This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When setting up Jenkins to sign a build product using GnuPG the signing operation might stall, since pinentry-mac can't retrieve the private key passphrase from macOS Keychain Access.
The only way to fix this so far, was to login to the signing user account and run the command manually in Terminal once, so the macOS Keychain Access password prompt is displayed and one can choose to never ask again and have the pinentry-mac.app application added to the list where no user password is required to retrieve the passphrase.
This is very cumbersome if the server taking care of the signing is only accessible via SSH.
What's even stranger is, that trying to add the keychain item manually using, which should grant access to the item without asking for the user's password via UI:
If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:
programmatic access to the keychain item's password using SecItemCopyMatching consistently fails with error OSStatus -25293, yet the user is never prompted to enter their macOS credentials
programmatic access to the password of any keychain item of the same keychain fails with error -25293
the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain Access.app (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters