Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidu64sv663fdhzdr2ofjnxcfgpfjxhcawgnldms7u3hidwzkkfhtq",
    "commit": {
      "cid": "bafyreigcw5xijyvjaw2utzos3il3nhtksjchyh4kqreutuz7kxlmz3nqum",
      "rev": "3mmifl3fund2y"
    },
    "uri": "at://did:plc:5g2hkj2od4zr3tlpb2su364e/app.bsky.feed.post/3mmifl3fiwd2y",
    "validationStatus": "valid"
  },
  "content": {
    "$type": "pub.lemma.blog.entry",
    "content": "If you have an iPhone, iPad, Apple Watch, AirPods, Apple TV, and an Apple Studio Display there's a good chance you also have a Mac. And this setup works really well for a lot of people.\n\nBut for some, there might be times when you also need a Linux machine. Maybe you need an NVIDIA GPU and CUDA libraries for some machine learning work. Or compile something for amd64 because that's the architecture of the server where it will run and you want to test it locally and as close as possible to the production environment. Or maybe you just think a Linux desktop is fun and you enjoy learning about how computers work.\n\nIf this is you, you'll need Linux to play nice with the entire Apple ecosystem so you can stay productive. Specifically, you want:\n\n- iCloud - Access to your photos, notes, Apple Numbers spreadsheets, Find My, etc.\n- Apple Studio Display - You need to use it with your Linux machine as easily as with your Mac at full 5K resolution, with at least basic features of the display's camera, microphones, and speakers working.\n- Biometrics - You unlock your Mac with Touch ID or by just wearing your Apple Watch and you want a similar feature to unlock your Linux machine with your fingerprint so you don't have to enter your password every time.\n\nFor this guide we'll use **Ubuntu 25.10** from Canonical. Specifically, the **Kubuntu** variant for reasons detailed below. I chose it because it supports my Apple Studio Display at full 5K resolution via Thunderbolt and includes the correct driver required by my NVIDIA GeForce RTX 5070 Ti Laptop GPU. I've also had a very good experience with Ubuntu on my Raspberry Pi cluster running Canonical's MicroK8s and it even supports `cloud-init` on Raspberry Pi. Just like the Apple ecosystem has made my personal life very productive and easy to organize on multiple devices, Canonical has done the same for my technical projects.\n\nA difference you may or may not care about is that Ubuntu comes with an \"App Store\" that features Snaps and Kubuntu does the same for Flatpaks. They are both sandboxing solutions for apps and while you get one by default you can always install the other if you want.\n\nThe only disadvantage is that the Kubuntu installer is not great with high-DPI screens so the text is extremely tiny and almost impossible to read but I found a solution: If you try the live version first and then click on the installer icon on the desktop it sets the scaling properly and you can now see all the text in a normal size. And you get a very clean installation with only what you need (no GNOME, just KDE), especially if you select a minimal installation. Don't forget to select the option to encrypt the drive at install time. It's easy to miss and doing a full drive encryption after installation is a lot more complicated.\n\n## NVIDIA GPUs\n\nUbuntu Desktop has many variants but these are the 2 main ones:\n- Ubuntu - GNOME desktop with the Wayland windowing system and GDM display manager. Starting with version 25.10 you can no longer add X11.\n- Kubuntu - KDE Plasma with Wayland and SDDM. You can also install X11.\n\nIf you have an NVIDIA GPU you need X11 to allow apps to use the discrete GPU instead of the integrated one. On Wayland this offloading is not suported yet so the only one that ends up using the NVIDIA GPU is the GNOME Shell itself, not apps like the browser.