macos: make it work on Sierra

On Sierra it seems that the keyrings are stored in files with extension .keychain-db, instead of .keychain. So currently we look for both files when looking for a keyring: * If the .keychain file exists, we return that. * Otherwise, if the .keychain-db file exists, we return that. * Otherwise, if the system is Sierra or later, we return .keychain-db * Otherwise we return the .keychain file.
r-lib · Mar 13, 2017 · 9f3b1fd · 9f3b1fd
1 parent 2dff41a
commit 9f3b1fd
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/R/backend-macos.R b/R/backend-macos.R
@@ -151,7 +151,7 @@ b_macos_keyring_create <- function(self, private, keyring) {
 b_macos_keyring_list <- function(self, private) {
   res <- .Call("keyring_macos_list_keyring")
   data.frame(
-    keyring = sub("\\.keychain$", "", basename(res[[1]])),
+    keyring = sub("\\.keychain(-db)?$", "", basename(res[[1]])),
     num_secrets = res[[2]],
     locked = res[[3]],
     stringsAsFactors = FALSE
@@ -203,10 +203,19 @@ b_macos_keyring_file <- function(self, private, name) {
     normalizePath(name, mustWork = FALSE)
 
   } else {
-    normalizePath(
-      paste0("~/Library/Keychains/", name, ".keychain"),
+    files <- normalizePath(
+      paste0("~/Library/Keychains/", name, c(".keychain", ".keychain-db")),
       mustWork = FALSE
     )
+    if (file.exists(files[1])) {
+      files[1]
+    } else if (file.exists(files[2])) {
+      files[2]
+    } else if (darwin_version() >= "16.0.0") {
+      files[2]
+    } else {
+      files[1]
+    }
   }
 }
 

diff --git a/R/utils.R b/R/utils.R
@@ -14,3 +14,9 @@ confirmation <- function(prompt, yes) {
   ans <- readline(paste0(prompt, ": "))
   if (ans != yes) stop("Aborted", call. = FALSE)
 }
+
+darwin_version <- function() {
+  info <- Sys.info()
+  if (info[["sysname"]] != "Darwin") stop("Not macOS")
+  package_version(info[["release"]])
+}
diff --git a/inst/development-notes.md b/inst/development-notes.md
@@ -26,8 +26,18 @@ You don't need it for using `keyring`.
 
 ### macOS Keychain
 
-Nothing particular about this backend, just read the source code
-and the documentation.
+On macOS, the keyrings are store in files. We handle the user's keyrings,
+these are in `~/Library/Keychains`. They are files with extension
+`.keychain` (before Sierra) or `.keychain-db` (starting from Sierra).
+
+Whenever a keyring is specified, it can be a symbolic name (e.g. `login`),
+or an absolute filename (e.g. `/Users/gaborcsardi/Library/Keychains/login.keychain`).
+If a symbolic name is specified, we look for both `.keychain` and
+`.keychain-db` files:
+* If the `.keychain` file exists, we use that.
+* Otherwise, if the `.keychain-db` file exists, we use that.
+* Otherwise, if the system is Sierra or later, we use `.keychain-db`.
+* Otherwise we use the `.keychain` file.
 
 ### Windows Credential Store