Fix copying ephemeral keys to keychains #106973
Conversation
Starting on macOS Sequoia, at least in beta, SecKeychainitemCopyKeychain no longer returns errSecNoSuchKeychain for ephemeral keys. Instead, it returns errSecInvalidItemRef. This adds the error code in the handling logic for when we need to add an ephemeral key to the target keychain.
|
I assume this needs to be backported too? |
Yeah, to 9 and 8 at least. |
|
/backport to release/9.0 |
|
Started backporting to release/9.0: https://github.com/dotnet/runtime/actions/runs/10567540827 |
|
@bartonjs should we ba-g this? I've tried a few times to get those pipelines to pass and they are timing out for OSes unaffected by this change. |
|
/ba-g multiple timeouts on lanes that are not impacted by the change |
|
/backport to release/8.0 |
|
Started backporting to release/8.0: https://github.com/dotnet/runtime/actions/runs/10581683845 |
|
/backport to release/8.0-staging |
|
Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/10582066842 |
|
/backport to release/6.0-staging |
|
Yeah, we're gonna try for 6.0. |
|
Started backporting to release/6.0-staging: https://github.com/dotnet/runtime/actions/runs/10582403063 |
Starting on macOS Sequoia, at least in beta, SecKeychainitemCopyKeychain no longer returns errSecNoSuchKeychain for ephemeral keys. Instead, it returns errSecInvalidItemRef. This adds the error code in the handling logic for when we need to add an ephemeral key to the target keychain.
Starting on macOS Sequoia, at least in beta, SecKeychainitemCopyKeychain no longer returns errSecNoSuchKeychain for ephemeral keys. Instead, it returns errSecInvalidItemRef.
This adds the error code in the handling logic for when we need to add an ephemeral key to the target keychain.
Fixes #106775
With this change, I get a clean run of the S.S.C tests on Sequoia.
