|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# 安装配置 Node Version Manager,用来管理安装使用特定版本 $ git clone https://github.com/nvm-sh/nvm.git $ cd nvm $ bash install.sh # 刷新环境变量,使得设置生效 $ source ~/.bashrc $ nvm install 12.16.2 $ nvm use 12.16.2 |
分类: macOS
Mac是苹果自1984年起以“Macintosh”开始的个人消费型计算机,如:iMac、Mac mini、Macbook air、Macbook pro、Mac pro等计算机。使用独立的Mac os系统,最新的OS X系列基于NeXT系统开发,不支持兼容。是一套完备而独立的生态系统。
NSURLProtocol -- DNS劫持和Web资源本地化
什么是DNS劫持
DNS劫持就是通过劫持了DNS服务器,通过某些手段取得某域名的解析记录控制权,进而修改此域名的解析结果,导致对该域名的访问由原IP地址转入到修改后的指定IP,其结果就是对特定的网址不能访问或访问的是假网址,从而实现窃取资料或者破坏原有正常服务的目的。
常见的DNS劫持现象网络运营商向网页中注入了Javascript代码,甚至直接将我们的网页请求转发到他们自己的广告页面或者通过自己的DNS服务器将用户请求的域名指向到非法地址
如何解决DNS被劫持
全站使用HTTPS协议,或者采用HttpDNS,通过HTTP向自建的DNS服务器或者安全的DNS服务器发送域名解析请求,然后根据解析结果设置客户端的Host指向,从而绕过网络运营商的DNS解析服务。
本文的解决方案
客户端对WebView的html请求进行DNS解析。优先使用阿里、腾讯、114等公共安全的DNS服务器解析客户端的所有指定域名的http请求。相对来讲我们自己的服务域名变化较少,对此我们做了一个白名单,把凡是访问包含我们公司域名的请求都必须通过白名单的解析和DNS验证。从而杜绝被劫持的情况出现,这时候NSURLProtocol就派上用场了。
NSURLProtocol
这是一个抽象类,所以在oc中只能通过继承来重写父类的方法。
|
1 2 |
@interface XRKURLProtocol : NSURLProtocol @end |
然后在AppDelegate的 application:didFinishLaunchingWithOptions: 方法或者程序首次请求网络数据之前去注册这个NSURLProtocol的子类
|
1 2 3 |
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { [NSURLProtocol registerClass:[XRKURLProtocol class]]; } |
注册了自定义的urlProtocol子类后,之后每一个http请求都会先经过该类过滤并且通过+canInitWithRequest:这个方法返回一个布尔值告诉系统该请求是否需要处理,返回Yes才能进行后续处理。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
+ (BOOL)canInitWithRequest:(NSURLRequest *)request { if ([NSURLProtocol propertyForKey:URLProtocolHandledKey inRequest:request]) { return NO; } //http和https都会出现dns劫持情况,都需要处理 NSString *scheme = [[request URL] scheme]; if (([scheme caseInsensitiveCompare:@"http"] == NSOrderedSame)) { // 判断请求是否为白名单 NSArray *whiteLists = [XRKConfigManager sharedManager].whiteList; if (whiteLists && [whiteLists isKindOfClass:[NSArray class]]) { for (NSString *url in whiteLists) { if (request.URL.host && [request.URL.host hasSuffix:url]) { return YES; } } } } return NO; } |
+canonicalRequestForRequest:这个父类的抽象方法子类必须实现。
|
1 2 3 |
+ (NSURLRequest *)canonicalRequestForRequest:(NSURLRequest *)request { return request; } |
以下是官方对这个方法的解释。当我们想对某个请求添加请求头或者返回新的请求时,可以在这个方法里自定义然后返回,一般情况下直接返回参数里的NSURLRequest实例即可。
It is up to each concrete protocol implementation to define what “canonical” means. A protocol should guarantee that the same input request always yields the same canonical form.
