Archive

Archive for the ‘Mac OS X’ Category

Oracle’s Java 8 Update 40 has been updated again to …. Java 8 Update 40

March 16, 2015 7 comments

Oracle has released a new update for Java 8, but has continued their recent trend of not bumping the version number. Oracle has put out a new build of Java 8 but didn’t bump the version number from Java 8 Update 40, which makes this the third release of Java 8 Update 40.

At this point, it appears that Oracle is now providing the install application across the board. When you update an existing Java installation on OS X via Oracle’s Java update mechanism, you will receive Oracle’s install application for Java along with the selected option to install the Ask.com browser add-ons. If you download an installer from Java.com, you will also receive this install application.

Screen Shot 2015-03-16 at 3.47.54 PM

Screen Shot 2015-03-13 at 4.03.52 PM

Screen Shot 2015-03-13 at 3.57.05 PM

While the Oracle install application is not a standard installer package, it appears that Oracle had stored an installer package for Java 8 within the install application at the following location:

/path/to/install.app/Contents/Resources/JavaAppletPlugin.pkg


Screen Shot 2015-03-16 at 3.48.18 PM

The JavaAppletPlugin installer package is digitally-signed and does not include the Ask.com browser add-ons.

Screen Shot 2015-03-16 at 3.48.27 PM

The difference between the three Java 8 Update 40 releases

Early March’s Java 8 Update 40 (released on March 4, 2015): Java 8 Update 40 build 25 (1.8.40.25)

Mid-March’s Java 8 Update 40 (released on March 13, 2015): Java 8 Update 40 build 26 (1.8.40.26)

Just-Past-Mid-March’s Java 8 Update 40 (released on March 16, 2015): Java 8 Update 40 build 27 (1.8.40.27)

If you have Java 8 Update 40 installed, you can find out which build you have by running the following command in Terminal:

defaults read /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Info.plist CFBundleVersion

If you have Java 8 Update 40 build 25, the following string will be returned:

1.8.40.25

Screen Shot 2015-03-13 at 3.47.40 PM

If you have Java 8 Update 40 build 26, the following string will be returned:

1.8.40.26

Screen Shot 2015-03-13 at 4.06.45 PM

If you have Java 8 Update 40 build 27, the following string will be returned:

1.8.40.27

Screen Shot 2015-03-16 at 3.51.16 PM

For more details, see below the jump.

Read more…

Oracle’s Java 8 Update 40 has been updated to …. Java 8 Update 40

March 13, 2015 1 comment

Oracle has released a new update for Java 8, but this update has an interesting wrinkle. Oracle has put out a new build of Java 8, but didn’t bump the version number from Java 8 Update 40. So folks who have the previous version of Java 8 Update 40 installed may receive a message to update to Java 8 Update 40 from their current version, which will also be Java 8 Update 40.

For those thinking this sounds familiar, Oracle did the same thing with Java 8 Update 31 in February.

java_8_update_40

The difference between the two Java 8 Update 40 releases

Early March’s Java 8 Update 40 (released on March 3, 2015): Java 8 Update 40 build 25 (1.8.40.25)

Mid-March’s Java 8 Update 40 (released on March 12, 2015): Java 8 Update 40 build 26 (1.8.40.26)

If you have Java 8 Update 40 installed, you can find out which build you have by running the following command in Terminal:

defaults read /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Info.plist CFBundleVersion

If you have Java 8 Update 40 build 25, the following string will be returned:

1.8.40.25

Screen Shot 2015-03-13 at 3.47.40 PM

If you have Java 8 Update 40 build 26, the following string will be returned:

1.8.40.26

Screen Shot 2015-03-13 at 4.06.45 PM

Following installation of Java 8 Update 40 build 26, I tested on a 10.10.2 Mac against the following sites:

Oracle’s Java Test page: https://www.java.com/en/download/help/testvm.xml

Screen Shot 2015-03-13 at 4.10.06 PM

Java Tester’s Java Version page: http://javatester.org/version.html

Screen Shot 2015-03-13 at 4.09.53 PM

In both cases, the Java applets on those sites launched and worked without issue using Java 8 Update 40 build 26 (though the javatester.org applet needed to be whitelisted.)

To make things even more confusing, Oracle is providing a different installer for its update feed than it’s providing at the Java.com download site. When you update an existing Java installation on OS X via Oracle’s Java update mechanism, you will receive Oracle’s install application for Java along with the selected option to install the Ask.com browser add-ons.

Screen Shot 2015-03-13 at 4.05.41 PM

Screen Shot 2015-03-13 at 4.03.52 PM

Screen Shot 2015-03-13 at 3.57.05 PM

If you download an installer from Java.com, you will receive a standard digitally-signed installer package which does not include the Ask.com browser add-ons.

Screen Shot 2015-03-13 at 3.56.36 PM

Screen Shot 2015-03-12 at 7.10.42 AM

Unfortunately, Oracle has not provided any information about why these differences in installation methods exist. To make sure you’re installing Java 8 Update 40 without the Ask.com browser add-ons, I would currently recommend downloading the installer package available via the Java.com download site.

Deploying a pre-configured Junos Pulse VPN client on OS X

March 13, 2015 1 comment

My shop recently made the change from using Juniper Network‘s Network Connect VPN client to using Juniper’s Junos Pulse VPN client. As part of the changeover, I wanted to provide an installer for our folks to use which would install both the Junos Pulse software and the configuration needed to connect to our VPN.

