All Things macOS

Fermilab macOS support

For more details about FNAL macOS support, see this KB article:

Version Supported? End-of-life
10.14 Mojave YES --
10.13 High Sierra YES --
10.12 Sierra YES --
10.11 El Capitan NO 01 Nov. 2018
10.10 Yosemite NO 10 Nov. 2017
10.09 Mavericks NO 01 Dec. 2016
10.08 Mountain Lion NO 14 Dec. 2015
10.07 Lion NO 12 Jan. 2015
<10.6 Snow Leopard NO

SSH configurations

Here are some known working SSH configurations for various versions of macOS. These configurations should go into the file located at ~/.ssh/config. If the file doesn't exist, create it.

macOS 10.13 (High Sierra)

Host *
ForwardX11 yes
ForwardX11Trusted yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
StrictHostKeyChecking no
PasswordAuthentication no

macOS 10.12 (Sierra)

Host *
ForwardX11 yes
ForwardX11Trusted yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
StrictHostKeyChecking no
PasswordAuthentication no

macOS 10.11 (El Capitan)

Host *
ForwardX11 yes
ForwardX11Trusted yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
GSSAPITrustDns yes
StrictHostKeyChecking no
PasswordAuthentication no


Full instructions can be found here:

On a fresh installation of macOS, you will need to configure Kerberos to connect to FNAL. The process is easy:

1. Download the krb5 configuration file here (you must be on the FNAL network or connected by VPN):
2. Copy that file to the following location on your mac (you will need sudo privileges): /etc/krb5.conf
3. Confirm that the following file does not exist (if it does, delete it): /Library/Preferences/
4. Test that it works by attempting to Kerberize yourself: kinit -f <PRINCIPAL>

Setting Up A Development Environment

If you're new to the mac world or you're starting off with a fresh machine, there's a few things you'll want to install to get your system ready for development work: Xcode (the IDE and build-related tools for the Apple ecosystem), and the Developer Command Line Tools. Here's how to get them:

1. Open the app store application, search for "xcode" and click install. You will need an Apple account to download things from the app store, so be sure to create one if you don't have one yet.
2. Wait for Xcode to download. It is quite large, so the download might take a while.

Developer Command Line Tools
1. Open a terminal and enter the following command: xcode-select --install
2. Follow any prompts/instructions

Now you should have various compilers and libraries and other cool stuff (e.g SVN) on your system and ready to use.

NB To build the code that links to ups products on OS X 10.11 or later you need to disable the SIP (System Integrity Protection) following these instructions.

Using Xcode for development of code

Adam Lyon of g-2 has provided instructions for setting up Xcode for development with mrb which provides a lot of useful features such as
  1. Ability to navigate the source code using identifiers similar to what is done in doxygen
  2. Integrated interface to the repository
  3. Ability to run the OS X debugger

While working through Adam's instructions, you may skip the Download Configuration step at the bottom of slide 5, and may also skip slide 6 completely.

If you are using Xcode v6 or higher, you need to adjust the instructions on slide 15 for added the documentation target. Instead of clicking on the "+" sign in the lower left corner of the window, go to the "Editor" drop down menu and choose "Add Target..." option. On slide 19 use the shell script attached to this page instead of the g-2 specific one that is referenced in the slides. The rest of the instructions can be followed without change.

When debugging, it is helpful to setup novasoft in a separate terminal from the one that launched Xcode.


The default behavior of Xcode 7 (and higher) is to build in a sterilized environment, ignoring previously-set environmental variables like ${MRB_BUILD}. You will need to disable this behavior in order to build your Xcode NOvASoft project. To do this, execute the following command in your terminal window:

defaults write UseSanitizedBuildSystemEnvironment -bool NO

Package Management

macOS does not have a built-in command line package manager, but there is a widely-used third-party package manager called Homebrew. Note: You must have Xcode and the Developer Command Line Tools installed for Homebrew to work (see the section above)

To install Homebrew, follow the instructions here: It's pretty easy, just do this at a terminal prompt:

/usr/bin/ruby -e "$(curl -fsSL" 

Homebrew packages are called "formulas", and the build process it invokes is called "brewing". Homebrew is accessed through the `brew` command. Some common incantations from the command line include:

brew list                   # show all currently-installed formulae
brew search                 # search for a formula
brew info                   # get detailed info, including dependencies and special usage notes.
brew install <formula>      # install a formula
brew reinstall <forumula>   # self-explanator, I think.
brew update                 # update the list of formula (this does not upgrade any software, just checks for available upgrades)
brew outdated               # returns a list of installed formulae for which there exists a newer version
brew upgrade                # upgrade all formulae for which a newer version exists
brew upgrade <formula>      # upgrade a specific formula
brew tap <keg>              # tap a particular keg

Some formulae that you find via brew search will not be in the "core" repository. The Homebrew nomenclature for a repository is "keg". So the trick to get at formulae from other kegs is to "tap" that particular keg. Here's an example of how you would tap the brewsci/bio keg (which contains matplotlib):

brew tap brewsci/bio

Now you will be able to brew install any formulae available from that keg.