+requestIsCacheEquivalent:toRquest:这个方法能够判断当拦截URL相同时是否使用缓存数据,以下例子是直接返回父类实现。
|
1 2 3 |
+ (BOOL)requestIsCacheEquivalent:(NSURLRequest *)a toRequest:(NSURLRequest *)b { return [super requestIsCacheEquivalent:a toRequest:b]; } |
-startLoading和-stopLoading两个方法分别告诉NSURLProtocol实现开始和取消请求的处理。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
- (void)startLoading { NSMutableURLRequest *mutableReqeust = [[self request] mutableCopy]; //打标签,防止无限循环 [NSURLProtocol setProperty:@YES forKey:URLProtocolHandledKey inRequest:mutableReqeust]; // dns解析 NSMutableURLRequest *request = [self.class replaceHostInRequset:mutableReqeust]; self.connection = [NSURLConnection connectionWithRequest:request delegate:self]; } + (NSMutableURLRequest *)replaceHostInRequset:(NSMutableURLRequest *)request { if ([request.URL host].length == 0) { return request; } NSString *originUrlString = [request.URL absoluteString]; NSString *originHostString = [request.URL host]; NSRange hostRange = [originUrlString rangeOfString:originHostString]; if (hostRange.location == NSNotFound) { return request; } //用HappyDNS 替换host NSMutableArray *array = [NSMutableArray array]; /// 第一dns解析为114,第二解析才是系统dns [array addObject:[[QNResolver alloc] initWithAddress:@"114.114.115.115"]]; [array addObject:[QNResolver systemResolver]]; QNDnsManager *dnsManager = [[QNDnsManager alloc] init:array networkInfo:[QNNetworkInfo normal]]; NSArray *queryArray = [dnsManager query:originHostString]; if (queryArray && queryArray.count > 0) { NSString *ip = queryArray[0]; if (ip && ip.length) { // 替换host NSString *urlString = [originUrlString stringByReplacingCharactersInRange:hostRange withString:ip]; NSURL *url = [NSURL URLWithString:urlString]; request.URL = url; [request setValue:originHostString forHTTPHeaderField:@"Host"]; } } return request; } |
|
1 2 3 |
- (void)stopLoading { [self.connection cancel]; } |
由于我们在-startLoading中新建了一个NSURLConnection实例,因此要实现NSURLConnectionDelegate的委托方法。
|
1 2 3 4 5 6 7 8 9 10 11 12 |
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response { [self.client URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageNotAllowed]; } - (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data { [self.client URLProtocol:self didLoadData:data]; } - (void)connectionDidFinishLoading:(NSURLConnection *)connection { [self.client URLProtocolDidFinishLoading:self]; } - (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error { [self.client URLProtocol:self didFailWithError:error]; } |
至此,通过NSURLProtocol和QNDnsManager(七牛DNS解析开源库)可以解决DNS劫持问题。但是NSURLProtocol还有更多的用途,以下是本文第二个内容:webView上web请求的资源本地化。
Web资源本地化
这里只举一个简单的示例,同样是在上述NSURLProtocol的子类的-startLoading方法里
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
- (void)startLoading { NSMutableURLRequest *mutableReqeust = [[self request] mutableCopy]; // 处理MIME type NSString *mimeType = nil; mutableReqeust = [self.class replaceLocalSource:mutableReqeust]; NSString *pathComponent = mutableReqeust.URL.absoluteString.lastPathComponent; if ([pathComponent hasSuffix:@"js"]) { mimeType = @"text/javascript"; } else if ([pathComponent hasSuffix:@"css"]) { mimeType = @"text/css"; } if (mimeType) { NSData *data = [NSData dataWithContentsOfFile:mutableReqeust.URL.absoluteString]; NSURLResponse *response = [[NSURLResponse alloc] initWithURL:[[self request] URL] MIMEType:mimeType expectedContentLength:[data length] textEncodingName:@"UTF8"]; [[self client] URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageNotAllowed]; [[self client] URLProtocol:self didLoadData:data]; [[self client] URLProtocolDidFinishLoading:self]; } } #pragma mark - 判断是否是本地资源 + (BOOL)canReplaceLocalSource:(NSURLRequest *)request { NSString *absoluteString = request.URL.absoluteString; for (NSString *localSourceurl in [self localSourceArray]) { if ([absoluteString isEqualToString:localSourceurl]) { return YES; } } return NO; } |
OS X EI Capitan curl: (22) The requested URL returned error: 403 [[[!!! BREAKING CHANGE !!!]]] Support for clients that do not support Server Name Indication is temporarily disabled and will be permanently deprecated soon.
