Tutorial

Nuevas actualizaciones y mejoras para Macfleet.
Síguenos en X.com

Aviso importante

Los ejemplos de código y scripts proporcionados en estos tutoriales son solo para propósitos educativos. Macfleet no es responsable de ningún problema, daño o vulnerabilidad de seguridad que pueda surgir del uso, modificación o implementación de estos ejemplos. Siempre revisa y prueba el código en un entorno seguro antes de usarlo en sistemas de producción.

← Todas las publicaciones

Manage Kernel Extensions on macOS

Monitor and manage kernel extensions across your MacFleet devices using command-line tools. This tutorial covers displaying loaded kexts, loading/unloading extensions, finding specific extensions, and enterprise security monitoring.

Understanding macOS Kernel Extensions

Kernel Extensions (kexts) are drivers that enable the macOS kernel to communicate with hardware devices and system components. Understanding kext management is crucial for:

  • Hardware compatibility - Device drivers and hardware communication
  • System stability - Monitoring potentially problematic extensions
  • Security assessment - Identifying unauthorized or malicious kexts
  • Compliance requirements - Enterprise security and audit trails

Key tools for kext management:

  • kextstat - Display loaded kernel extensions
  • kextload - Load kernel extensions
  • kextunload - Unload kernel extensions
  • kextfind - Find kernel extensions by criteria

Display Loaded Kernel Extensions

List All Loaded Extensions

#!/bin/bash

# Display all currently loaded kernel extensions
kextstat

echo "Kernel extensions list retrieved successfully"

Show Specific Extension Details

#!/bin/bash

# Display details of a specific kernel extension by bundle ID
BUNDLE_ID="${1:-com.apple.kpi.bsd}"

echo "Searching for kernel extension: $BUNDLE_ID"
kextstat | grep "$BUNDLE_ID"

if [[ $? -eq 0 ]]; then
    echo "Extension found and loaded"
else
    echo "Extension not found or not loaded"
fi

List Third-Party Extensions Only

#!/bin/bash

# Display only third-party (non-Apple) kernel extensions
echo "=== Third-Party Kernel Extensions ==="
echo "Device: $(hostname)"
echo "Date: $(date)"
echo "====================================="

echo -e "\n🔍 Non-Apple Kernel Extensions:"
third_party_kexts=$(kextstat | grep -v com.apple)

if [[ -n "$third_party_kexts" ]]; then
    echo "$third_party_kexts"
    echo -e "\n📊 Third-party extension count: $(echo "$third_party_kexts" | wc -l)"
else
    echo "No third-party kernel extensions detected"
fi

Comprehensive Kext Analysis

#!/bin/bash

# Detailed kernel extension analysis
echo "=== MacFleet Kernel Extension Analysis ==="
echo "Device: $(hostname)"
echo "OS Version: $(sw_vers -productVersion)"
echo "Kernel Version: $(uname -r)"
echo "Date: $(date)"
echo "=========================================="

# Total loaded extensions
total_kexts=$(kextstat | tail -n +2 | wc -l)
echo "🔧 Total loaded extensions: $total_kexts"

# Apple vs third-party breakdown
apple_kexts=$(kextstat | grep -c com.apple)
third_party_kexts=$(kextstat | grep -v com.apple | tail -n +2 | wc -l)

echo "🍎 Apple extensions: $apple_kexts"
echo "🔌 Third-party extensions: $third_party_kexts"

# Show third-party extensions if any
if [[ $third_party_kexts -gt 0 ]]; then
    echo -e "\n⚠️  Third-Party Extensions:"
    kextstat | grep -v com.apple | tail -n +2
fi

# Check for potentially suspicious extensions
echo -e "\n🔒 Security Analysis:"
suspicious_patterns=("hack" "crack" "cheat" "bypass" "inject")
for pattern in "${suspicious_patterns[@]}"; do
    suspicious=$(kextstat | grep -i "$pattern")
    if [[ -n "$suspicious" ]]; then
        echo "🚨 Suspicious extension detected: $suspicious"
    fi
done

echo "✅ Security analysis completed"

