lukele

User Interaction is not allowed

When setting up Jenkins to sign a build product using GnuPG the signing operation might stall, since pinentry-mac can't retrieve the private key passphrase from macOS Keychain Access. The only way to fix this so far, was to login to the signing user account and run the command manually in Terminal once, so the macOS Keychain Access password prompt is displayed and one can choose to never ask again and have the pinentry-mac.app application added to the list where no user password is required to retrieve the passphrase. This is very cumbersome if the server taking care of the signing is only accessible via SSH.

What's even stranger is, that trying to add the keychain item manually using, which should grant access to the item without asking for the user's password via UI:

security add-generic-password -a "<fingerprint>" -l "<somelabel>" -s "GnuPG" -T "/usr/local/MacGPG2/libexec/pinentry-mac.app" -w "passphrase" <keychain>

lukele

Summary

If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:

• programmatic access to the keychain item's password using SecItemCopyMatching consistently fails with error OSStatus -25293, yet the user is never prompted to enter their macOS credentials

• programmatic access to the password of any keychain item of the same keychain fails with error -25293

• the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain Access.app (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)

lukele

import logging
import random
import re
import subprocess
import copy
import time

from requests.sessions import Session

from collections import OrderedDict

lukele

Boot SuperDuper! backup in VMWare Fusion

It's quite strange that VMWare doesn't expose this feature in the UI directly, but fortunately enough it's pretty easy to do.

1. Create a new custom virtual machine with macOS 10.14 as guest
2. Quit VMWare after creating the virtual machine
3. Change into the virtual machine folder ~/Virtual Machines/<name>.vmwarevm
4. Connect your external harddrive with your SuperDuper! bootable backup
5. Use diskutil list to figure out which device number your harddrive was assigned
6. Create a raw disk using the vmware-rawDiskCreator tool which is linked to the external harddrive:

lukele

#!/bin/bash
SSH_STATUS_CHECK_CMD="systemsetup -getremotelogin"
SSH_ENABLE_SERVER_CMD="systemsetup -setremotelogin on"
SSH_KEY="$HOME/.ssh/no_sip"

echo $HOME

PROTECTED_DIRECTORY="$1"

# Check if the SSH Server is already enabled

lukele

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 4a0b08f..1e7458e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1001,7 +1001,7 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
 static gpg_error_t
 make_host_part (ctrl_t ctrl,
                 const char *scheme, const char *host, unsigned short port,
-                int force_reselect, int no_srv,
+                int force_reselect, int no_srv, const char *auth,

lukele

- (void)MASetPreferencesController:(NSWindowController *)windowController {
    [self MASetPreferencesController:windowController];
    if(!windowController) {
        return;
    }
    
    NSToolbarItem *toolbarItem = [[NSToolbarItem alloc] initWithItemIdentifier:@"gpgmail"];
    toolbarItem.label = @"GPGMail";
    toolbarItem.image = [NSImage imageNamed:@"GPGMail"];
    NSToolbar *toolbar = [[windowController window] toolbar];

lukele

#!/usr/bin/env python
# -*- mode: python; coding: utf-8-unix -*- 
import sys
import os.path
import smtplib

def remove_headers(raw_message, headers=[]):
    message = []
    i = 0
    for line in raw_message:

lukele

void * -[MCMimePart _decodeAllowingAttachmentRepresentation: ](void * self, void * _cmd, char arg2) {
    rsi = _cmd;
    r14 = self;
    r13 = _objc_msgSend;
    r15 = 0x0;
    var_30 = [self _isTypeCode: 0x1 subtypeCode: 0x0];
    rbx = [r14 _isTypeCode: 0x7 subtypeCode: 0x8f];
    if (arg2 == 0x0) {
        // inserted procedure _73ca3
        rax = [r14 typeCode];

lukele

- (id)MAParsedMessage {
    // This method is called, when a message is opened from outside the library (an .eml is loaded.)
    id messageData = [((MCMessage *)self) messageDataIncludingFromSpace:0x0 newDocumentID:0x0 fetchIfNotAvailable:0x1];
    id parsedMessage = nil;
    if (messageData) {
        MCMimePart *topLevelPart = [[MCMimePart alloc] initWithEncodedData:messageData];
        MCMimeBody *body = [MCMimeBody new];
        [body setIvar:kMimeBodyMessageKey value:self];
        [topLevelPart setIvar:kMimePartAllowPGPProcessingKey value:@(YES)];
        [topLevelPart setIvar:@"MimeBody" value:body];