\n\nSo I went with a Kubuntu 25.10 minimal installation which defaults to Wayland and then added X11 with:\n```sh\nsudo apt install plasma-session-x11\n```\n\nThen you just need to open the Discover store and install the \"Software and Updates\" app to select the correct NVIDIA driver which for my GPU is the open kernel proprietary tested driver.\n\nThis way all apps use the NVIDIA GPU.\n\n```sh\nsudo /usr/bin/prime-select nvidia\n```\nRestart and select Plasma X11 at login. If your external display is not recognized properly, reboot again. I once had to set it as the main display and reboot to fix an issue.\n\n## iCloud\n\nApple doesn't have native iCloud apps for Linux but it does have web versions for them. While there is a community Snap called iCloud it's just a wrapper for the web version so we'll do it a little differently.\n\niCloud web apps are built to work with WebKit-based browsers like Safari. Luckily there's Web (from the GNOME project), also known by its code name Epiphany. You don't need to be on GNOME to use it, it works on KDE too. It uses the same rendering engine as Safari so you can actually work on your Apple Numbers spreadsheets and they'll look great.\n\n```sh\nsudo apt install epiphany-browser\n```\n\nI like having iCloud on my list of Apps for 1-click access. Download your favorite [icon](https://icons8.com/icons/set/icloud) to use and store it somewhere like your Pictures folder.\n\n```sh\nEXEC=\"epiphany-browser https://www.icloud.com/\"\nICON=/home/YOUR_USER/Pictures/icons8-icloud-100.png\n\ncat << EOF > ~/.local/share/applications/icloud.desktop\n[Desktop Entry]\nName=iCloud\nComment=iCloud\nExec=${EXEC}\nIcon=${ICON}\nTerminal=false\nType=Application\nCategories=Office;\nEOF\n```\n\nWhen you click on the app launcher you'll see iCloud. You can pin it to your dock for easy access.\n\n## Apple Studio Display\n\nOn KDE Wayland the Apple Display brightness will match the one on your built-in display but something you'll notice on GNOME Wayland or in KDE X11 is that even though your display is recognized and works at full 5K resolution, you can't adjust the brightness. Let's fix that.\n\nInstall the Rust toolchain so we can build a very nice open source utility for controlling an Apple display's brightness with a graphical slider widget.\n\n```sh\nsudo apt-get install -y build-essential\nsudo apt install libgirepository1.0-dev libglib2.0-dev libgtk-4-dev libcairo2-dev libgraphene-1.0-dev libpango1.0-dev\n\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n. \"$HOME/.cargo/env\"\n\ngit clone git@github.com:sznowicki/asdcontrol-gnome.git\ncd asdcontrol-gnome\n\ncargo build --release\n```\n\nFor Apple Studio Display (27\", 2022)\n\n```sh\nsudo tee /etc/udev/rules.d/50-apple-studio.rules <<EOF\nKERNEL==\"hiddev*\", ATTRS{idVendor}==\"05ac\", ATTRS{idProduct}==\"1114\", GROUP=\"users\", OWNER=\"root\", MODE=\"0660\"\nEOF\n```\n\nFor Apple Pro XDR Display (32\", 2019)\n\n```sh\nsudo tee /etc/udev/rules.d/50-apple-xdr.rules <<EOF\nKERNEL==\"hiddev*\", ATTRS{idVendor}==\"05ac\", ATTRS{idProduct}==\"9243\", GROUP=\"users\", OWNER=\"root\", MODE=\"0660\"\nEOF\n```\n\nLet's create an App [icon](https://icons8.com/icons/set/apple-studio-display) for 1-click access so we don't have to run it from the terminal.\n\n```sh\nEXEC=/your/path/to/asdcontrol-gnome/target/release/asdcontrol-gnome\nICON=/your/path/to/icons8-studio-display-100.png\n\ncat << EOF > ~/.local/share/applications/apple-studio-display.desktop\n[Desktop Entry]\nName=Apple Studio Display Brightness\nComment=Studio Display Brightness\nExec=${EXEC}\nIcon=${ICON}\nTerminal=false\nType=Application\nCategories=Graphics;\nEOF\n```\n\nYou'll now see the icon in your list of Apps and you can pin it to the dock. It works on both GNOME and KDE.