Skip to content

Instantly share code, notes, and snippets.

Avatar

Lukas Pitschl lukele

View GitHub Profile
@lukele
lukele / README.md
Last active Jan 31, 2020
Proper fix for "User interaction is not allowed" when password is requested from macOS Keychain via Terminal/SSH
View README.md

User Interaction is not allowed

When setting up Jenkins to sign a build product using GnuPG the signing operation might stall, since pinentry-mac can't retrieve the private key passphrase from macOS Keychain Access. The only way to fix this so far, was to login to the signing user account and run the command manually in Terminal once, so the macOS Keychain Access password prompt is displayed and one can choose to never ask again and have the pinentry-mac.app application added to the list where no user password is required to retrieve the passphrase. This is very cumbersome if the server taking care of the signing is only accessible via SSH.

What's even stranger is, that trying to add the keychain item manually using, which should grant access to the item without asking for the user's password via UI:

security add-generic-password -a "<fingerprint>" -l "<somelabel>" -s "GnuPG" -T "/usr/local/MacGPG2/libexec/pinentry-mac.app" -w "passphrase" <keychain>
@lukele
lukele / README.md
Last active Aug 19, 2020
Access to a keychain item's password via Security framework is lost if a user enters the wrong password once (rdar://50789571)
View README.md

Summary

If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:

  • programmatic access to the keychain item's password using SecItemCopyMatching consistently fails with error OSStatus -25293, yet the user is never prompted to enter their macOS credentials

  • programmatic access to the password of any keychain item of the same keychain fails with error -25293

  • the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain Access.app (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)

@lukele
lukele / cfscrape.py
Created Apr 16, 2019
Cloudflare Scrape with support for custom headers.
View cfscrape.py
import logging
import random
import re
import subprocess
import copy
import time
from requests.sessions import Session
from collections import OrderedDict
@lukele
lukele / Boot SuperDuper backup in VMWare.md
Last active Aug 23, 2020
Boot SuperDuper! backup in VMWare
View Boot SuperDuper backup in VMWare.md

Boot SuperDuper! backup in VMWare Fusion

It's quite strange that VMWare doesn't expose this feature in the UI directly, but fortunately enough it's pretty easy to do.

  1. Create a new custom virtual machine with macOS 10.14 as guest
  2. Quit VMWare after creating the virtual machine
  3. Change into the virtual machine folder ~/Virtual Machines/<name>.vmwarevm
  4. Connect your external harddrive with your SuperDuper! bootable backup
  5. Use diskutil list to figure out which device number your harddrive was assigned
  6. Create a raw disk using the vmware-rawDiskCreator tool which is linked to the external harddrive:
@lukele
lukele / list-directory-no-sip.sh
Last active Dec 6, 2018
List directory contents of directory protected by SIP / Quarantine
View list-directory-no-sip.sh
#!/bin/bash
SSH_STATUS_CHECK_CMD="systemsetup -getremotelogin"
SSH_ENABLE_SERVER_CMD="systemsetup -setremotelogin on"
SSH_KEY="$HOME/.ssh/no_sip"
echo $HOME
PROTECTED_DIRECTORY="$1"
# Check if the SSH Server is already enabled
View gnupg-2.2.4.T3730.hkp-basic-auth-support.diff
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 4a0b08f..1e7458e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1001,7 +1001,7 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
static gpg_error_t
make_host_part (ctrl_t ctrl,
const char *scheme, const char *host, unsigned short port,
- int force_reselect, int no_srv,
+ int force_reselect, int no_srv, const char *auth,
View MailApp.m
- (void)MASetPreferencesController:(NSWindowController *)windowController {
[self MASetPreferencesController:windowController];
if(!windowController) {
return;
}
NSToolbarItem *toolbarItem = [[NSToolbarItem alloc] initWithItemIdentifier:@"gpgmail"];
toolbarItem.label = @"GPGMail";
toolbarItem.image = [NSImage imageNamed:@"GPGMail"];
NSToolbar *toolbar = [[windowController window] toolbar];
@lukele
lukele / send-eml.py
Created Jun 15, 2017
Resend a .eml file (useful for testing message loading in Mail.app)
View send-eml.py
#!/usr/bin/env python
# -*- mode: python; coding: utf-8-unix -*-
import sys
import os.path
import smtplib
def remove_headers(raw_message, headers=[]):
message = []
i = 0
for line in raw_message:
@lukele
lukele / first-pseudo-code-optimized.m
Last active Apr 3, 2017
First Hopper code automatically "optimized"
View first-pseudo-code-optimized.m
void * -[MCMimePart _decodeAllowingAttachmentRepresentation: ](void * self, void * _cmd, char arg2) {
rsi = _cmd;
r14 = self;
r13 = _objc_msgSend;
r15 = 0x0;
var_30 = [self _isTypeCode: 0x1 subtypeCode: 0x0];
rbx = [r14 _isTypeCode: 0x7 subtypeCode: 0x8f];
if (arg2 == 0x0) {
// inserted procedure _73ca3
rax = [r14 typeCode];
View FileMessage.m
- (id)MAParsedMessage {
// This method is called, when a message is opened from outside the library (an .eml is loaded.)
id messageData = [((MCMessage *)self) messageDataIncludingFromSpace:0x0 newDocumentID:0x0 fetchIfNotAvailable:0x1];
id parsedMessage = nil;
if (messageData) {
MCMimePart *topLevelPart = [[MCMimePart alloc] initWithEncodedData:messageData];
MCMimeBody *body = [MCMimeBody new];
[body setIvar:kMimeBodyMessageKey value:self];
[topLevelPart setIvar:kMimePartAllowPGPProcessingKey value:@(YES)];
[topLevelPart setIvar:@"MimeBody" value:body];
You can’t perform that action at this time.