storm with this year’s WWDC. After macOS 10.14.5 and iOS 12.3 dropped last week, we got new MacBooks Pro with a decent speed bump this week. Their keyboard only got minor changes, but Apple has also announce a Keyboard Service program.
Timo Perfitt: “If you are interested in the Twocanoes MDS slides, exercises, or links from my roadshow, this tweet is for you! https://t.co/AZ8rJcafCD”
tlark: “Want to try to get rid of Adobe products? It may not be possible, but there are alternatives… ”
Edward Marczak: “Or you can go all in and just not allow 32-bit execution: sudo nvram boot-args="-no32exec"… ”
John C. Welch: “I was just thinking, at random about Macworld Expo, and I realized why its end, and the end of end-user/consumer-focused computer shows in general are a bad thing. What happens when all computer shows are for devs or industry “insiders”?” (Long thread)
Minko Gechev: “A bash function I use constantly on airports: function changeMac() { local mac=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//') sudo ifconfig en0 ether $mac sudo ifconfig en0 down sudo ifconfig en0 up echo "Your new physical address is $mac" } Unlimited WiFi ”
Timo Perfitt: “Turns out that the plural form of ”Mac“ is ”a murder of Mac computers“.”
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!
This Monday, macOS 10.14.5 (and all the related updates) dropped. The timing was surprising, but became clearer when the news on a new group of Intel CPU vulnerabilities arrived as well.
10.14.5 brings some mitigations to these vulnerabilites, but to be sure, you would have to disable Hyperthreading on your CPU(s) which brings up to 40% performance hit.
With 10.14.5 the new notarization rules for applications and kernel extensions arrive as well. All of this is once again demonstrating the importance (and the challenges) of IT being able to quickly roll-out and support system updates.
Jason Broccardo on Twitter: “#macadmins n.b. the both the 10.14.5 and iTunes Device Support Update updates have trailing spaces when you are looking at the CLI softwareupdate listing. If you want to CLI install you’ll need to account for that.”
Marnin: “When using the Time Server payload on earlier version of macOS 10.14, the time zone was not getting set properly.”
Ken Case: “Today Apple released macOS Mojave 10.14.5, which fixes a CoreAnimation drawing issue that was affecting customers using large OmniOutliner and OmniPlan documents. If you’re a Mac customer using Mojave, I strongly recommend updating!”
Anthony Reimer: “I’ve made a minor update to my Mac Obsolescence Chart to highlight the old Macs that can’t get the ZombieLoad vulnerability patch”
William Smith: “Commands for a Mac management system to report whether hyper-threading is enabled with regard to ZombieLoad: /usr/sbin/system_profiler SPHardwareDataType | /usr/bin/grep "Hyper-Threading Technology" | /usr/bin/awk -F ": " '{ print $2 }' “Enabled” or “Disabled” ”
Allister: “Just, syscuddle Backwards compliant and 100x faster (/usr/sbin/sysctl machdep.cpu.features | grep -c HTT to be exact)”
Adam Codega: “This hyperthreading thing is perfect for help desks. Got a slow computer? Clear the NVRAM!”
MacAdmins on Twitter
Caleb Coy: “Was just reminded that the #macadmins Slack community turns 4 this weekend. I don’t know about y’all, but a lot has happened for me in that time and having this community has helped so much.”
Daniel Jalkut: “Heads up Mac developers: the ”codesign –preserve-entitlements=runtime“ parameter does not actually preserve the runtime flag. Radar #50697511.”
Timo Perfitt: “Interesting that the additional recovery partition key combos are only available if you have installed 10.12.4 or later at least once.”
Adam Codega: “A configuration profile is never late. Nor is it early; it arrives precisely when it means to.”
Kitzy: “macOS Mojave 10.14.5 has been out for over 48 hours now. Still no sign of it in Jamf’s patch management. It’s frustrating that Jamf finally got the mechanics of patch management down but crippled it by making us all rely on Jamf for patch definitions that are slow to update.”
Ricky Mondello: “Did you know that you can drag Safari’s Downloads popover by its title into being a detached, free-standing window, so you can more easily monitor your long-running downloads?”
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!
Someone on the MacAdmins Slack recently asked how you could assign a global keyboard short cut to open Terminal on macOS.
Note: alternative terminal applications such as iTerm2 may have this built-in.
macOS has an option to assign custom global keystrokes to pretty much anything, but it is not obvious how to get there.
First, open the Automator application. In the chooser for a new Workflow, choose ‘Quick Action’ (on Mojave) or ‘Service’ on earlier versions of macOS.
The new Workflow chooser in Mojave
In the new workflow configure the input to be ‘no input’ and the application to be ‘any application.’
Then search for ‘Launch Application’ action in the library pane on the left and add it to your workflow by double-clicking or dragging.
The popup menu where you can slect an application in the action will only show applications from the /Applications folder. Choose ‘Other…’ and select Terminal in the ’/Applications/Utilities` folder.
Configure your workflow
Save the workflow. Give it a meaningful name such as ‘Open Terminal.’ Since you chose Quick Action or Service, this workflow will be saved in ~/Library/Services.
Open System Preferences > Keyboard. Click the ‘Shortcuts’ tab and select ‘Services’ from the list on the left side. (Even on Mojave, it is still called ‘Services’.)
Scroll all the way down the list of services under the ‘General’ heading, you should find the service you just created. Select it and click ‘Add Shortcut’ to assign a global shortcut.
Keyboard Shortcut Preferences
You are done!
When the active application uses the same keystroke, the application’s definition will precede your global shortcut.
Of course, you don’t have stop at launching applications. You can assign a global keyboard shortcut to any Automator workflow this way. Since Automator workflows can include AppleScript, Python or shell scripts, you can do pretty much anything this way!
However, most Apple users don’t bother with shortcuts to launch apps. Just invoke Spotlight with command-space and start typing term and hit return.
More 10.15 and iOS13 rumors (or previews), Microsoft goes Terminal and open source and leaks the Chromium-based Edge browser for Mac, Mac admins continue to explore the effects of the 10.14.5 notarization requirements, and Adobe ‘unauthorizes’ old versions.
mikeymikey: “Just sharing this out here – because I didn’t know this detail – and codesign and spctl don’t show this particular reason for Gatekeeper rejection”
William Smith: “Download Microsoft Edge (Canary) for Mac, Reference the chromium.org key/value pairs here: www.chromium.org/administrators/policy-list–3 Use “com.microsoft.Edge.Canary” domain to manage (plist or configuration profile).”
Patrick Fergus: “I annotated Adobe’s “authorized” applications table with “marketing” versions. Note “if an Adobe product is not listed in the table below, all versions continue to be authorized.””
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!