Load Kernel Extensions

Basic Extension Loading

#!/bin/bash

# Load a kernel extension by path
KEXT_PATH="${1}"

if [[ -z "$KEXT_PATH" ]]; then
    echo "Usage: $0 <path_to_kext>"
    echo "Example: $0 /System/Library/Extensions/FakeSMC.kext"
    exit 1
fi

if [[ ! -d "$KEXT_PATH" ]]; then
    echo "❌ Kernel extension not found: $KEXT_PATH"
    exit 1
fi

echo "Loading kernel extension: $KEXT_PATH"
if sudo kextload "$KEXT_PATH"; then
    echo "✅ Kernel extension loaded successfully"
else
    echo "❌ Failed to load kernel extension"
    exit 1
fi

Safe Extension Loading with Verification

#!/bin/bash

# Safely load kernel extension with verification
load_kext_safely() {
    local kext_path="$1"
    local bundle_id="$2"
    
    if [[ -z "$kext_path" ]]; then
        echo "❌ Kernel extension path required"
        return 1
    fi
    
    # Verify extension exists
    if [[ ! -d "$kext_path" ]]; then
        echo "❌ Kernel extension not found: $kext_path"
        return 1
    fi
    
    # Check if already loaded
    if [[ -n "$bundle_id" ]]; then
        if kextstat | grep -q "$bundle_id"; then
            echo "⚠️  Extension already loaded: $bundle_id"
            return 0
        fi
    fi
    
    # Validate extension
    echo "🔍 Validating kernel extension..."
    if ! kextutil -t "$kext_path" 2>/dev/null; then
        echo "❌ Extension validation failed"
        return 1
    fi
    
    # Load the extension
    echo "📦 Loading kernel extension: $kext_path"
    if sudo kextload "$kext_path"; then
        echo "✅ Kernel extension loaded successfully"
        
        # Verify it's actually loaded
        if [[ -n "$bundle_id" ]]; then
            sleep 1
            if kextstat | grep -q "$bundle_id"; then
                echo "✅ Extension verified as loaded"
            else
                echo "⚠️  Extension load status unclear"
            fi
        fi
        
        return 0
    else
        echo "❌ Failed to load kernel extension"
        return 1
    fi
}

# Example usage
# load_kext_safely "/System/Library/Extensions/FakeSMC.kext" "com.apple.driver.FakeSMC"

Enterprise Extension Loading

#!/bin/bash

# Enterprise kernel extension loading with logging
LOG_FILE="/var/log/macfleet_kext_operations.log"

# Logging function
log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

load_enterprise_kext() {
    local kext_path="$1"
    local description="$2"
    
    log_action "=== Kernel Extension Load Operation ==="
    log_action "Device: $(hostname)"
    log_action "User: $(whoami)"
    log_action "Extension: $kext_path"
    log_action "Description: ${description:-No description provided}"
    
    # Pre-load checks
    if [[ ! -d "$kext_path" ]]; then
        log_action "ERROR: Extension not found at path: $kext_path"
        return 1
    fi
    
    # Check current system state
    local pre_count=$(kextstat | tail -n +2 | wc -l)
    log_action "Pre-load extension count: $pre_count"
    
    # Attempt to load
    log_action "Attempting to load extension..."
    if sudo kextload "$kext_path" 2>&1 | tee -a "$LOG_FILE"; then
        local post_count=$(kextstat | tail -n +2 | wc -l)
        log_action "SUCCESS: Extension loaded"
        log_action "Post-load extension count: $post_count"
        
        # Generate load report
        {
            echo "MacFleet Kernel Extension Load Report"
            echo "Time: $(date)"
            echo "Extension: $kext_path"
            echo "Status: SUCCESS"
            echo "Pre-load count: $pre_count"
            echo "Post-load count: $post_count"
        } >> "$LOG_FILE"
        
        return 0
    else
        log_action "ERROR: Failed to load extension"
        return 1
    fi
}

# Usage: load_enterprise_kext "/path/to/extension.kext" "Description"

Unload Kernel Extensions

Basic Extension Unloading

#!/bin/bash

# Unload kernel extension by path
KEXT_PATH="${1}"

if [[ -z "$KEXT_PATH" ]]; then
    echo "Usage: $0 <path_to_kext>"
    echo "Example: $0 /System/Library/Extensions/FakeSMC.kext"
    exit 1
fi

echo "Unloading kernel extension: $KEXT_PATH"
if sudo kextunload "$KEXT_PATH"; then
    echo "✅ Kernel extension unloaded successfully"
else
    echo "❌ Failed to unload kernel extension"
    exit 1
fi

Unload by Bundle ID

#!/bin/bash

# Unload kernel extension by bundle identifier
BUNDLE_ID="${1}"

if [[ -z "$BUNDLE_ID" ]]; then
    echo "Usage: $0 <bundle_id>"
    echo "Example: $0 com.apple.driver.FakeSMC"
    exit 1
fi

# Check if extension is loaded
if ! kextstat | grep -q "$BUNDLE_ID"; then
    echo "⚠️  Extension not currently loaded: $BUNDLE_ID"
    exit 0
fi

echo "Unloading kernel extension: $BUNDLE_ID"
if sudo kextunload -b "$BUNDLE_ID"; then
    echo "✅ Kernel extension unloaded successfully"
    
    # Verify unload
    sleep 1
    if ! kextstat | grep -q "$BUNDLE_ID"; then
        echo "✅ Extension confirmed unloaded"
    else
        echo "⚠️  Extension may still be loaded"
    fi
else
    echo "❌ Failed to unload kernel extension"
    exit 1
fi

Safe Extension Unloading

#!/bin/bash

# Safely unload kernel extensions with dependency checking
unload_kext_safely() {
    local bundle_id="$1"
    local force_unload="${2:-false}"
    
    if [[ -z "$bundle_id" ]]; then
        echo "❌ Bundle ID required"
        return 1
    fi
    
    # Check if extension is loaded
    if ! kextstat | grep -q "$bundle_id"; then
        echo "ℹ️  Extension not loaded: $bundle_id"
        return 0
    fi
    
    # Check for Apple extensions (warn but allow)
    if [[ "$bundle_id" == com.apple.* ]]; then
        echo "⚠️  WARNING: Attempting to unload Apple system extension"
        echo "This may cause system instability"
        
        if [[ "$force_unload" != "true" ]]; then
            echo "❌ Aborting unload of Apple extension (use force_unload=true to override)"
            return 1
        fi
    fi
    
    # Show extension info before unload
    echo "🔍 Extension information:"
    kextstat | grep "$bundle_id"
    
    # Attempt unload
    echo "📤 Unloading extension: $bundle_id"
    if sudo kextunload -b "$bundle_id"; then
        echo "✅ Extension unloaded successfully"
        
        # Verify unload
        sleep 2
        if ! kextstat | grep -q "$bundle_id"; then
            echo "✅ Extension confirmed unloaded"
            return 0
        else
            echo "⚠️  Extension still appears to be loaded"
            return 1
        fi
    else
        echo "❌ Failed to unload extension"
        return 1
    fi
}

# Example usage
# unload_kext_safely "com.third.party.driver"
# unload_kext_safely "com.apple.driver.something" "true"  # Force Apple extension

Find Kernel Extensions

Find by Bundle ID

#!/bin/bash

# Find kernel extensions by bundle ID
BUNDLE_ID="${1}"

if [[ -z "$BUNDLE_ID" ]]; then
    echo "Usage: $0 <bundle_id>"
    echo "Example: $0 com.apple.driver.AppleHDA"
    exit 1
fi

echo "Searching for kernel extension: $BUNDLE_ID"
kextfind -b "$BUNDLE_ID"

# Also check if it's currently loaded
echo -e "\nLoad status:"
if kextstat | grep -q "$BUNDLE_ID"; then
    echo "✅ Extension is currently loaded"
    kextstat | grep "$BUNDLE_ID"
else
    echo "❌ Extension is not currently loaded"
fi

