mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-28 02:18:50 +00:00
ac608d560a
Unlike the App extension which runs as the user, the system extension introduced in macOS client 1.4.0 runs as `root` and thus cannot read the App Group container directory for the GUI process. However, both processes can read and write to the shared Keychain, which is how we pass the token between the two processes already. This PR does two things: 1. Tries to read an existing `firezone-id` from the pre-1.4.0 App Group container upon app launch. This needs to be done from the GUI process. If found, it stores it in the Keychain. 1. Refactors the `firezone-id` to be stored in the Keychain instead of a plaintext file going forward. The Keychain API is also cleaned up and abstracted to be more ergonomic to use for both Token and Firezone ID storage purposes.