Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Temporary keychains created by electron-builder #3685

Closed
paulbennet opened this issue Feb 12, 2019 · 2 comments
Closed

Temporary keychains created by electron-builder #3685

paulbennet opened this issue Feb 12, 2019 · 2 comments
Labels
bug mac

Comments

@paulbennet
Copy link

  • Version: 20.38.5

  • Target: DMG

screenshot- 2019-02-12 23 45 45

Just noticed these temporary keychains being created in my machine. Though the keychain files are not physically available in the specified locations, this still shows up in the "Keychain access" utility.

  1. Does electron-builder create these temporary keychains ?
  • If so how to avoid these or cleanup once build process is done
  1. Should I be worried about these ?

Note: Been using electron-builder for a while ( 1+ yrs ). So, not sure from which version these happened. I tried safe booting the mac ( which was suggested to cleanup temporary cache files ), but still didn't work.
@mikerogne
Copy link

I noticed that every time build/publish a new release, a new entry like this is created in my ~/Library/Preferences/com.apple.security.plist file:

<dict>
  <key>DbName</key>
  <string>/private/var/folders/_g/c03jtl312n1bv8jmklvb8wjc0000gn/T/t-77iass/2.keychain</string>
  <key>GUID</key>
  <string>{...}</string>
  <key>SubserviceType</key>
  <integer>6</integer>
</dict>

And the more entries in this file, the longer code signing takes each time. It got to the point where it would take 5+ minutes just for codesign to run... and when I removed all of the duplicates in that file, codesign would only take a few seconds to run.

Discovered this "fix" via: https://stackoverflow.com/questions/40257968/slow-app-compilation-with-new-sierra-update/40605435#40605435

Curious why electron-builder is having this effect?

@stale stale bot added the backlog label Jul 1, 2019
@Arjan-Zuidema Arjan-Zuidema mentioned this issue Jul 3, 2019
Closed
@stale stale bot closed this as completed Jul 8, 2019
@develar develar added bug and removed backlog labels Jul 9, 2019
@develar develar reopened this Jul 9, 2019
@electron-userland electron-userland deleted a comment from stale bot Jul 9, 2019
@develar develar added the mac label Jul 9, 2019
@develar develar closed this as completed in 97684ca Jul 9, 2019
@rosso-ptg
Copy link

I was able to reproduce a situation where temporary keychains will not be properly cleaned up from ~/Library/Preferences/com.apple.security.plist resulting in what is described in the comments above.

  1. Log in with the user that executes the build
  2. Change the user password using the passwd command line utility - this will NOT change the keychain password
  3. Log out
  4. Log in (from the UI)

It seems that when logging in MacOS tries to unlock the login keychain using the login password. This obviously fails, since user and keychain passwords have now diverged. The login utility will silently nuke your old login keychain and create a new one. The file ~/Library/Preferences/com.apple.security.plist will be recreated and now be owned by root, not by the user.

I have not checked how electron-builder deletes temporary keychains from ~/Library/Preferences/com.apple.security.plist, but it now fails to do it properly - I assume due to the wrong file ownership.

This looks like a bug in MacOS to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug mac
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@develar @mikerogne @rosso-ptg @paulbennet