Comprehensive Extension Search

#!/bin/bash

# Comprehensive kernel extension search and analysis
search_kext_comprehensive() {
    local search_term="$1"
    
    if [[ -z "$search_term" ]]; then
        echo "Usage: search_kext_comprehensive <search_term>"
        return 1
    fi
    
    echo "=== Comprehensive Kernel Extension Search ==="
    echo "Search term: $search_term"
    echo "Device: $(hostname)"
    echo "Date: $(date)"
    echo "============================================="
    
    # Search by bundle ID
    echo -e "\n🔍 Searching by bundle ID:"
    local found_by_bundle=$(kextfind -b "*$search_term*" 2>/dev/null)
    if [[ -n "$found_by_bundle" ]]; then
        echo "$found_by_bundle"
    else
        echo "No extensions found matching bundle ID pattern"
    fi
    
    # Search loaded extensions
    echo -e "\n📋 Checking loaded extensions:"
    local loaded_matches=$(kextstat | grep -i "$search_term")
    if [[ -n "$loaded_matches" ]]; then
        echo "Found in loaded extensions:"
        echo "$loaded_matches"
    else
        echo "No loaded extensions match search term"
    fi
    
    # Search filesystem
    echo -e "\n💾 Searching filesystem:"
    echo "System extensions directory:"
    find /System/Library/Extensions -name "*$search_term*" -type d 2>/dev/null | head -10
    
    echo -e "\nLibrary extensions directory:"
    find /Library/Extensions -name "*$search_term*" -type d 2>/dev/null | head -10
    
    echo -e "\n✅ Search completed"
}

# Example usage
# search_kext_comprehensive "bluetooth"
# search_kext_comprehensive "audio"

Find Extensions by Pattern

#!/bin/bash

# Find kernel extensions matching various patterns
echo "=== Kernel Extension Pattern Search ==="

# Audio-related extensions
echo -e "\n🔊 Audio Extensions:"
kextstat | grep -i -E "(audio|sound|hda)"

# Network-related extensions
echo -e "\n🌐 Network Extensions:"
kextstat | grep -i -E "(network|wifi|ethernet|bluetooth)"

# Graphics-related extensions
echo -e "\n🖥️  Graphics Extensions:"
kextstat | grep -i -E "(graphics|display|amd|nvidia|intel)"

# USB-related extensions
echo -e "\n🔌 USB Extensions:"
kextstat | grep -i -E "(usb|port)"

# Security-related extensions
echo -e "\n🔒 Security Extensions:"
kextstat | grep -i -E "(security|firewall|antivirus)"

# Virtualization extensions
echo -e "\n☁️  Virtualization Extensions:"
kextstat | grep -i -E "(vmware|parallels|virtual|hypervisor)"

Enterprise Kernel Extension Monitoring

Security Monitoring Script

#!/bin/bash

# Enterprise kernel extension security monitoring
LOG_FILE="/var/log/macfleet_kext_security.log"
ALERT_FILE="/var/log/macfleet_kext_alerts.log"

# Logging function
log_security() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

# Alert function
send_alert() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - ALERT: $1" | tee -a "$ALERT_FILE"
}

# Security assessment
assess_kext_security() {
    log_security "=== Kernel Extension Security Assessment ==="
    log_security "Device: $(hostname)"
    log_security "OS Version: $(sw_vers -productVersion)"
    
    # Count extensions
    local total_kexts=$(kextstat | tail -n +2 | wc -l)
    local apple_kexts=$(kextstat | grep -c com.apple)
    local third_party=$(kextstat | grep -v com.apple | tail -n +2 | wc -l)
    
    log_security "Total extensions: $total_kexts"
    log_security "Apple extensions: $apple_kexts"
    log_security "Third-party extensions: $third_party"
    
    # Alert on high third-party count
    if [[ $third_party -gt 5 ]]; then
        send_alert "High number of third-party extensions: $third_party"
    fi
    
    # Check for suspicious extensions
    local suspicious_keywords=("hack" "crack" "cheat" "bypass" "inject" "hook" "patch")
    for keyword in "${suspicious_keywords[@]}"; do
        local matches=$(kextstat | grep -i "$keyword")
        if [[ -n "$matches" ]]; then
            send_alert "Suspicious extension detected ($keyword): $matches"
        fi
    done
    