最近在OS X EI Capitan系统上执行升级工作的时候,发生错误,内容如下:
|
1 2 3 4 5 6 7 8 9 10 11 |
$ brew upgrade cmake ==> Upgrading 1 outdated package: cmake 3.17.3 -> 3.20.3 ==> Upgrading cmake 3.17.3 -> 3.20.3 ==> Downloading https://www.bytereef.org/contrib/decimal.diff Already downloaded: /Users/longsky/Library/Caches/Homebrew/downloads/f60b5004541eb3c87cce87ef3bf94933a2684ab267346afdc45ae1622ffa923a--decimal.diff ==> Downloading https://files.pythonhosted.org/packages/f6/e9/19af16328705915233299f6f1f02db95899fb00c75ac9da4757aa1e5d1de/setuptools-56.0.0.t curl: (22) The requested URL returned error: 403 [[[!!! BREAKING CHANGE !!!]]] Support for clients that do not support Server Name Indication is temporarily disabled and will be permanently deprecated soon. See https://status.python.org/incidents/hzmjhqsdjqgb and ht Error: Failed to download resource "python@3.9--setuptools" Download failed: https://files.pythonhosted.org/packages/f6/e9/19af16328705915233299f6f1f02db95899fb00c75ac9da4757aa1e5d1de/setuptools-56.0.0.tar.gz |
排查了很久,发现是以前为了修复 解决macOS系统curl报告https证书不正确(curl: (60) SSL certificate problem: Invalid certificate chain)问题而配置了curl忽略安全配置信息导致的,如下:
|
1 2 |
$ cat .curlrc --insecure |
移除这个配置项目即可解决问题。
参考链接
禁止macOS系统产生.DS_Store文件的方法
Mac经常会产生 .DS_Store 的隐藏文件,虽然在 Mac 上看不到,但是有时用了人家的 U 盘或把 U 盘拿到 Windows 系统上用,就会看到。
.DS_Store 是 Mac OS 保存文件夹的自定义属性的隐藏文件,如文件的图标位置或背景色,相当于Windows 的 desktop.ini。
- 禁止 .DS_Store 生成:
打开 “终端” ,复制黏贴下面的命令,回车执行,重启Mac即可生效。1$ defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE - 恢复 .DS_Store 生成:
1$ defaults delete com.apple.desktopservices DSDontWriteNetworkStores
参考链接
解决GitHub的raw.githubusercontent.com无法连接问题
https://site.ip138.com/raw.Githubusercontent.com/
输入raw.githubusercontent.com
查询IP地址
修改hosts Ubuntu,CentOS及macOS直接在终端输入
|
1 |
$ sudo vi /etc/hosts |
添加以下内容保存即可 (IP地址查询后相应修改,可以ping不同IP的延时 选择最佳IP地址)
# GitHub Start
52.74.223.119 github.com
192.30.253.119 gist.github.com
54.169.195.247 api.github.com
185.199.111.153 assets-cdn.github.com
199.232.96.133 raw.githubusercontent.com
#151.101.76.133 raw.githubusercontent.com
151.101.108.133 user-images.githubusercontent.com
151.101.76.133 gist.githubusercontent.com
151.101.76.133 cloud.githubusercontent.com
151.101.76.133 camo.githubusercontent.com
151.101.76.133 avatars0.githubusercontent.com
151.101.76.133 avatars1.githubusercontent.com
151.101.76.133 avatars2.githubusercontent.com
151.101.76.133 avatars3.githubusercontent.com
151.101.76.133 avatars4.githubusercontent.com
151.101.76.133 avatars5.githubusercontent.com
151.101.76.133 avatars6.githubusercontent.com
151.101.76.133 avatars7.githubusercontent.com
151.101.76.133 avatars8.githubusercontent.com
# GitHub End
参考链接
Error: Your CLT does not support macOS 11.0.
最近系统升级到macOS Big Sur(11.0.1)之后,系统报告如下错误:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$ brew upgrade ........................................... ==> Upgrading 5 outdated packages: tomcat 9.0.39 -> 9.0.40 gradle 6.7 -> 6.7.1 opencv 4.5.0_3 -> 4.5.0_4 vtk 9.0.1_1 -> 9.0.1_2 imagemagick 7.0.10-38 -> 7.0.10-39 ==> Upgrading tomcat 9.0.39 -> 9.0.40 ==> Downloading https://www.apache.org/dyn/closer.lua?path=tomcat/tomcat-9/v9.0. ==> Downloading from https://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.40/bi ######################################################################## 100.0% Error: Your CLT does not support macOS 11.0. It is either outdated or was modified. Please update your CLT or delete it if no updates are available. Error: An exception occurred within a child process: SystemExit: exit |
解决方案如下:
|
1 2 3 |
$ sudo rm -rf /Library/Developer/CommandLineTools $ sudo xcode-select --install |
参考链接
AX88179 USB网卡无法在macOS Big Sur(11.0.1)系统上正常使用
Background
Last year, we wrote that older macOS drivers, known as System Extensions (KEXTs), would begin to be deprecated as of the macOS 10.15 Catalina release. This week, as macOS 11 Big Sur is released, KEXTs have officially been deprecated and are no longer functional.
Instead, Apple is now enforcing the requirement for devices that require third-party drivers to operate as DriverKit Extensions (DEXTs). This change affects many products across the consumer electronics industry, including Docking Stations, USB peripherals, Security/Anti-Virus software, and Networking adapters.
