was working through some other issues with packer and sonoma today and found this. not sure if it changed recently but the template as delivered disables full admin disk access contrary to the comment in the code. seems now if you simply enable remote login it is checked by default. in our own setup i just removed the lines after the remote login enable. I have to check ventura later today as well.

# Navigate to "Remote Login" and enable it "<wait10s><tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><spacebar>", # Open "Remote Login" details "<wait10s><tab><spacebar>", # Enable "Full Disk Access" "<wait10s><tab><spacebar>", # Click "Done" "<wait10s><leftShiftOn><tab><leftShiftOff><leftShiftOn><tab><leftShiftOff><spacebar>",

quick update, i reran with the lastest ventura IPSW and template and by default it still works; ventura still does not check full disk access by default. So sonoma changed this behavior i guess.

Interesting. Will check it on 14.3 once it's out. 14.2.1 now has a regression cirruslabs/tart#687 (comment)

Thanks for reporting!

Apple just release 14.3. I checked and it seems full disk access is not enabled by default. So it seems we should keep it for now.

@fkorotkov not sure what is going on here but FYI saw the same issue in pipelines today with the full disk access under remote login being checked on by default and getting disabled by the packer script actions.

we use the IPSW plugin that pulls whatever the latest version is for a major release - in our case Sonoma so I thought something was up there but it does not appear to be the case as i confirmed the vm was running 14.3

I then used the tart --create-from ipsw manually on a machine using this url: "https://updates.cdn-apple.com/2024WinterFCS/fullrestores/042-78241/B45074EB-2891-4C05-BCA4-7463F3AC0982/UniversalMac_14.3_23D56_Restore.ipsw"

Went through all the setup steps manually when running the new vm and it too had full disk access checked on when I went to the settings under remote login.

I checked and it seems full disk access is not enabled by default.

I've just checked and it was enabled for me by default after enabling the Remote Login.

How did you verify this? 🤔

Interesting! When running locally without the change it was selected and now not. Not sure what I did wrong. Let me remove it for sonoma.

we use the IPSW plugin that pulls whatever the latest version is for a major release

Would that be https://github.com/torarnv/packer-plugin-ipsw, or is there another plugin for this?

we use the IPSW plugin that pulls whatever the latest version is for a major release

Would that be https://github.com/torarnv/packer-plugin-ipsw, or is there another plugin for this?

Correct, yes the one you wrote. :)

Cool, you're the first person I hear of to use it besides me :)

Cool, you're the first person I hear of to use it besides me :)

what?! Really... That seems odd to me as I have seen a decent amount of Tart users here and elsewhere.

Our setup is simple but I would think it would be common. Prior to this plugin would have to manually edit the packer HCL with the long IPSW download link to trigger a build which meant looking it up, etc. Kind of a pain and also not fully automated.

We generate a new image monthly mostly to keep the OS up to date and pull in security updates as well as ensure we catch any other breaking items etc. Scheduled in gitlab never have to edit it unless we are adding new packages etc.

Thanks for the plugin it is very valuable!