    # Check for unsigned extensions
    echo -e "\n🔍 Checking extension signatures..."
    kextstat | grep -v com.apple | tail -n +2 | while read line; do
        local bundle_id=$(echo "$line" | awk '{print $6}')
        if [[ -n "$bundle_id" ]]; then
            # This is a simplified check - in reality, you'd want more sophisticated signature verification
            log_security "Third-party extension: $bundle_id"
        fi
    done
    
    log_security "Security assessment completed"
}

# Generate security report
generate_security_report() {
    local report_file="/tmp/kext_security_report_$(date +%Y%m%d_%H%M%S).txt"
    
    {
        echo "MacFleet Kernel Extension Security Report"
        echo "Generated: $(date)"
        echo "Device: $(hostname)"
        echo "OS Version: $(sw_vers -productVersion)"
        echo "========================================"
        echo ""
        
        echo "📊 Extension Statistics:"
        echo "Total loaded: $(kextstat | tail -n +2 | wc -l)"
        echo "Apple extensions: $(kextstat | grep -c com.apple)"
        echo "Third-party: $(kextstat | grep -v com.apple | tail -n +2 | wc -l)"
        echo ""
        
        echo "🔍 Third-Party Extensions:"
        kextstat | grep -v com.apple | tail -n +2
        echo ""
        
        echo "🔒 Security Recommendations:"
        local third_party_count=$(kextstat | grep -v com.apple | tail -n +2 | wc -l)
        if [[ $third_party_count -eq 0 ]]; then
            echo "✅ No third-party extensions detected"
        else
            echo "⚠️  Review all third-party extensions for necessity"
            echo "⚠️  Verify digital signatures and sources"
            echo "⚠️  Consider removing unused extensions"
        fi
        
    } > "$report_file"
    
    echo "📋 Security report generated: $report_file"
}

# Main security monitoring
main() {
    assess_kext_security
    generate_security_report
}

# Execute monitoring
main "$@"

Extension Change Monitoring

#!/bin/bash

# Monitor kernel extension changes over time
BASELINE_FILE="/var/lib/macfleet/kext_baseline.txt"
CHANGES_LOG="/var/log/macfleet_kext_changes.log"

# Create directories if needed
sudo mkdir -p "$(dirname "$BASELINE_FILE")"
sudo mkdir -p "$(dirname "$CHANGES_LOG")"

# Logging function
log_change() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | sudo tee -a "$CHANGES_LOG"
}

# Create or update baseline
create_baseline() {
    echo "📋 Creating kernel extension baseline..."
    kextstat > "$BASELINE_FILE"
    log_change "Baseline created with $(kextstat | tail -n +2 | wc -l) extensions"
}

# Check for changes
check_changes() {
    if [[ ! -f "$BASELINE_FILE" ]]; then
        echo "⚠️  No baseline found, creating one..."
        create_baseline
        return
    fi
    
    local current_file="/tmp/kext_current_$(date +%Y%m%d_%H%M%S).txt"
    kextstat > "$current_file"
    
    # Compare with baseline
    local changes=$(diff "$BASELINE_FILE" "$current_file")
    
    if [[ -n "$changes" ]]; then
        log_change "Kernel extension changes detected:"
        echo "$changes" | sudo tee -a "$CHANGES_LOG"
        
        # Analyze changes
        local added=$(echo "$changes" | grep "^>" | wc -l)
        local removed=$(echo "$changes" | grep "^<" | wc -l)
        
        log_change "Extensions added: $added"
        log_change "Extensions removed: $removed"
        
        echo "🔄 Changes detected - check $CHANGES_LOG for details"
    else
        echo "✅ No changes detected since baseline"
    fi
    
    # Clean up
    rm -f "$current_file"
}

# Usage
case "${1:-check}" in
    "baseline")
        create_baseline
        ;;
    "check")
        check_changes
        ;;
    *)
        echo "Usage: $0 [baseline|check]"
        ;;
esac