Luckily, most platform vendors and integrated circuit (IC) manufacturers have been prepared for this change and began working on their DEXT implementation after Apple released pertinent documentation at their WWDC (World Wide Developer Conference) in June 2019.
Unfortunately, some vendors could not begin their full transition from KEXT to DEXT until this year. Not all pertinent DriverKit documentation was released at the 2019 event as expected, but, instead, was released at WWDC 2020 in June. Specifically, for Plugable and many other brands, this applies to ASIX-based USB Ethernet Adapters like our USB3-E1000, USBC-E1000, USB2-E1000, and USB2-E100, which we wrote about here for the release of macOS 10.15 Catalina:
https://plugable.com/2019/10/04/usb-ethernet-adapter-not-working-after-macos-catalina-10-15-update-we-can-help/
Current Status for ASIX-based Ethernet Adapters [Novemeber 13, 2020]
We began removing macOS support from our most popular wired network adapters (USB3-E1000 and USBC-E1000) in October 2019. We saw the continued potential for a poor or broken user experience with ASIX-based adapters on macOS and could not in good conscience market the adapters as fully compatible in the long-term as long as ASIX was unwilling to commit to continued development and support of their ICs on macOS.
We have continued to push ASIX for a DEXT beta driver to validate and test internally in the past year. Unfortunately, ASIX has been unable to deliver this solution as requested in anticipation of this significant macOS milestone. We expect a Beta driver from ASIX by the end of November for AX88179 products like the USB3-E1000 and USBC-E1000. Once the driver is validated, we will update this blog post and product driver pages with links to download the driver.
If a wired Ethernet connection is critical to your workflow, Plugable recommends not updating to macOS 11 Big Sur from macOS 10.15 Catalina.
At this time, Plugable is unable to provide a DEXT driver for the following products:
USB3-E1000 IC: AX88179
USBC-E1000 IC: AX88179
USB2-E1000 IC: AX88178 (ASIX has discontinued the IC in this product, and they have not committed to a compatible driver for macOS 11 Big Sur)
The USB2-E100 IC: AX88772 ASIX-based product continues to function, utilizing the in-box drivers in macOS.
We understand this news can be frustrating for our customers and is a situation we have been working to avoid for over one year. We will update this blog post as new information is available to us.
While we cannot promise a functional DEXT driver at any point in the future, if you would like to be notified of that news should it occur, please sign-up on the form below, and we will email everyone as soon as it is available.
macOS 10.15.7运行JNLP文件
系统升级到macOS 10.15.7之后,发现JNLP文件无法打开了,默认的Java被切换到OpenJDK了。
但是根据官方说明,从Java 1.8开始,OpenJDK已经默认不携带Java Web Start功能了,这些功能被限定为Oracle JRE专有的功能。因此默认的javaws已经无法找到了。
Java Web Start (JWS) was deprecated in Java 9, and starting with Java 11, Oracle removed JWS from their JDK distributions. This means that clients that have the latest version of Java installed can no longer use JWS-based applications. And since public support of Java 8 has ended in Q2/2019, companies no longer get any updates and security fixes for Java Web Start.
解决方法有两个,一个是使用 OpenWebStart 来打开JNLP文件,可惜的是,目前功能不够完善,很多应用无法正常运行,比如HP Gen8的集成远程控制台系统的Java Web Start。
另一个是使用 Orocle JRE 来打开JNLP文件,目前这个功能是比较好用的,就是需要注册账号才能下载。
参考连接
macOS Catalina(10.15.6)双网卡同时连内外网
单位为了安全,需要使用网线连接内网,此时不能连接外网,无线可以连接外网,却又不能完成部分在内网才能完成的操作。
修改无线网卡的优先级,使之大于有线网卡
macOS Catalina(10.15.6)文件大量变动后mds/mds_stores/mdworker引发系统卡顿
最近在执行bash gradlew clean build之后,macOS Catalina(10.15.6)系统处于长时间的卡顿状态。尽管已经编译结束了,依旧要持续非常长的一段时间才能恢复顺畅。
在执行top命令之后,发现进程mds,mds_stores 持续维持在高负荷运行状态,基本上把CPU跟磁盘IO全部占用。
网上搜索了一下,这两个服务是macOS Catalina(10.15.6)系统的索引服务,由于编译过程中瞬间删除,又重新产生大量的临时文件,数量在几万个,大小达到若干GB。索引服务尝试对这些文件进行索引,引起极大的系统开销。
解决方法就是临时或者永久关闭索引服务
|
1 |
$ sudo mdutil -a -i off |
重新打开的话,执行
|
1 |
$ sudo mdutil -a -i on |