From f5802e7592e8973d0e1a3b63b296315388a061bf Mon Sep 17 00:00:00 2001
From: Jacob Vallejo <jakeev@amazon.com>
Date: Wed, 8 Oct 2025 14:50:27 -0700
Subject: [PATCH 1/2] feat: test configuration during build

Signed-off-by: Jacob Vallejo <jakeev@amazon.com>
---
 configuration/init_toml_check_test.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 configuration/init_toml_check_test.go

diff --git a/configuration/init_toml_check_test.go b/configuration/init_toml_check_test.go
new file mode 100644
index 0000000..b4cf728
--- /dev/null
+++ b/configuration/init_toml_check_test.go
@@ -0,0 +1,24 @@
+package main_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aws/ec2-macos-init/lib/ec2macosinit"
+)
+
+// Load and test the current copy of init.toml to ensure it remains
+// loadable and valid for use in packaging.
+
+func TestConfiguration_initTOML(t *testing.T) {
+	var loadedConfig ec2macosinit.InitConfig
+
+	loadErr := loadedConfig.ReadConfig("./init.toml")
+	assert.NoError(t, loadErr, "should be able to load config file")
+	require.NotEmpty(t, loadedConfig.Modules, "should have modules configured")
+
+	validateErr := loadedConfig.ValidateAndIdentify()
+	assert.NoError(t, validateErr, "should have valid modules")
+}

From a98f12e03a599fdd34b45d66068d377f8bbd1e14 Mon Sep 17 00:00:00 2001
From: Jacob Vallejo <jakeev@amazon.com>
Date: Wed, 8 Oct 2025 14:54:35 -0700
Subject: [PATCH 2/2] tune: stop setting defaults with init modules

EC2 Mac images bake these values into the image now and existing
systems will already have the settings applied even if updated to the
new configuration file (assuming they've booted at least once, eg: to
run a brew-update or equivalent).

There isn't an inherent issue with configuring preferences at boot,
however these particular settings for SoftwareUpdate are
inconsistently persisting when applying at boot. These preferences are
now set during image build time and persisted in the images, so init
no longer needs to do the needful.

Signed-off-by: Jacob Vallejo <jakeev@amazon.com>
---
 configuration/init.toml | 31 +++----------------------------
 1 file changed, 3 insertions(+), 28 deletions(-)

diff --git a/configuration/init.toml b/configuration/init.toml
index e226eec..f98aec6 100644
--- a/configuration/init.toml
+++ b/configuration/init.toml
@@ -1,4 +1,4 @@
-# Default EC2 macOS Init init.toml config for mac1.metal instances
+# Default EC2 macOS Init init.toml config
 
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 #
@@ -36,7 +36,7 @@
         Cmd = ["/bin/zsh", "-c", "diskutil list internal physical | egrep -o '^/dev/disk\\d+' | xargs diskutil eject || true"]
 
 ### Group 2 ###
-## The only task in the first group is to make sure the network is up.  Some of the subsequent actions require
+## The only task in this group is to make sure the network is up.  Some of the subsequent actions require
 ## a connection to IMDS and will fail if this check doesn't pass.
 
 # Checks that the network is up
@@ -49,7 +49,7 @@
         PingCount = 3 # Three attempts
 
 ### Group 3 ###
-## The second group has many actions that can be run in parallel including:
+## This group has many actions that can be run in parallel including:
 ##   1. Optimize kernel and networking parameters
 ##   2. Disable auto-update
 ##   3. Apply suggested SSHD security settings
@@ -86,31 +86,6 @@
             value = "net.inet.tcp.recvspace=1048576"
         [[Module.SystemConfig.Sysctl]]
             value = "net.link.generic.system.rcvq_maxlen=1024"
-        [[Module.SystemConfig.Defaults]]
-            plist = "/Library/Preferences/com.apple.SoftwareUpdate.plist"
-            parameter = "AutomaticallyInstallMacOSUpdates"
-            type = "bool"
-            value = "false"
-        [[Module.SystemConfig.Defaults]]
-            plist = "/Library/Preferences/com.apple.SoftwareUpdate.plist"
-            parameter = "AutomaticCheckEnabled"
-            type = "bool"
-            value = "false"
-        [[Module.SystemConfig.Defaults]]
-            plist = "/Library/Preferences/com.apple.SoftwareUpdate.plist"
-            parameter = "AutomaticDownload"
-            type = "bool"
-            value = "false"
-        [[Module.SystemConfig.Defaults]]
-            plist = "/Library/Preferences/com.apple.SoftwareUpdate.plist"
-            parameter = "CriticalUpdateInstall"
-            type = "bool"
-            value = "false"
-        [[Module.SystemConfig.Defaults]]
-            plist = "/Library/Preferences/com.apple.SoftwareUpdate.plist"
-            parameter = "ConfigDataInstall"
-            type = "bool"
-            value = "false"
 
 # Apply secure settings to SSHD on every boot
 # To manage ssh_config separately, disable this module