Skip to content

Instantly share code, notes, and snippets.

View lukele's full-sized avatar

Lukas Pitschl lukele

40 followers · 2 following
View GitHub Profile
@lukele
lukele / enable-gpgmail.sh
Created January 19, 2022 15:18
Automatically enable GPG Mail plugin
#!/bin/bash
BUNDLE_NAME="GPGMailLoader_6"
LOADER_BUNDLE="${BUNDLE_NAME:?}.mailbundle"
SIGNED_LOADER_BUNDLE="${BUNDLE_NAME}.signed.mailbundle"
BUNDLES_PATH="/Library/Mail/Bundles"
SIGNED_BUNDLES_PATH="/Library/Application Support/GPGTools/GPGMail"
ENABLED_BUNDLES_PATH="$HOME/Library/Application Support/Mail/Plug-ins/Bundles/${BUNDLE_PATH:?}"
LOADER_BUNDLE_PATH="${BUNDLES_PATH:?}/${LOADER_BUNDLE:?}"
ENABLED_LOADER_BUNDLE_PATH="${ENABLED_BUNDLES_PATH:?}/${LOADER_BUNDLE:?}"
@lukele
lukele / .md
Last active September 22, 2021 12:00
Mail Mime Type Mappings

Shows the first 2 NSString objects

(lldb) memory read -c 64 sMimeTypeMappings
0x7ff95b9a1bb0: 78 29 d7 5a f8 7f 00 00 c8 07 00 00 00 00 00 00  x).Z............
0x7ff95b9a1bc0: 29 b4 fa 35 f9 7f 00 00 04 00 00 00 00 00 00 00  )..5............
0x7ff95b9a1bd0: 78 29 d7 5a f8 7f 00 00 c8 07 00 00 00 00 00 00  x).Z............
0x7ff95b9a1be0: 2e b4 fa 35 f9 7f 00 00 08 00 00 00 00 00 00 00  ...5............
@lukele
lukele / README.md
Last active January 31, 2020 21:24
Proper fix for "User interaction is not allowed" when password is requested from macOS Keychain via Terminal/SSH

User Interaction is not allowed

When setting up Jenkins to sign a build product using GnuPG the signing operation might stall, since pinentry-mac can't retrieve the private key passphrase from macOS Keychain Access. The only way to fix this so far, was to login to the signing user account and run the command manually in Terminal once, so the macOS Keychain Access password prompt is displayed and one can choose to never ask again and have the pinentry-mac.app application added to the list where no user password is required to retrieve the passphrase. This is very cumbersome if the server taking care of the signing is only accessible via SSH.

What's even stranger is, that trying to add the keychain item manually using, which should grant access to the item without asking for the user's password via UI:

security add-generic-password -a "<fingerprint>" -l "<somelabel>" -s "GnuPG" -T "/usr/local/MacGPG2/libexec/pinentry-mac.app" -w "passphrase" <keychain>
@lukele
lukele / README.md
Last active August 19, 2020 22:03
Access to a keychain item's password via Security framework is lost if a user enters the wrong password once (rdar://50789571)

Summary

If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:

  • programmatic access to the keychain item's password using SecItemCopyMatching consistently fails with error OSStatus -25293, yet the user is never prompted to enter their macOS credentials

  • programmatic access to the password of any keychain item of the same keychain fails with error -25293

  • the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain Access.app (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)

@lukele
lukele / cfscrape.py
Created April 16, 2019 10:24
Cloudflare Scrape with support for custom headers.
import logging
import random
import re
import subprocess
import copy
import time
from requests.sessions import Session
from collections import OrderedDict
@lukele
lukele / Boot SuperDuper backup in VMWare.md
Last active March 18, 2022 16:42
Boot SuperDuper! backup in VMWare

Boot SuperDuper! backup in VMWare Fusion

It's quite strange that VMWare doesn't expose this feature in the UI directly, but fortunately enough it's pretty easy to do.

  1. Create a new custom virtual machine with macOS 10.14 as guest
  2. Quit VMWare after creating the virtual machine
  3. Change into the virtual machine folder ~/Virtual Machines/<name>.vmwarevm
  4. Connect your external harddrive with your SuperDuper! bootable backup
  5. Use diskutil list to figure out which device number your harddrive was assigned
  6. Create a raw disk using the vmware-rawDiskCreator tool which is linked to the external harddrive:
@lukele
lukele / list-directory-no-sip.sh
Last active December 6, 2018 18:00
List directory contents of directory protected by SIP / Quarantine
#!/bin/bash
SSH_STATUS_CHECK_CMD="systemsetup -getremotelogin"
SSH_ENABLE_SERVER_CMD="systemsetup -setremotelogin on"
SSH_KEY="$HOME/.ssh/no_sip"
echo $HOME
PROTECTED_DIRECTORY="$1"
# Check if the SSH Server is already enabled
@lukele
lukele / gnupg-2.2.4.T3730.hkp-basic-auth-support.diff
Created January 11, 2018 08:56
HKP Basic Auth Support
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 4a0b08f..1e7458e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1001,7 +1001,7 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
static gpg_error_t
make_host_part (ctrl_t ctrl,
const char *scheme, const char *host, unsigned short port,
- int force_reselect, int no_srv,
+ int force_reselect, int no_srv, const char *auth,
@lukele
lukele / MailApp.m
Last active August 2, 2017 14:15
- (void)MASetPreferencesController:(NSWindowController *)windowController {
[self MASetPreferencesController:windowController];
if(!windowController) {
return;
}
NSToolbarItem *toolbarItem = [[NSToolbarItem alloc] initWithItemIdentifier:@"gpgmail"];
toolbarItem.label = @"GPGMail";
toolbarItem.image = [NSImage imageNamed:@"GPGMail"];
NSToolbar *toolbar = [[windowController window] toolbar];
@lukele
lukele / send-eml.py
Created June 15, 2017 20:34
Resend a .eml file (useful for testing message loading in Mail.app)
#!/usr/bin/env python
# -*- mode: python; coding: utf-8-unix -*-
import sys
import os.path
import smtplib
def remove_headers(raw_message, headers=[]):
message = []
i = 0
for line in raw_message: