Change keychain methods to use 'security' program instead of osx_keychain gem

[cdickmann]

Can you describe a bit more what the consequences of this change are? With which MacOS version(s) did you test this?

[dougm]

The change removes a dependency on osx_keychain gem, which wouldn't install for me:

% gem install osx_keychain Invalid gemspec in [/Users/dougm/.rbenv/versions/1.9.3-p327/lib/ruby/gems/1.9.1/specifications/ZenTest-4.9.4.gemspec]: Illformed requirement ["< 2.2, >= 1.8"] ERROR: Error installing osx_keychain: RubyInline requires ZenTest (~> 4.3)

The README of osx_keychain (https://github.com/seattlerb/osx_keychain) says "The command line tool isn't actually useful (use security instead)", which led me to try the security cli instead of the gem. Functionally, the code behaves the same, rvc password(s) are only saved in the keychain if you answer 'y' to:

agree("Save password for connection (y/n)? ", true)

I tested with MacOS versions 10.8.5 (12.5.0 Darwin Kernel) and 10.6.8 (10.8.0 Darwin Kernel)

[cdickmann]

Given how little I know about this stuff, I am a bit worried about things like a different "security" tool being in the path, or versioning of it. Could we keep both versions in some way?

[dougm]

afaict, the security cli args that we're using haven't changed, at least between 10.5 and 10.8: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/security.1.html

We could change to use the absolute path: /usr/bin/security

Usage of the security cli seems pretty common if you search github for find-generic-password or add-generic-password. In any case, if Apple introduced a change that broke things, I'd expect that to impact both the cli and api that osx_keychain.gem uses. We could also have a wrapper that prefers osx_keychain.gem and falls back to /usr/bin/security, but I'm unable to properly test since osx_keychain.gem doesn't install for me.