241658 2022-06-15 17:39:40 -0700 git webkit setup asks for api.github.com keychain access four times 2023-09-21 12:33:03 -0700 1 1 1 Unclassified WebKit Tools / Tests WebKit Nightly Build Unspecified Unspecified NEW InRadar P2 Normal --- 239082 1 ap webkit-unassigned bfan2 emw jbedard webkit-bug-importer oldest_to_newest 1876128 0 ap 2022-06-15 17:39:40 -0700 When I re-run `git webkit setup` to renew a GitHub access token, I'm asked to allow Python access to api.github.com in Keychain four times. This is very annoying, as I need to type my password every time. There is an "always allow" option, but that's super insecure, as any python script would then have the access. 1877511 1 webkit-bug-importer 2022-06-22 17:40:13 -0700 <rdar://problem/95736776> 1979073 2 emw 2023-09-21 11:04:25 -0700 One way we could work around this is by building a helper program that does the keychain access on behalf of git-webkit. I spent some time hacking on a little Swift program that would facilitate this months ago, but never finished: https://github.com/emw-apple/WebKit/tree/wip-git-webkit-credentials-program/Tools/git-webkit-credentials 1979099 3 ap 2023-09-21 12:33:03 -0700 We'd probably want git-webkit itself to be binary, for better security. It can call out to the existing script as necessary, so we don't need to rewrite it all. One question is how to actually get it signed.