Archive for August 8th, 2007

Aug 08

HINT: What to do when Keychain-using Apps lock up

Command Line Tricks, MacOS X, MacOS X Annoyances Juan 1 Comment »

Like many Macintosh users, the first few months of using MacOS X I wasn’t even aware of what the Keychain really was. After a while, you realize just what a cool little piece of security it is. It ensures many MacOS X programs can securely store passwords and other information without the programmer having to be a great cryptographic genius.

One of my favorite programs which exploits this is 1Passwd. 1Passwd stores all your web form passwords (and any other data you care to secure, like credit card numbers or software serial numbers) in a Keychain, so the cryptography is managed by Apple’s Keychain. Recently, on my iMac at home, 1Passwd started locking up whenever it tried to access it’s keychain. Specifically, I have updated 1Passwd so it presented me with a dialog to allow the updated version access to the Keychain. When I clicked continue, the dreaded rainbox beachball of doom showed up and would not go away. From that point on, logins to the machine failed and most Apps using the keychain were unable to use the keychain.

I checked the system usage from the command line

top -u -s 5

and discovered a program called securityd was eating up CPU cycles and RAM. I called up the manual page on securityd via the command line:
man securityd

and discovered:

securityd maintains security contexts and arbitrates cryptographic operations and Security Authorizations. Access to keychain items is routed through securityd to enforce access controls and to keep private keys out of user process address space. Authorization calls also communicate with securityd to enforce rules contained in the /etc/authorization database. All user interaction with securityd is mediated through the Security Agent.

So by locking up securityd, I was messing up all the cryptographic operations that ran through it. Great. I figured there had to be a corrupted file on my computer that was mucking up the works, but where. My first thought was a corrupted keychain file, so I checked out my keychains using the “Keychain First Aid” item in the Keychain Access (in /Applications/Utilities) [shown in the figure below].

Keychain Access Example

The files all checked out as intact, so that wasn’t it. Something was corrupted on my computer, but what.

Just a Google search on “securityd” later, I found the solution on the Unsanity programmers blog in an article titled “Fix for securityd hogging RAM when reauthorizing apps’ Keychain access“. In a nutshell, the corrupted file is a cryptographic database at /var/db/CodeEquivalenceDatabase. In order to fix this problem they suggest:

just open the Terminal (/Applications/Utilities/Terminal) and type:

sudo mv /var/db/CodeEquivalenceDatabase /var/db/CodeEquivalenceDatabase.old

Upon rebooting, God should be in His Heaven and all should be well with the keychain.

And I verified this worked to fix my iMac and all the Keychain apps are happy again. Excellent!

Aug 08

Annoyance: IRAF in Scisoft OSX mkpkg glitches

Astronomical Software, Command Line Tricks, IRAF, MacOS X Annoyances, SciSoft OSX Juan 1 Comment »

Update: I have updated this blog entry to reflect some updated information from Nor Pirzkal regarding the best way to fix this glitch.  This problem has been fixed in Scisoft OSX MacIntel version (2007.9.1).

During my adventures compiling the hectospec-related IRAF packages, I was using Scisoft OSX and discovered there were a couple of issues with the symbolic links for the mkpkg command necessary for compiling new IRAF packages.

  • In the Scisoft OSX PPC Beta (2006.11.1b) mkpkg appears to be mis-linked, so it can’t be executed. So I did the following in the terminal:
    cd /scisoft/binsudo rm mkpkgsudo ln -s ../iraf/iraf/unix/bin.macosx/mkpkg.e mkpkg
  • In the Scisoft OSX MacIntel version (2007.1.1) and Scisoft OSX MacIntel version (2007.7.1), there are some missing symbolic links to mkpkg and xc in the directory for MacIntel binaries.  As a result, both mkpkg and xc were instead pointing to PowerPC binaries. I fixed this as follows (again, from the command line):
    cd /scisoft/i386/bin/sudo ln -s /scisoft/all/packages/iraf/iraf/unix/bin.macintel/mkpkg.e mkpkgsudo ln -s /scisoft/all/packages/iraf/iraf/unix/bin.macintel/xc.e xc
    This mis-linking certainly didn’t help getting things to compile under MacIntel, since IRAF was attempting to compile MacIntel code using PowerPC versions of mkpkg and xc.

Thanks for Nor Pirzkal for giving me some feedback on fixing this problem.  He tells me he has made the appropriate changes so that the next version of Scisoft OSX will not have this  issue.By the way, my complaint here should in no way be construed as a critique of the efforts of Francesco Pierfedericki and Nor Pirzkal in putting together Scisoft OSX. They have done a great deal of work to put together an awesome package. For two people to track over 2 GB of software and not expect some glitches is unrealistic. And I for one am extremely grateful that his efforts have saved me a lot of time.