Kernel Extension Reference

Common Extension Categories

CategoryBundle ID PatternPurpose
Audiocom.apple.driver.*HDA*Audio hardware drivers
Graphicscom.apple.driver.*Graphics*Display and GPU drivers
Networkcom.apple.driver.*Ethernet*Network interface drivers
USBcom.apple.driver.*USB*USB device support
Storagecom.apple.driver.*Storage*Disk and storage drivers
Bluetoothcom.apple.driver.*Bluetooth*Bluetooth connectivity
Securitycom.apple.security.*Security frameworks

Command Reference

# List all loaded extensions
kextstat

# List with specific columns
kextstat -l

# Find extension by bundle ID
kextfind -b com.apple.driver.AppleHDA

# Load extension
sudo kextload /path/to/extension.kext

# Unload by path
sudo kextunload /path/to/extension.kext

# Unload by bundle ID
sudo kextunload -b com.example.driver

# Test extension without loading
kextutil -t /path/to/extension.kext

# Show extension dependencies
kextutil -d /path/to/extension.kext

Important Security Notes

  • Apple Extensions - Generally safe but unloading may cause instability
  • Third-party Extensions - Require careful security assessment
  • Unsigned Extensions - Potential security risk, audit carefully
  • Administrative Privileges - Loading/unloading requires sudo access
  • System Impact - Extension changes can affect system stability
  • Recovery Mode - May be needed if system becomes unstable

Troubleshooting

Common Issues

Extension Won't Load:

# Check extension validity
kextutil -t /path/to/extension.kext

# Check system logs
log show --predicate 'subsystem == "com.apple.kernel"' --last 1h

Extension Won't Unload:

# Check dependencies
kextutil -d /path/to/extension.kext

# Force unload (dangerous)
sudo kextunload -b bundle.id -f

Permission Denied:

# Ensure admin privileges
sudo -v

# Check System Integrity Protection
csrutil status

Remember to test kernel extension operations on individual devices before deploying across your MacFleet environment, as improper kext management can cause system instability.

Tutorial

Nuevas actualizaciones y mejoras para Macfleet.
Síguenos en X.com

Configurando un Runner de GitHub Actions en un Mac Mini (Apple Silicon)

Runner de GitHub Actions

GitHub Actions es una plataforma poderosa de CI/CD que te permite automatizar tus flujos de trabajo de desarrollo de software. Aunque GitHub ofrece runners hospedados, los runners auto-hospedados proporcionan mayor control y personalización para tu configuración de CI/CD. Este tutorial te guía a través de la configuración y conexión de un runner auto-hospedado en un Mac mini para ejecutar pipelines de macOS.

Prerrequisitos

Antes de comenzar, asegúrate de tener:

  • Un Mac mini (regístrate en Macfleet)
  • Un repositorio de GitHub con derechos de administrador
  • Un gestor de paquetes instalado (preferiblemente Homebrew)
  • Git instalado en tu sistema

Paso 1: Crear una Cuenta de Usuario Dedicada

Primero, crea una cuenta de usuario dedicada para el runner de GitHub Actions:

# Crear la cuenta de usuario 'gh-runner'
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Establecer la contraseña para el usuario
sudo dscl . -passwd /Users/gh-runner tu_contraseña

# Agregar 'gh-runner' al grupo 'admin'
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Cambia a la nueva cuenta de usuario:

su gh-runner

Paso 2: Instalar Software Requerido

Instala Git y Rosetta 2 (si usas Apple Silicon):

# Instalar Git si no está ya instalado
brew install git

# Instalar Rosetta 2 para Macs Apple Silicon
softwareupdate --install-rosetta

Paso 3: Configurar el Runner de GitHub Actions

  1. Ve a tu repositorio de GitHub
  2. Navega a Configuración > Actions > Runners

Runner de GitHub Actions

  1. Haz clic en "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
  2. Selecciona macOS como imagen del runner y ARM64 como arquitectura
  3. Sigue los comandos proporcionados para descargar y configurar el runner

Runner de GitHub Actions

Crea un archivo .env en el directorio _work del runner:

# archivo _work/.env
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer
  1. Ejecuta el script run.sh en tu directorio del runner para completar la configuración.
  2. Verifica que el runner esté activo y escuchando trabajos en la terminal y revisa la configuración del repositorio de GitHub para la asociación del runner y el estado Idle.