Fortunately, Juniper made the process of creating and importing the necessary configuration fairly straightforward. My VPN admin provided me with a copy of the needed .jnprpreconfig config file from our VPN server and I could use Pulse’s jamCommand application to import it. Once I had both the .jnprpreconfig config file and a copy of the Junos Pulse installer, I was able to create an installer using this method that handled both the installation and the automated configuration of the Junos Pulse VPN client. For more details, see below the jump.

Read more…

Fixing mach_kernel file visibility using Casper

March 11, 2015 3 comments

Following the release of Security Update 2015-002, it became apparent that the usually-hidden /mach_kernel file was now visible via the Finder. The mach_kernel file file is important to OS X and is stored on the root level of the hard drive on most versions of OS X (OS X 10.10.x has moved the mach_kernel file out of the root level of the Mac’s boot drive.)

To help fix this issue, Apple has made a KBase article available showing how to re-hide the /mach_kernel file using the chflags command.

As part of a post describing the problem, Tim Sutton has written a script to identify and fix the issue by using the ls command to check for the hidden attribute and then using the chflags command to re-hide the /mach_kernel file as needed. I’ve adapted Tim’s script for use in my own shop to have Casper find and fix this issue. For more details, see below the jump.

Read more…

MacJREInstaller and Oracle’s Java install application

March 6, 2015 4 comments

Part of Oracle’s new install application for Java is a binary named MacJREInstaller. This application appears to be what installs Java and governs whether or not the Ask.com toolbar gets deployed.

Screen Shot 2015-03-06 at 4.00.10 PM

For context, MacJREInstaller appears to be the helper tool referenced when the Java install application prompts for admin privileges.

Screen Shot 2015-03-03 at 3.52.13 PM

Based on observation, when running the Java install application, MacJREInstaller appears to run the following tasks:

1. Checks to see if it can contact the internet

2. If it can contact the internet, checks back with Oracle to see what country it’s in. Oracle apparently is selective about which nations it wants to have the Ask.com browser settings and toolbar installed (thanks to a Canadian colleague’s testing, it appears Canada is not one of the nations.)

3. If it determines the Mac in question is in a country where Oracle wants to deploy the Ask.com browser settings and toolbar, a Sponsors.framework.tar file is downloaded to the Mac and uncompressed into /Users/username/Library/Application Support.

Screen Shot 2015-03-06 at 5.04.28 PM

4. Determines which web browser is set as the Mac’s default web browser.

5. Displays the choice for whether or not to install the Ask.com browser settings and toolbar.

Note: By default, the option to install the Ask.com browser settings and toolbar is selected. The person running the install application must uncheck the appropriate checkbox or checkboxes to opt out.

Screen Shot 2015-03-03 at 3.52.38 PM

6. Depending on whether the Ask.com browser settings and toolbar have been chosen for installation, the following actions take place:

If installation of the Ask.com browser settings and toolbar is selected:

A. The Ask.com browser settings and toolbar for the Mac’s default web browser are installed using a tool called APNSetup, which is included in the downloaded Sponsors.framework.

Screen Shot 2015-03-06 at 4.40.28 PM

B. The JavaAppletPlugin installer package stored within the Java install application is installed.

Screen Shot 2015-03-03 at 4.03.38 PM

C. MacJREInstaller checks back with Oracle again to see what country the Mac in question is in.

If installation of the Ask.com browser settings and toolbar is not selected:

A. The JavaAppletPlugin installer package stored within the Java install application is installed.

B. MacJREInstaller checks back with Oracle again to see what country the Mac in question is in.

Note: Even if the installation of the Ask.com browser settings and toolbar is not selected, the Sponsors.framework remains resident on the machine, in /Users/username/Library/Application Support.

7. Once the install process finishes, MacJREInstaller then exits.

For more details, see below the jump.

Read more…

Deploying Sophos Enterprise Anti-Virus for Mac 9.2.x

February 26, 2015 14 comments

With the release of Sophos Enterprise Anti-Virus 9.2.x, Sophos changed how their enterprise antivirus solution for Macs was installed. While previous versions of Sophos Enterprise used an Apple installer metapackage, Sophos has now switched to using an application to install their enterprise antivirus software.

Screen Shot 2015-02-25 at 7.48.51 PM

This switch was a problem for Mac admins who wanted to deploy Sophos Enterprise Anti-Virus 9.2.x, as the previously-available installer package had simplified the task of deployment. The new Sophos Enterprise Anti-Virus 9.2.x install application added further complexity by storing many of the installer’s files and other components outside the application in a separate Sophos Installer Components directory.

Screen Shot 2015-02-25 at 7.50.06 PM

However, after doing some research and testing, it looks like it is possible to repackage Sophos Enterprise 9.2.x for deployment. For more details, see below the jump.

Read more…

Certificate authority expiration and Apple software updates

February 10, 2015 2 comments

A while back, there was an issue when the certificate Apple used to digitally sign installers expired. This issue was handled by Apple in a couple of ways:

  1. Reissuing installers signed with an updated certificate
  2. Adding the -allowUntrusted function to the installer command line tool

In the past couple of weeks, Apple has released new versions of a number of updates, which are now available for download by folks running Apple’s Software Update service or third-party tools like Reposado. Most of these updates were for older OSs where Apple has since stopped providing new updates. When these updates were checked, there didn’t seem to be any difference between the “old” and “new” versions of the installers.

So why is Apple pushing new copies of the updates to Mac admins’ software update servers? The answer appears to be again in the digital signing of the updates. For more details, see below the jump.

Read more…

Follow

Get every new post delivered to your Inbox.

Join 197 other followers

%d bloggers like this: