Changing my spots

Volume 11, Issue 9; 20 Jan 2008; last modified 08 Oct 2010

Well, changing my stripes into spots, I suppose. Notes on the upgrade from Mac OS X “Tiger” to “Leopard”.

In much the same spirit as my last rebuild, here are some notes on the transition to “Leopard”.

There are several ways to upgrade the OS, but the only one I trust is the one where you reformat the drive and start over. It'll have to be done eventually, that's just the nature of things, so I think it's better just to start that way.

  1. Make backups. I didn't really need to say that, did I?

  2. Boot the DVD and install the OS.

  3. Install extra packages off the DVD: X Code, X11, etc. It seemed straightforward this time.

  4. Run Software Update. Repeat until it says it's done.

  5. Restore the backup data.

    If, like me, you use /home, you will be very confused until you figure out that Leopard has some funky auto mount setup that makes /home unusable.

    You can fix this by commenting out the appropriate line in /etc/auto_master.

  6. Merge your old home directory into the new one that the installer created. (In /Users, not /home, previous discussion not withstanding. I use /home for staging web content because that is where my home directory is located on the web hosting server.)

  7. Leopard comes with Python 2.5.1, I'm happy with that. Except that Berkeley DB doesn't seem to work. Luckily, it can be fixed.

  8. Install MacPorts. Use MacPorts to install wget, msmtp (for sending mail, at least from my custom Emacs rig), subversion, and gnupg.

    For some reason, the MacPorts version of mercurial won't build. I got a binary instead.

  9. Install PyXML (yes, I know there are better things, but I haz lagazee…)

    Inexplicably, it didn't work. Or, rather, it worked after I set the PY_USE_XMLPLUS environment variable. Maybe the inexplicable part is why I didn't need to do that on Tiger. Whatever.

  10. Use MacPorts to install links, p5-libxml-perl, p5-image-info, and p5-digest-md5. [Update 21 Jan 2008: And p5-image-exiftool.] [Update 24 Jan 2008: Doing this apparently installed /opt/local/bin/perl. Having two perls lead to weirdness. Rename /opt/local/bin/perl and make it symlink to /usr/bin/perl

  11. Do the perl -MCPAN -e shell shuffle to install XML::Parser, XML::XPath, and RPC::XML. CPAN will look for lynx and ncftp, so you might want to install them with MacPorts first, but you don't have to.

    [Update 24 Jan 2008: And Text::DelimMatch.]

  12. In System PreferencesSharing enable Remote Login. There are probably a bunch of other things you want to do while you're in the System Preferences: too many to enumerate.

  13. Bleh. Leopard ships with Apache 2. I guess that's fair, but I still need to run Apache 1.3.x Luckily, you can install that with MacPorts.

  14. Grab the sources for the version of Apache that you just installed. Build that version with the right suexec parameters:

    ./configure \
    "--with-layout=Darwin" \
    "--sbindir=/opt/local/sbin" \
    "--prefix=/opt/local" \
    "--enable-suexec" \
    "--suexec-caller=_www" \
    "--suexec-docroot=/home" \
    "--suexec-logfile=/opt/local/var/log/httpd/suexec.log" \

    Note the odd UID “_www”. I have no idea why Leopard sticks underscores in front of a bunch of users.

    Move src/support/suexec into /opt/local/sbin and chmod it 4555.

    Tiger created an “ndw” user and an “ndw” group. Leopard doesn't do that, it puts you in the “staff” group. That's fine, except you can't run suexec with the staff group. So go ahead and create yourself a group:

    $ dseditgroup -o create -i 501 ndw

    Now, how do we get into that group? On System PreferencesAccounts, click the lock so you can make changes, then Ctrl+click on the user (yeah, cause that was intuitive), and change the group.

    Restart Apache. Check the error log to make sure it worked.

  15. Install Adium, Adobe Reader, Caffeine, Carbon Emacs, Chicken of the VNC, Disk Inventory, Firefox, GIMP, GoogleEarth, Growl, gSync, HuginOSX, iMovieHD6, Inkscape, iRedLite,, Lightroom, MarcoPolo, MenuCalendarClock, MenuMeters, Netbeans, NeoOffice, Oxygen, Quicksilver, SSHKeychain, Skim, SuperDuper!, VMware Fusion, X-Chat Aqua, and Zoom.

    I'm skipping Adobe Reader because I've never had a compelling need for it. I'm skipping SSHKeychain because Leopard includes the functionality that I care about (remember to remove the environment variables, though!). I'm skipping SuperDuper! because I expect Time Machine to do the job.

    I gather that GIMP requires a little fiddling that I haven't persued yet.

  16. Install Firefox extensions: Adblock Plus, cmSiteNavigation Toolbar, Bookmarks, Download Statusbar, Firebug, Firemacs, Flashblock, Greasemonkey, Live HTTP Headers, No Squint, Resizeable Form Fields, ScrapBook, Tab Mix Plus, Web Developer.

  17. [Update 29 Jan 2008: Finder, show me all my damn files: defaults write AppleShowAllFiles ON]

  18. [Update 4 Feb 2008: Use MacPorts to install gpsbabel, get the USB/Serial port drivers from]

  19. [Update 19 Feb 2008: Remove /home from the exclusions in /System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist because I want /home backed up by Time Machine.]

So far, so good.

[Update 31 July 2008: Another rebuild because of shoddy software. This time I found a workaround for the inability of MacPorts to build some stuff (port clean --work package and try again; apparently it's a known bug that will be fixed…eventually). I fixed the Berkeley DB problem by installing python from and symlinking to that.]


Why not use chroot or some other/better jailing mechanism for setting up and running your web development environment instead of messing around with /home? You do have your actual web server securely running in a jail, don't you?

—Posted by Sascha Brossmann on 09 Apr 2008 @ 03:36 UTC #