\n\nNote: On X11 I had to run it with `sudo`. If this is your case go to the app launcher, search for *Apple Studio Display*, right-click on it, and select *Edit Application*. This opens the KDE Menu Editor. Go to *Advanced*, *Run as a different user* and type `root`. Make sure the right icon is selected and click *Save*. If you set up a fingerprint reader for `sudo` access as explained here you won't even have to type your password when you open it, just use your fingerprint.  \n\nExample:\n```sh\nsudo ~/asdcontrol-gnome/target/release/asdcontrol-gnome\n```\n\n## Fingerprint reader\n\nThis one's not specific to the Apple ecosystem but a way to keep a quality-of-life feature you're used to having on your Mac. My Linux laptop doesn't have a fingerprint reader so I got a USB one.\n\nNotes:\n1. If your disk is encrypted with a passphrase you'll still need the passphrase to decrypt it.\n2. Logging in with your fingerprint instead of your password means GNOME Keyring or KDE Wallet (more details below) will no longer unlock your user keyring automatically at login. So the first time you open an app that has a password stored in a keyring it will ask for your password (just once).\n\n### Keyrings/Wallets\n\nThese are Linux security features that apps use to store things like encrypted passwords, keys and certificates. They unlock with your login password by default. It's similar to the macOS Keychain.\n\nIf you don't want to enter your login password the first time you open an app that has stored a password in GNOME Keyring or KDE Wallet after logging in with your fingerprint, you could:  \n- Disable the feature (don't). For GNOME Keyring you can use the Passwords and Keys app to change its password to a blank one. For KDE Wallet you can disable the KDE Wallet subsystem on the settings app. I do **NOT** recommend you do this as it has security implications or you may need to log into your apps constantly. \n- Keep it as is (recommended). You'll keep the security benefits and you'll still only need to enter your password once after opening an app that has stored a password on GNOME Keyring or KDE Wallet to unlock it.\n\n### Set up the reader\n\nThe easiest way to register your fingerprints on Linux is with any Chromium-based browser like Chrome or Brave.\n\n1. On the browser address bar go to chrome://settings/securityKeys ( or brave://settings/securityKeys)\n2. Create a PIN\n3. Add fingerprints\n\n\n### Set up auth\n\n```sh\nsudo apt install u2f-host libpam-u2f\n```\n```sh\nsudo nano /etc/pam.d/common-auth\n```\nAdd the following before the line that has `auth` and `pam_unix.so`:\n```sh\nauth sufficient pam_u2f.so\n```\n\n### Set up `sudo` access:\n```sh\nsudo nano /etc/pam.d/sudo\n```\nAdd the following line after `@include common-auth` or before it if you only want this for `sudo`.\n```sh\nauth sufficient pam_u2f.so\n```\n\nThen register your key:\n```sh\nmkdir -p ~/.config/Yubico\npamu2fcfg > ~/.config/Yubico/u2f_keys\n```\n\nThe reader will blink to ask for your fingerprint and turn green once accepted.\n\nTest it with:\n```sh\nsudo -k\nsudo whoami\n```\n\n### Set up login screen access\n\nCheck what display manager you're using\n```sh\nsystemctl status display-manager\n```\nEdit the corresponding file from `/etc/pam.d/`:    \nFor GDM (GNOME on Ubuntu) edit `gdm-password`  \nFor SSDM (KDE on Ubuntu) edit `sddm`  \nFor LightDM (Mint) edit `lightdm`  \n\nAdd this before `@include common-auth`:\n```sh\nauth    sufficient      pam_u2f.so\n```\n\nNow you can start your login session and authorize `sudo` commands with your fingerprint instead of your password!"
  },
  "path": "/3m4tty7ewus2k",
  "publishedAt": "2025-11-05T01:01:16.935Z",
  "site": "at://did:plc:5g2hkj2od4zr3tlpb2su364e/site.standard.publication/3mmhg6ulmlszy",
  "title": "Make Linux work with the Apple ecosystem",
  "updatedAt": "2026-05-23T02:27:13.164Z"
}