remove SEP backend, requires Xcode provisioning profile

2026-04-14 00:04:06 +09:00 · 2026-03-22 18:27:43 +09:00
parent 8422e5eae7
commit f2c25da1aa
7 changed files with 3 additions and 119 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/17
+++ b/17
@@ -1,6 +1,4 @@
 PREFIX ?= $(HOME)/.local/bin
-IDENTITY ?= -
-TEAM_ID ?= NONE

 all:
 	cargo build --release
@@ -10,18 +8,8 @@ install: all
 	install -m 755 target/release/bw-agent $(PREFIX)/bw-agent
 	install -m 755 target/release/bw-proxy $(PREFIX)/bw-proxy

-sep:
-	@if [ "$(TEAM_ID)" = "NONE" ]; then echo "error: TEAM_ID required (make sep TEAM_ID=... IDENTITY=...)"; exit 1; fi
-	mkdir -p target/release
-	sed 's/TEAM_ID/$(TEAM_ID)/' src/sep/sep-helper.entitlements > target/release/sep-helper.entitlements
-	swiftc -O -o target/release/sep-helper src/sep/sep-helper.swift
-	codesign --force --sign "$(IDENTITY)" --entitlements target/release/sep-helper.entitlements target/release/sep-helper
-
-install-sep: sep
-	install -m 755 target/release/sep-helper $(PREFIX)/sep-helper
-
 uninstall:
-	rm -f $(PREFIX)/bw-agent $(PREFIX)/bw-proxy $(PREFIX)/sep-helper
+	rm -f $(PREFIX)/bw-agent $(PREFIX)/bw-proxy

 launchd:
 	mkdir -p $(HOME)/Library/LaunchAgents
@@ -48,6 +36,5 @@ systemd-unload:

 clean:
 	cargo clean
-	rm -f target/release/sep-helper

-.PHONY: all install sep install-sep uninstall launchd launchd-unload systemd systemd-unload clean
+.PHONY: all install uninstall launchd launchd-unload systemd systemd-unload clean
--- a/src/.DS_Store
+++ b/src/.DS_Store
--- a/src/sep/sep-helper.swift
+++ b/src/sep/sep-helper.swift
--- a/src/sep/sep-helper.entitlements
+++ b/src/sep/sep-helper.entitlements
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-    <key>keychain-access-groups</key>
-    <array>
-        <string>TEAM_ID.com.bitwarden.agent</string>
-    </array>
-</dict>
-</plist>
--- a/src/storage/mod.rs
+++ b/src/storage/mod.rs
@@ -1,5 +1,4 @@
 pub mod pin;
-pub mod sep;

 pub trait KeyStore {
    fn name(&self) -> &str;
@@ -13,15 +12,7 @@ pub trait KeyStore {

 pub fn get_backend(preferred: Option<&str>) -> Box<dyn KeyStore> {
    match preferred {
-        Some("pin") => Box::new(pin::PinKeyStore::new(None)),
-        Some("sep") => Box::new(sep::SEPKeyStore::new()),
-        None => {
-            let s = sep::SEPKeyStore::new();
-            if s.is_available() {
-                return Box::new(s);
-            }
-            Box::new(pin::PinKeyStore::new(None))
-        }
+        Some("pin") | None => Box::new(pin::PinKeyStore::new(None)),
        Some(other) => crate::log::fatal(&format!("unknown backend: {other}")),
    }
 }
--- a/src/storage/sep.rs
+++ b/src/storage/sep.rs
@@ -1,84 +0,0 @@
-use std::path::PathBuf;
-use std::process::Command;
-
-use base64::{engine::general_purpose::STANDARD as B64, Engine};
-
-use super::KeyStore;
-
-fn helper_path() -> PathBuf {
-    let exe = std::env::current_exe().unwrap_or_default();
-    let dir = exe.parent().unwrap_or(std::path::Path::new("."));
-    dir.join("sep-helper")
-}
-
-pub struct SEPKeyStore;
-
-impl SEPKeyStore {
-    pub fn new() -> Self {
-        Self
-    }
-}
-
-impl KeyStore for SEPKeyStore {
-    fn name(&self) -> &str {
-        "sep"
-    }
-
-    fn is_available(&self) -> bool {
-        helper_path().exists()
-    }
-
-    fn has_key(&self, uid: &str) -> bool {
-        Command::new(helper_path())
-            .args(["has", uid])
-            .output()
-            .map(|o| o.status.success())
-            .unwrap_or(false)
-    }
-
-    fn store(&self, uid: &str, data: &[u8], auth: &str) -> Result<(), String> {
-        let b64 = B64.encode(data);
-        let out = Command::new(helper_path())
-            .args(["store", uid, auth])
-            .stdin(std::process::Stdio::piped())
-            .stdout(std::process::Stdio::piped())
-            .stderr(std::process::Stdio::piped())
-            .spawn()
-            .and_then(|mut child| {
-                use std::io::Write;
-                child.stdin.take().unwrap().write_all(b64.as_bytes())?;
-                child.wait_with_output()
-            })
-            .map_err(|e| e.to_string())?;
-
-        if !out.status.success() {
-            return Err(String::from_utf8_lossy(&out.stderr).trim().to_string());
-        }
-        Ok(())
-    }
-
-    fn load(&self, uid: &str, auth: &str) -> Result<Vec<u8>, String> {
-        let out = Command::new(helper_path())
-            .args(["load", uid, auth])
-            .output()
-            .map_err(|e| e.to_string())?;
-
-        if !out.status.success() {
-            return Err(String::from_utf8_lossy(&out.stderr).trim().to_string());
-        }
-
-        let b64 = String::from_utf8_lossy(&out.stdout).trim().to_string();
-        B64.decode(&b64).map_err(|e| e.to_string())
-    }
-
-    fn remove(&self, uid: &str) {
-        Command::new(helper_path())
-            .args(["remove", uid])
-            .output()
-            .ok();
-    }
-
-    fn find_key(&self) -> Option<String> {
-        None
-    }
-}