Jan, Thanks for your thoughts.
One of the guiding principles that I set for this project is that everything that works on another platform should continue to work the same on macOS (when Fossil is built with keychain integration). These changes should be additive only, not disruptive. For instance, a user that is accustomed to using Fossil on Linux shouldn’t notice anything missing if they happen to be using Fossil on macOS. > On Apr 14, 2017, at 6:15 AM, Jan Danielsson <[email protected]> > wrote: > > I'm all for idiomatic approaches. That said: > > - Will it work without a gui (i.e. when you log in via ssh, will you > be able to access the private key from the keystore without entering > your password on a desktop prompt)? Yes. I do a lot of remote and scripting work too. I’m working to make sure that everything works seamlessly in those environments (i.e. no gui). > - Compatibility with "use PEM file on disk" needs to be retained on > Mac. I have scripted build systems which run on NetBSD, macOS and Linux > which clone repositories using client certificates. These scripts > quickly become a pain to maintain when there are too many differences > between the platforms. Yes, see my guiding principle above. The command line option --ssl-identity continues to work as it does on other platforms with PEM files on disk. > In the original client certificate support for fossil, there was one > extra level of indirection; instead of pointing out a file, one used a > symbolic name (which would point to a file in the "PEM in disk" case), > but the idea was that this could be used to point to other locations, > such as an entry in a keychain. I'm curious to see how your solution > works with regards to client certificates/keys. Yes, if the symbolic name provided with --ssl-identity doesn’t happen to point to a PEM file on disk, we can use that symbolic name to look for a named identity in the keychain. Regards, -- Ryan _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