Runner de GitHub Actions

Paso 4: Configurar Sudoers (Opcional)

Si tus acciones requieren privilegios de root, configura el archivo sudoers:

sudo visudo

Agrega la siguiente línea:

gh-runner ALL=(ALL) NOPASSWD: ALL

Paso 5: Usar el Runner en Flujos de Trabajo

Configura tu flujo de trabajo de GitHub Actions para usar el runner auto-hospedado:

name: Flujo de trabajo de muestra

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: Instalar NodeJS
        run: brew install node

El runner está autenticado en tu repositorio y etiquetado con self-hosted, macOS, y ARM64. Úsalo en tus flujos de trabajo especificando estas etiquetas en el campo runs-on:

runs-on: [self-hosted, macOS, ARM64]

Mejores Prácticas

  • Mantén tu software del runner actualizado
  • Monitorea regularmente los logs del runner para problemas
  • Usa etiquetas específicas para diferentes tipos de runners
  • Implementa medidas de seguridad apropiadas
  • Considera usar múltiples runners para balanceo de carga

Solución de Problemas

Problemas comunes y soluciones:

  1. Runner no conectando:

    • Verifica conectividad de red
    • Verifica validez del token de GitHub
    • Asegúrate de permisos apropiados

  2. Fallas de construcción:

    • Verifica instalación de Xcode
    • Verifica dependencias requeridas
    • Revisa logs del flujo de trabajo

  3. Problemas de permisos:

    • Verifica permisos de usuario
    • Verifica configuración de sudoers
    • Revisa permisos del sistema de archivos

Conclusión

Ahora tienes un runner auto-hospedado de GitHub Actions configurado en tu Mac mini. Esta configuración te proporciona más control sobre tu entorno de CI/CD y te permite ejecutar flujos de trabajo específicos de macOS de manera eficiente.

Recuerda mantener regularmente tu runner y mantenerlo actualizado con los últimos parches de seguridad y versiones de software.

Aplicación Nativa

Aplicación nativa de Macfleet

Guía de Instalación de Macfleet

Macfleet es una solución poderosa de gestión de flota diseñada específicamente para entornos de Mac Mini alojados en la nube. Como proveedor de hosting en la nube de Mac Mini, puedes usar Macfleet para monitorear, gestionar y optimizar toda tu flota de instancias Mac virtualizadas.

Esta guía de instalación te llevará a través de la configuración del monitoreo de Macfleet en sistemas macOS, Windows y Linux para asegurar una supervisión integral de tu infraestructura en la nube.

🍎 macOS

  • Descarga el archivo .dmg para Mac aquí
  • Haz doble clic en el archivo .dmg descargado
  • Arrastra la aplicación Macfleet a la carpeta Aplicaciones
  • Expulsa el archivo .dmg
  • Abre Preferencias del Sistema > Seguridad y Privacidad
    • Pestaña Privacidad > Accesibilidad
    • Marca Macfleet para permitir el monitoreo
  • Inicia Macfleet desde Aplicaciones
  • El seguimiento comienza automáticamente

🪟 Windows

  • Descarga el archivo .exe para Windows aquí
  • Haz clic derecho en el archivo .exe > "Ejecutar como administrador"
  • Sigue el asistente de instalación
  • Acepta los términos y condiciones
  • Permite en Windows Defender si se solicita
  • Concede permisos de monitoreo de aplicaciones
  • Inicia Macfleet desde el Menú Inicio
  • La aplicación comienza el seguimiento automáticamente

🐧 Linux

  • Descarga el paquete .deb (Ubuntu/Debian) o .rpm (CentOS/RHEL) aquí
  • Instala usando tu gestor de paquetes
    • Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
    • CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
  • Permite permisos de acceso X11 si se solicita
  • Agrega el usuario a los grupos apropiados si es necesario
  • Inicia Macfleet desde el menú de Aplicaciones
  • La aplicación comienza el seguimiento automáticamente

Nota: Después de la instalación en todos los sistemas, inicia sesión con tus credenciales de Macfleet para sincronizar datos con tu panel de control.