refactor(secrets): remove Keychain trust env toggle

2025-12-26 08:33:34 +00:00 · 2025-12-26 08:33:34 +00:00 · e8dc1af8a1
commit e8dc1af8a1
parent 5d28df8efe
3 changed files with 8 additions and 43 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,11 @@
 # Changelog

+## 0.2.2 - Unreleased
+
+### Changed
+
+- macOS: always trust the `gog` binary in Keychain (removed `GOG_KEYCHAIN_TRUST_APPLICATION`).
+
 ## 0.2.1 - 2025-12-26

 ### Fixed
--- a/internal/secrets/store.go
+++ b/internal/secrets/store.go
@ -33,10 +33,7 @@ type Token struct {
 	RefreshToken string    `json:"-"`
 }

-const (
-	keyringPasswordEnv          = "GOG_KEYRING_PASSWORD"
-	keychainTrustApplicationEnv = "GOG_KEYCHAIN_TRUST_APPLICATION"
-)
+const keyringPasswordEnv = "GOG_KEYRING_PASSWORD"

 func fileKeyringPasswordFuncFrom(password string, isTTY bool) keyring.PromptFunc {
 	if password != "" {
@ -56,23 +53,6 @@ func fileKeyringPasswordFunc() keyring.PromptFunc {
 	return fileKeyringPasswordFuncFrom(os.Getenv(keyringPasswordEnv), term.IsTerminal(int(os.Stdin.Fd())))
 }

-func shouldTrustKeychainApplication() bool {
-	if runtime.GOOS != "darwin" {
-		return false
-	}
-
-	v := strings.TrimSpace(strings.ToLower(os.Getenv(keychainTrustApplicationEnv)))
-	if v == "" {
-		return true
-	}
-	switch v {
-	case "0", "false", "no", "off":
-		return false
-	default:
-		return true
-	}
-}
-
 func OpenDefault() (Store, error) {
 	// On Linux/WSL/containers, OS keychains (secret-service/kwallet) may be unavailable.
 	// In that case github.com/99designs/keyring falls back to the "file" backend,
@ -84,7 +64,7 @@ func OpenDefault() (Store, error) {

 	ring, err := keyring.Open(keyring.Config{
 		ServiceName:              config.AppName,
-		KeychainTrustApplication: shouldTrustKeychainApplication(),
+		KeychainTrustApplication: runtime.GOOS == "darwin",
 		FileDir:                  keyringDir,
 		FilePasswordFunc:         fileKeyringPasswordFunc(),
 	})
--- a/internal/secrets/store_keychain_darwin_test.go
+++ b/internal/secrets/store_keychain_darwin_test.go
@ -1,21 +0,0 @@
-//go:build darwin
-
-package secrets
-
-import (
-	"testing"
-)
-
-func TestShouldTrustKeychainApplication_DefaultsTrue(t *testing.T) {
-	t.Setenv(keychainTrustApplicationEnv, "")
-	if !shouldTrustKeychainApplication() {
-		t.Fatalf("expected true")
-	}
-}
-
-func TestShouldTrustKeychainApplication_CanDisable(t *testing.T) {
-	t.Setenv(keychainTrustApplicationEnv, "0")
-	if shouldTrustKeychainApplication() {
-		t.Fatalf("expected false")
-	}
-}