security command line and ˜expansion

Question

Created Jan ’21

Replies 3

Boosts 0

Views 2.6k

Participants 3

With recent Mac OS release we run into trouble with some scripts for the security command line.

Assume the following terminal command:

Code Block security default-keychain -s '~/Library/Keychains/login.keychain-db'

it give the following results:

Code Block Will not set default: file /Users/AmotusRemoteDev/Library/Keychains/~/Library/Keychains/login.keychain-db does not exist

The home path with the keychain path is enforced and the tile is not even expend. This was working before.

If I do a full path it work normally:

Code Block AmotusRemoteDev$ security default-keychain -s '/Users/AmotusRemoteDev/Library/Keychains/login.keychain-db'

There is 2 thing wrong here, it doesn't detect the tile as absolute path nor does it expand it. Dunno who changed that but it's now broken. I will need to make a workaround into our Jenkins to repair this until Apple does. Apple command lines are just plain horribles, please hire some developer that understand command lines, this is such a pain to automate, having to automate GUI is plain ********.

Mac OS 10.15.7

Answered by DTS Engineer in 656762022

This was working before.

And that was a bug. Command-line tools should not expand ~; that’s the shell’s job.

The reason why it’s not working in your situation is that you’ve put the ~ within single quotes. Consider this:

Code Block  % echo ~
/Users/quinn
% echo '~'
~

Here is the solution if anybody need it:

An easier option is to put the ~ outside the quotes:

Code Block  % echo ~'/Library/Keychains/login.keychain-db'
/Users/quinn/Library/Keychains/login.keychain-db

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

Boost

Answer 1

JeromeGodboutAmotus OP

Jan ’21

Accepted Answer

Here is the solution if anybody need it:

Code Block security default-keychain -s "`echo ~`/Library/Keychains/login.keychain-db"

Should work, make bash expand the tild and avoid bad security path management.

0

Answer 2

Etresoft OP

Jan ’21

I am unaware of any change in this area or any way that this is different behaviour than on other operating systems.

Using tilda for your home directory is not very reliable due to the problems you have encountered. It would be better to use the HOME environment variable. You will still need to use double quotes as single quotes typically implies that no variable substitution should be applied.

0

Answer 3

DTS Engineer OP

Apple

Jan ’21

Recommended

This was working before.

And that was a bug. Command-line tools should not expand ~; that’s the shell’s job.

The reason why it’s not working in your situation is that you’ve put the ~ within single quotes. Consider this:

Code Block  % echo ~
/Users/quinn
% echo '~'
~

Here is the solution if anybody need it:

An easier option is to put the ~ outside the quotes:

Code Block  % echo ~'/Library/Keychains/login.keychain-db'
/Users/quinn/Library/Keychains/login.keychain-db

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

1