Camera Permissions

About a year ago, when talking about Keyboard Maestro and Catalina, @peternlewis said

Keyboard Maestro doesn’t ask for permissions for Location Services, Calendar, Reminders, Photos, Camera, Microphone or Full Disk Access, not unless you run some sort of script or action that accesses them (there are no native actions to access them currently, though there may be in the future).

I just tried to run a macro that calls the imagesnap command. The macro consists of just one step, an Execute Shell Script with the following command:

imagesnap -d "FaceTime HD Camera (Built-in)" -q -w 1 $HOME/Desktop/$(date +"%F-%H-%M-%S").jpg

imagesnap uses the Camera, but Keyboard Maestro doesn't ask me for permission. The macro fails with this error:

 2020-09-17 21:29:12 Execute a Shell Script failed with script error: text-script: line 1:
46442 Abort trap: 6           imagesnap -d "FaceTime HD Camera (Built-in)" -q -w 1 $HOME/Desktop/$(date +"%F--%H-%M-%S").jpg.
Macro “Imagesnap” cancelled (while executing Execute Shell Script).

(I've added linebreaks to make it easier to read.)

The problem is not with my environment; I have ENV_PATH set to include /usr/local/bin, where imagesnap resides. The only thing I can think of is that this command works from the Terminal because Terminal has permission to use the camera, and it fails in Keyboard Maestro because KM doesn't.

I've run

tccutil reset Camera com.stairways.keyboardmaestro.engine
tccutil reset Camera com.stairways.keyboardmaestro.editor

with the hope that resetting the Camera permissions might get KM to ask. No dice.

Is there better answer, and is there anything I can do to get this macro working?

According to this it appears I have to add Hardened entitlements for Camera and Audio Input, so I will do that for the next version of Keyboard Maestro.

I'm not sure there is much you can do to work around it otherwise, except maybe make an applet that does it, or AppleScript control something like Terminal to do it.

Since this is a pretty simple shell command, a workaround for now is making an Automator application with a Run Shell Script command. Since it's an "Application", it will throw a system camera permission prompt the first time it runs. Then you can run that app with your various triggers and contexts from KM without issue.

I think Peter has the real issue figured out, but just for the sake of my own status as Official Shell Script Pedant, allow me to make a suggestion?

This should work just fine:

$HOME/Desktop/$(date +"%F-%H-%M-%S").jpg

This should be fine because $HOME should never have a space in it, and the output of the date command does not have a space in it.

Nevertheless, I always get nervous when I see shell variables that are not in "double quotes" which can be easily accomplished in this example, since date can use 'single quotes'.

Like so:

"$HOME/Desktop/$(date +'%F-%H-%M-%S').jpg"

Making the whole thing look like this:

imagesnap -d "FaceTime HD Camera (Built-in)" -q -w 1 "$HOME/Desktop/$(date +'%F-%H-%M-%S').jpg"

As I said, this isn’t actually correcting an error, because what you have should work fine. It’s just a stylistic suggestion.

A few comments:

1. You are absolutely correct.
2. This command originated with @dansturm, who had the full path to his Desktop explicitly written in the code. I changed it to include $HOME, so all blame falls to me.
3. This is only one of the many reasons I hate shell scripting and will never be good at it.

I didn't know we had one.

Thanks for the word-of-the-day: "Pedant"

a formalist or precisionist in teaching

Thanks for all your help with shell scripts.

Now now, Doctor… no need to be so negative. I’m sure if you put your mind to it…

Truthfully, there’s no way that a $HOME should ever have a space in it, so it will probably never matter for this particular example, but quoting variables is always just a good habit in shell scripting.

I generally feel like Drang does about shell scripting, but one mental model breakthrough I had that took me, what, 25 years to reach, is that every argument in shell scripting is a string and ought to be quoted that way. The fact that you don’t have to quote things is the lazy dangerous way.

Put another way, I spent decades thinking that the normal way of specifying shell scripting arguments is naked, and the safer more pedantic way is to quote them. Better to think that the normal way is to quote everything that can possibly be quoted and that leaving arguments unquoted is a reckless alternative.