Skip to content

Instantly share code, notes, and snippets.


Lukas Pitschl lukele

View GitHub Profile
lukele /
Created Jan 19, 2022
Automatically enable GPG Mail plugin
SIGNED_BUNDLES_PATH="/Library/Application Support/GPGTools/GPGMail"
ENABLED_BUNDLES_PATH="$HOME/Library/Application Support/Mail/Plug-ins/Bundles/${BUNDLE_PATH:?}"
lukele / .md
Last active Sep 22, 2021
Mail Mime Type Mappings
View .md

Shows the first 2 NSString objects

(lldb) memory read -c 64 sMimeTypeMappings
0x7ff95b9a1bb0: 78 29 d7 5a f8 7f 00 00 c8 07 00 00 00 00 00 00  x).Z............
0x7ff95b9a1bc0: 29 b4 fa 35 f9 7f 00 00 04 00 00 00 00 00 00 00  )..5............
0x7ff95b9a1bd0: 78 29 d7 5a f8 7f 00 00 c8 07 00 00 00 00 00 00  x).Z............
0x7ff95b9a1be0: 2e b4 fa 35 f9 7f 00 00 08 00 00 00 00 00 00 00  ...5............
lukele /
Last active Jan 31, 2020
Proper fix for "User interaction is not allowed" when password is requested from macOS Keychain via Terminal/SSH

User Interaction is not allowed

When setting up Jenkins to sign a build product using GnuPG the signing operation might stall, since pinentry-mac can't retrieve the private key passphrase from macOS Keychain Access. The only way to fix this so far, was to login to the signing user account and run the command manually in Terminal once, so the macOS Keychain Access password prompt is displayed and one can choose to never ask again and have the application added to the list where no user password is required to retrieve the passphrase. This is very cumbersome if the server taking care of the signing is only accessible via SSH.

What's even stranger is, that trying to add the keychain item manually using, which should grant access to the item without asking for the user's password via UI:

security add-generic-password -a "<fingerprint>" -l "<somelabel>" -s "GnuPG" -T "/usr/local/MacGPG2/libexec/" -w "passphrase" <keychain>
lukele /
Last active Aug 19, 2020
Access to a keychain item's password via Security framework is lost if a user enters the wrong password once (rdar://50789571)


If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:

  • programmatic access to the keychain item's password using SecItemCopyMatching consistently fails with error OSStatus -25293, yet the user is never prompted to enter their macOS credentials

  • programmatic access to the password of any keychain item of the same keychain fails with error -25293

  • the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)

lukele /
Created Apr 16, 2019
Cloudflare Scrape with support for custom headers.
import logging
import random
import re
import subprocess
import copy
import time
from requests.sessions import Session
from collections import OrderedDict
lukele / Boot SuperDuper backup in
Last active Mar 18, 2022
Boot SuperDuper! backup in VMWare
View Boot SuperDuper backup in

Boot SuperDuper! backup in VMWare Fusion

It's quite strange that VMWare doesn't expose this feature in the UI directly, but fortunately enough it's pretty easy to do.

  1. Create a new custom virtual machine with macOS 10.14 as guest
  2. Quit VMWare after creating the virtual machine
  3. Change into the virtual machine folder ~/Virtual Machines/<name>.vmwarevm
  4. Connect your external harddrive with your SuperDuper! bootable backup
  5. Use diskutil list to figure out which device number your harddrive was assigned
  6. Create a raw disk using the vmware-rawDiskCreator tool which is linked to the external harddrive:
lukele /
Last active Dec 6, 2018
List directory contents of directory protected by SIP / Quarantine
SSH_STATUS_CHECK_CMD="systemsetup -getremotelogin"
SSH_ENABLE_SERVER_CMD="systemsetup -setremotelogin on"
echo $HOME
# Check if the SSH Server is already enabled
View gnupg-2.2.4.T3730.hkp-basic-auth-support.diff
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 4a0b08f..1e7458e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1001,7 +1001,7 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
static gpg_error_t
make_host_part (ctrl_t ctrl,
const char *scheme, const char *host, unsigned short port,
- int force_reselect, int no_srv,
+ int force_reselect, int no_srv, const char *auth,
View MailApp.m
- (void)MASetPreferencesController:(NSWindowController *)windowController {
[self MASetPreferencesController:windowController];
if(!windowController) {
NSToolbarItem *toolbarItem = [[NSToolbarItem alloc] initWithItemIdentifier:@"gpgmail"];
toolbarItem.label = @"GPGMail";
toolbarItem.image = [NSImage imageNamed:@"GPGMail"];
NSToolbar *toolbar = [[windowController window] toolbar];
lukele /
Created Jun 15, 2017
Resend a .eml file (useful for testing message loading in
#!/usr/bin/env python
# -*- mode: python; coding: utf-8-unix -*-
import sys
import os.path
import smtplib
def remove_headers(raw_message, headers=[]):
message = []
i = 0
for line in raw_message: