Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Change keychain methods to use 'security' program instead of osx_keychain gem #84

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
Member

dougm commented Oct 1, 2013

No description provided.

Member

cdickmann commented Oct 1, 2013

Can you describe a bit more what the consequences of this change are? With which MacOS version(s) did you test this?

Member

dougm commented Oct 1, 2013

The change removes a dependency on osx_keychain gem, which wouldn't install for me:

% gem install osx_keychain
Invalid gemspec in [/Users/dougm/.rbenv/versions/1.9.3-p327/lib/ruby/gems/1.9.1/specifications/ZenTest-4.9.4.gemspec]: Illformed requirement ["< 2.2, >= 1.8"]
ERROR: Error installing osx_keychain:
RubyInline requires ZenTest (~> 4.3)

The README of osx_keychain (https://github.com/seattlerb/osx_keychain) says "The
command line tool isn't actually useful (use security instead)", which led me to try the security cli instead of the gem. Functionally, the code behaves the same, rvc password(s) are only saved in the keychain if you answer 'y' to:

agree("Save password for connection (y/n)? ", true)

I tested with MacOS versions 10.8.5 (12.5.0 Darwin Kernel) and 10.6.8 (10.8.0 Darwin Kernel)

Member

cdickmann commented Oct 1, 2013

Given how little I know about this stuff, I am a bit worried about things like a different "security" tool being in the path, or versioning of it. Could we keep both versions in some way?

Member

dougm commented Oct 1, 2013

afaict, the security cli args that we're using haven't changed, at least between 10.5 and 10.8: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/security.1.html

We could change to use the absolute path: /usr/bin/security

Usage of the security cli seems pretty common if you search github for find-generic-password or add-generic-password. In any case, if Apple introduced a change that broke things, I'd expect that to impact both the cli and api that osx_keychain.gem uses. We could also have a wrapper that prefers osx_keychain.gem and falls back to /usr/bin/security, but I'm unable to properly test since osx_keychain.gem doesn't install for me.

@dougm dougm closed this Jul 6, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment