Another bad day of Apple software update…

Today – out of a sudden – I thought about “verifying / repairing permissions” on a 10.6 machine…

$ diskutil repairPermissions /

Should be all I need to know that everything is just fine, right? Well – wrong!

Started verify/repair permissions on disk0s2 Macintosh HD
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar", should be lrwxr-xr-x , they are lrw-r--r--
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar"
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib", should be 0, user is 95
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib"
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries", should be 0, user is 95
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries"
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts", should be lrwxr-xr-x , they are lrw-r--r--
Repaired "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts"
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Resources/Java/deploy.jar", should be lrwxr-xr-x , they are lrw-r--r--
Repaired "System/Library/Java/Support/Deploy.bundle/Contents/Resources/Java/deploy.jar"
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPluginCocoa.bundle/Contents/Resources/Java/deploy.jar", should be lrwxr-xr-x , they are lrw-r--r--
Repaired "System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPluginCocoa.bundle/Contents/Resources/Java/deploy.jar"
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar", should be -rw-r--r-- , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar"
User differs on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib", should be 95, user is 0
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib"
User differs on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Libraries", should be 95, user is 0
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Libraries"
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts", should be -rw-r--r-- , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts"
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Resources/Java/deploy.jar", should be -rw-r--r-- , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Resources/Java/deploy.jar"
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Resources/Java/libdeploy.jnilib", should be -rwxr-xr-x , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Resources/Java/libdeploy.jnilib"
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPluginCocoa.bundle/Contents/Resources/Java/deploy.jar", should be -rw-r--r-- , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPluginCocoa.bundle/Contents/Resources/Java/deploy.jar"
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPluginCocoa.bundle/Contents/Resources/Java/libdeploy.jnilib", should be -rwxr-xr-x , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPluginCocoa.bundle/Contents/Resources/Java/libdeploy.jnilib"

And tens if not hundreds of lines more… Ok – that happens every once in a while, doesn’t it? Therefore receiving an encouraging message

Finished verify/repair permissions on disk0s2 Macintosh HD

should buy me a good peace of mind. The devil though made me issue the repair permissions command another time – hehe – just to verify and.. guess what? The same lines appeared again. And again, and no matter how many times I “repair” those permissions – the same lines appeared…

Let’s examine them closer then. Seems that we just have a good example of “repairing” loop here. Let’s take the first “jconsole.jar”:

Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar", should be lrwxr-xr-x , they are lrw-r--r--
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar"

and a couple lines lower:

Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar", should be -rw-r--r-- , they are lrwxr-xr-x
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar"

Or even more spectacular one:

User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib", should be 0, user is 95
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib"
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries", should be 0, user is 95
[...]
User differs on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib", should be 95, user is 0
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib"
User differs on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Libraries", should be 95, user is 0
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Libraries"

Clearly Apple has done some changes and didn’t take care of the conflicts for diskutil.. Let’s find where did they do this (I start with the Java stuff):

$ for bom in /var/db/receipts/*.bom ; do if lsbom -p MUGsTf "$bom" | grep -E "(jconsole.jar)$" ; then ls -alF "$bom" ; echo ; fi ; done

-rw-r--r-- 	root	wheel	393218	Wed Mar 17 21:34:35 2010	./System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar
-rw-r--r--  1 root  wheel  281657 Apr 27  2010 /var/db/receipts/com.apple.pkg.Java.bom

-rw-r--r-- 	root	wheel	393217	Wed May  5 05:07:51 2010	./System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar
-rw-r--r--  1 root  wheel  480776 Sep  1  2010 /var/db/receipts/com.apple.pkg.JavaForMacOSX10.6Update2.bom

lrwxr-xr-x 	root	wheel	24	Tue Oct 12 07:40:40 2010	./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar
-rw-r--r-- 	root	wheel	388069	Tue Oct 12 07:33:13 2010	./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/jconsole.jar
-rw-r--r--  1 root  wheel  480986 Nov 13  2010 /var/db/receipts/com.apple.pkg.JavaForMacOSX10.6Update3.bom

lrwxr-xr-x 	root	wheel	24	Tue Mar  1 01:15:11 2011	./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar
-rw-r--r-- 	root	wheel	388069	Tue Mar  1 01:09:39 2011	./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/jconsole.jar
-rw-r--r--  1 root  wheel  469268 Mar 22 15:51 /var/db/receipts/com.apple.pkg.JavaForMacOSX10.6Update4.bom

lrwxr-xr-x 	root	wheel	24	Sat Jun 18 01:00:35 2011	./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar
-rw-r--r-- 	root	wheel	387780	Sat Jun 18 00:54:45 2011	./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/jconsole.jar
-rw-r--r--  1 root  wheel  474756 Jul  5 22:45 /var/db/receipts/com.apple.pkg.JavaForMacOSX10.6Update5.bom

lrwxr-xr-x 	root	admin	24	Tue Oct 12 07:41:36 2010	./Library/Java/JavaVirtualMachines/1.6.0_22-b04-307.jdk/Contents/Classes/jconsole.jar
-rw-rw-r-- 	root	admin	388069	Tue Oct 12 07:33:13 2010	./Library/Java/JavaVirtualMachines/1.6.0_22-b04-307.jdk/Contents/Home/lib/jconsole.jar
-rw-r--r--  1 root  wheel  136207 Dec 12  2010 /var/db/receipts/com.apple.pkg.JavaSE6.bom

So… it seems that before October 2010 Apple had only one file named jconsole.jar and later on moved it and replaced with a link to the moved file, forgetting about the potential consequences for diskutil / permissions. What do we do? Instead of trying to edit the bom/plist files, I opted for a quick’n dirty move:

$ cd /var/db/receipts/
$ sudo mkdir _disabled
$ sudo mv com.apple.pkg.Java.* _disabled/
$ sudo mv com.apple.pkg.JavaForMacOSX10.6Update2.* _disabled/

Please note the period before the asterisk at the end of “com.apple.pkg.Java.*”!

OK – that fixed the Java part of the story. Now to the rest. It seems that most if not all of them come from something around “AppleVNCServer.bundle”. Let’s find who claims to have some ownership on this one:

$ for bom in /var/db/receipts/*.bom ; do if lsbom -p MUGsTf "$bom" | grep -E "(AppleVNCServer.bundle)$" ; then ls -alF "$bom" ; echo ; fi ; done

Hoho… seems like we just (2011-07-20) had and update from Apple which included new “RemoteDesktopClient”. Cool! Let’s find what they screwed with those permissions. I took a file that was unlikely to appear in other (than affected) packages:

$ for bom in /var/db/receipts/*.bom ; do if lsbom -p MUGsTf "$bom" | grep -E "(RemoteDesktopMenu.nib)$" ; then ls -alF "$bom" ; echo ; fi ; done

and – guess what – got all the same bom files listed. So – it seems – the good, old (I really mean that!) nib format is gone and replaced by the compiled nibs, but that makes another loop to be dealt with:

$ cd /var/db/receipts/
$ sudo mv com.apple.MacOSX.lang.* _disabled/
$ sudo mv com.apple.pkg.Essentials.* _disabled/

From now (only one more repairing pemirssions needed) I can sleep well, knowing that all my permissions are repaired (as if that mattered at all in the first place)!

Uff – that’s it… until next badly behaving update, that is..

P. S. I used also info from this forum thread. Credits to “Hal Itosis”.

Advertisements
This entry was posted in OSX, Rants. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s