Passwords on OS X via security
Nicolas Sebrecht
nicolas.s-dev at laposte.net
Thu Nov 13 12:44:22 UTC 2014
On Thu, Nov 13, 2014 at 06:25:32PM +1000, Paul W. Rankin wrote:
> "Paul W. Rankin" <hello at paulwrankin.com> writes:
>
> > The keychain is already unlocked and accessible. Within Keychain
> > Access.app, `security` is listed as "Always allow access by these
> > applications:". I have the very same line in my ~/.authinfo for using
> > smtpmail-send-it to avoid typing a gpg password when sending mail:
> >
> > machine mail.example.com login userrnkn at example.com password `security
> > find-generic-password -s mail.example.com -a user at example.com -w` port
> > 465
> >
> > That works without a hitch (with real values), so I assumed the problem
> > has to be in the way offlineimap reads .offlineimaprc
>
> Ah sorry! This does NOT work without a hitch. It does not work at all.
> So my issue is with shell argument substitution in general, not with
> offlineimap.
>
> But if anyone know how to achieve this...?
If OfflineIMAP could execute shell commands or do shell substitutions in
offlineimaprc I would expect this to be a bug. In OfflineIMAP,
ConfigParser() is wrapped in the CustumConfigParser() class. See
https://docs.python.org/2/library/configparser.html
for details.
The right way is to write your own python code in a lambda function as
Lucien already said. I guess all options can be replaced by python code.
I don't know enough about keyring and your configuration to give you the
exact python lines of code. But trying to retrieve the password from
shell command as-is is wrong, for sure.
Now, if you really want to use a shell command instead of pure python
code you could call your shell command from python with a call like
Popen(). See
https://docs.python.org/2/library/subprocess.html
and
https://docs.python.org/2/library/shlex.html#shlex.split
for details.
I would encourage you to try something like that in a python session:
% python
>>> import subprocess
>>> import shlex
>>> subprocess.Popen(shlex.split('ls /'), stdout=subprocess.PIPE).stdout.read()
which returns a string 'str' as expected in offlineimaprc.
Good luck! ,-)
--
Nicolas Sebrecht
More information about the OfflineIMAP-project
mailing list