Jamf Nation Community

I would hold off on making this available on your SUS if you have one. I know a bunch of people (including myself) have filed a Bug Report with Apple. I'm hoping they pull the supplemental update soon.

Also, the combo updater and regular 10.8.5 update (updated version) do not unhide mach_kernel.

Just updated a test Mac here with the Supplemental and I'm seeing mach_kernel at the root of the drive, plain as the nose on my face. Nice one Apple!
Wasn't this the update that was first released internally to all Apple employees from a report I read? How did this not get caught?? Sloppy.

hkim, should have checked closer. $15 is correct.

#!/bin/sh

hiddenflagstatus=`stat -r /mach_kernel | awk '{print $15}'`

if [ "$hiddenflagstatus" = "0" ]

then chflags hidden /mach_kernel

else echo "mach_kernel is hidden"

fi

exit 0

$15 seems to point to the hidden flag from what I gather, doing a stat -s the st_flags value is the one I was looking for.

Another way is to check for the com.apple.FinderInfo Extended Attribute like this-

xattr -x /mach_kernel

In the script.

#!/bin/sh

hiddenflagstatus=`xattr -x /mach_kernel`

if [ "$hiddenflagstatus" != "com.apple.FinderInfo" ]

then chflags hidden /mach_kernel

else echo "mach_kernel is hidden"

fi

exit 0

Ok I see what you are saying it flips from 0 to 32768 at position 15.

"I would hold off on making this available on your SUS if you have one."

Since the Supplemental Update fixes actual bugs, and the visibility of mach_kernel is a cosmetic issue, I think orgs might want to consider deploying it anyway, especially if they've encountered any of the bugs the Supplemental Update fixes.

Since the Supplemental Update fixes actual bugs, and the visibility of mach_kernel is a cosmetic issue, I think orgs might want to consider deploying it anyway

Generally speaking I would agree, but only after some careful testing. My concern here is that if something simple like making sure mach_kernel is invisible was overlooked, I have to wonder what else didn't get caught. My understanding on this update is that it wasn't really distributed to folks in Apple's developer program. I could have that wrong, but if that is the case, it may not have been tested thoroughly outside of Apple. therefore the need for some caution in deploying it.
Its also not impossible that Apple may pull it at any moment and re-issue it. Its happened before as we all know.

Apple may have just pulled this supplemental update from their servers. I can't get my 10.8.5 12F37 build machines to see it in Software Update anymore.

@damienbarrett, sure you don't just have it blocked on an internal SUS? The update is still on Apple's site, downloadable, so I assume its still active-
http://support.apple.com/kb/DL1686?viewlocale=en_US&locale=en_US
Modification dates are the same, so it doesn't look like it was updated at all.

The update is still very much live for me.

Weird. Some of my machines running 12F37 simply refuse to see the update.

I took another machine running 10.8.3 and ran all updates in Software Update (using Apple's, not a local SUS) and when done it came out running 12F45. Maybe Apple has bundled the 10.8.5 and 10.8.5 supplemental updates together on their SUS servers?

Also, this machine I just updated from 10.8.3 to 10.8.5 12F45 is *not* showing mach_kernel in the Finder. Yet on several machines I updated over the weekend and earlier this morning are definitely showing mach_kernel in the Finder. I've already had an EA in place to detect OS build number, so I just had to use the script above to execute on machines running build 12F45.

But now I'm thinking that might produce some false positives. Perhaps my EA should look for the presence of:

/var/db/receipts/com.apple.pkg.update.os.10.8.5.supplemental

And then execute a script to hide mach_kernel based a group scoped to to this. Maybe I've over thinking this...but my users are mostly all admins and I can certainly see some of them trying to delete this "mysterious" file from their systems, as they've been taught to leave the root of their HD with only /Applications, /Library, /System, and /Users.

So, I'm not sure what's going on.

Why not use the EA that @hkim posted for detecting if the mach_kernel file is visible instead of detecting OS build number? Not that there would be any harm I can think of in running the chflags hidden command on an already hidden file.

@damienbarrett When Apple release the supplemental, they also released updated 10.8.5 Delta/Combo updaters. If you had 10.8.5 12F37, and you ran the Supplemental, you receive build 12F45 and a visible mach_kernel. If you had less-than-10.8.5, and ran the Delta/Combo, you got 12F45 and an invisible mach_kernel. So, it only affects computers updated with the Supplemental.

whenever I run it, I get the following output, tried on 10.8.5supplemental update and 10.9

Running script MachKernel.sh... Script exit code: 2 Script result: /Library/Application Support/JAMF/tmp/MachKernel.sh: line 12: syntax error: unexpected end of file Submitting log Finished.

Using text wrangler I don't see anything wrong, I tried changing the ` to ' and tried to " the whole thing (removing the `), nothing seemed to work...

what's wrong is I forgot to close the if with a fi statement