More details are available here at Homebrew's FAQ page:

Potentially useful formulae (packages)

install with brew install <name>

formula name description
ack Search tool like grep, but optimized for programmers
boost Collection of portable C++ source libraries
boost-python C++ library for C++/Python2 interoperability
cmake Cross-platform make
colordiff Color-highlighted diff(1) output
cvs Version control system
emacs GNU Emacs text editor
fzf Command-line fuzzy finder written in Go
gcc GNU compiler collection
gdb GNU debugger
geant4 Simulation toolkit for particle transport through matter
git Distributed revision control system
gnuplot Command-driven, interactive function plotting
hdf5 File format designed to store large amounts of data
htop Improved top (interactive process viewer)
imagemagick Tools and libraries to manipulate images in many formats
jupyter Interactive environments for writing and running code
matplotlib Python 2D plotting library
numpy Package for scientific computing with Python
pandoc Swiss-army knife of markup format conversion
python3 Interpreted, interactive, object-oriented programming language
r Software environment for statistical computing
root6 Object oriented framework for large scale data analysis
scipy Software for mathematics, science, and engineering
tldr Simplified and community-driven man pages
tmux Terminal multiplexer
tree Display directories as trees (with optional color/HTML output)
valgrind Dynamic analysis tools (memory, debug, profiling)
vim Vi 'workalike' with many additional features
wget Internet file retriever
xrootd High performance, scalable, fault-tolerant access to data
zsh UNIX shell (command interpreter)


There are two main distributions of TeX for mac: MacTeX and BasicTeX. This page gives a wonderful explanation of them with instructions on how to install:

Setting up VOMS to use SAM with xrootd

Here are step by step instructions for setting VOMS up on OS X. These instructions work for High Sierra, and may work for other versions of OS X.

  1. Download the bundle of certificates from CILogin:
  2. Un-tar the file and double click on all the *.pem files
  3. Open the Keychain Access app and find the certificate files you just clicked on. Right click on each of the certificates from within Keychain Access and select "Get Info" from the resulting menu. Expand the "Trust" menu and select the "Always Trust" option under "When using this certificate:".
  4. Get the voms package using Homebrew.
     brew install voms 
  5. Download the latest stable version of the Globus Toolkit and use the package installer to install it.
  6. Download the necessary vomses and grid-security files, voms.tar Copy the vomses file into /etc and the grid-security directory into /etc/ and /usr/local/etc
  7. Download and un-tar the pki.tgz Move the resulting directory to /etc. You will need to do this using su, ie
     sudo -s mv pki /etc 
  8. Download and un-tar the cigetcertlibs.tar.bz2 in a directory that is in your path eg /usr/local
  9. Run
     /path/to/cigetcertlibs/python/ -i "Fermi National Accelerator Laboratory" 
    NB change "/path/to" to the location where you installed the cigetcertlibs
  10. Run
     voms-proxy-init -hours 24 --rfc --voms=fermilab:/fermilab/nova/Role=Analysis --noregen 
    voms-proxy-init which should be in your path at this point.
  11. Make a function in your .bash_profile to set up the voms for you, ie
     /usr/local/cigetcertlibs/python/ -i "Fermi National Accelerator Laboratory"   
     voms-proxy-init -hours 24 --rfc --voms=fermilab:/fermilab/nova/Role=Analysis --noregen #--cert /tmp/x509up_u502 --key /tmp/x509up_u502
     export X509_USER_PROXY=/tmp/x509up_u`id -u`
  12. Download and un-tar the sam_web_client.tar.bz2 in your products area (not localProducts)
     bunzip2 sam_web_client.tar.bz2 
  13. setup samweb by doing
     setup sam_web_client v3_0 

NB ignore these warnings, they appear to be unimportant

WARNING: VOMS AC validation for VO fermilab failed for the following reasons:
         LSC validation failed: LSC chain description does not match AA certificate chain embedded in the VOMS AC!
         AC signature verification failure: no valid VOMS server credential found.
WARNING: proxy lifetime limited to issuing credential lifetime.

Helpful Tips & Tricks

Terminal emulation

macOS has a built-in terminal emulator called "Terminal." Some people like this application, but there is a more popular alternative out there with a lot more bells and whistles called "iTerm2". You can download it here:

Useful Links

  • macOS Setup Guide - This is an excellent guide to setting up a mac for development (geared towards web development, but overlaps a lot with us). Many of the things covered in this Wiki are also covered there.
  • Homebrew package manager - Official Homebrew site
  • Mac at Fermilab Fermilab ServiceNow page for mac-related information