A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.
Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub: https://mikemcquaid.com/2016/06/15/replacing-boxen/
Mike transitioned the Strap project to a static site in 2024 in order to focus on Workbrew, which among other things, features its own bootstrapping tool. UMass Transportation Services is maintaining a fork of the dynamic version of Strap primarily for internal use.
- Enables
sudo
using TouchID - Disables Java in Safari (for better security)
- Enables the macOS screensaver password immediately (for better security)
- Enables the macOS application firewall (for better security)
- Adds a
Found this computer?
message to the login screen (for machine recovery) - Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
- Installs the Xcode Command Line Tools (for compilers and Unix tools)
- Agree to the Xcode license (for using compilers without prompts)
- Installs Homebrew (for installing command-line software)
- Installs Homebrew Bundle (for
bundler
-likeBrewfile
support) - Installs Homebrew Services (for managing Homebrew-installed services)
- Installs Homebrew Cask (for installing graphical software)
- Installs the latest macOS software updates (for better security)
- Installs dotfiles from a user's
https://github.com/username/dotfiles
repository. If they exist and are executable: runsscript/setup
to configure the dotfiles andscript/strap-after-setup
after setting up everything else. - Installs software from a user's
Brewfile
in theirhttps://github.com/username/homebrew-brewfile
repository or.Brewfile
in their home directory. - A simple web application to set Git's name, email and GitHub token (needs authorised on any organisations you wish to access)
- Idempotent
- Enabling any network services by default (instead enable them when needed)
- Installing Homebrew formulae by default for everyone in an organisation (install them with
Brewfile
s in project repositories instead of mandating formulae for the whole organisation), though we do cheat on this one a little - Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
- Disabling security features (these are a minimal set of best practises)
- Add phone number to security screen message (want to avoid prompting users for information on installation)
Open https://strap.umasstransit.it/ in your web browser.
Instead, to run Strap locally run:
git clone https://github.com/umts/strap
cd strap
bash bin/strap.sh # or bash bin/strap.sh --debug for more debugging output
Instead, to run the web application locally run:
git clone https://github.com/umts/strap
cd strap
./script/bootstrap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server
GITHUB_KEY
: the GitHub.com Application Client ID.GITHUB_SECRET
: the GitHub.com Application Client Secret.SESSION_SECRET
: the secret used for cookie session storage.WEB_CONCURRENCY
: the number of Puma (web server) threads to run (defaults to 3).STRAP_ISSUES_URL
: the URL where users should file issues (defaults to no URL).STRAP_BEFORE_INSTALL
: instructions displayed in the web application for users to follow before installing Strap (wrapped in<li>
tags).CUSTOM_HOMEBREW_TAP
: an optional Homebrew tap to install withbrew tap
. Specify multiple arguments to brew tap by separating values with spaces.CUSTOM_BREW_COMMAND
: a singlebrew
command that is run after all other stages have completed.
Work on this project is primarily for UMTS internal use. Pull requests may be accepted, though.
Licensed under the MIT License. The full license text is available in LICENSE.txt.