[dupl] warning: 'SecTrustedApplicationCreateFromPath' is deprecated on macOS 10.15 Catalina

[jonioni]

Related: #56, #59, #60

Problem

Encountering the following errors on macOS 10.15 Catalina with the latest keyring release:

cgo-gcc-prolog:203:11: warning: 'SecTrustedApplicationCreateFromPath' is deprecated: first deprecated in macOS 10.15 - No longer supported [-Wdeprecated-declarations]
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrustedApplication.h:59:10: note: 'SecTrustedApplicationCreateFromPath' has been explicitly marked deprecated here

This is reported in keybase/go-keychain #58 and seems to have been fixed in keybase/go-keychain #60.

Proposal

Upgrade the corresponding dependency to use a newer version of keybase/go-keychain.

[mtibben]

Temporary fix in db030e0

[pjcdawkins]

keyring 1.1.5 doesn't build on MacOS 10.15.4 with cgo enabled. Manually updating go-keychain results in the error in the OP.

[flowchartsman]

How is this one looking? Is there any reason it's still pinned to your fork of go-keychain?

[mtibben]

@flowchartsman Yes, there is a reason. The removal of SecTrustedApplicationCreateFromPath changes the security behaviour of aws-vault. It removes the ability for aws-vault to remove itself from the credential ACL, which is required to get keychain prompts when a credential is accessed. See #59 (comment) for further discussion

[mtibben]

I believe using SecACLUpdateAuthorizations is the new way to update ACLs

[flowchartsman]

Great, thanks for the explanation! Please let me know if there's any legwork that needs done.

[mtibben]

The work required is to remove use of the fork, but find a way to keep the ACL-clearing behaviour