hwchen
diff --git a/‎.github/workflows/ci.yaml
+22-22 b/‎.github/workflows/ci.yaml
+22-22
diff --git a/‎.github/workflows/doctest.yaml
-1 b/‎.github/workflows/doctest.yaml
-1
diff --git a/‎CHANGELOG.md
+8 b/‎CHANGELOG.md
+8
diff --git a/‎Cargo.toml
+19-37 b/‎Cargo.toml
+19-37
diff --git a/‎README.md
+17-26 b/‎README.md
+17-26
diff --git a/‎examples/ios.rs
+1-1 b/‎examples/ios.rs
+1-1
@@ -37,37 +37,28 @@ jobs:
       - name: Build and Test
         env:
           RUST_LOG: debug
-        run: cargo test --features=apple-native,windows-native --verbose
+        run: cargo test --verbose
 
       - name: Build the CLI release
-        run: cargo build --release --features=apple-native,windows-native --example keyring-cli
+        run: cargo build --release --example keyring-cli
 
   ci_nix:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        features:
-          - "linux-native"
-          - "sync-secret-service"
-          - "linux-native,sync-secret-service"
-          - "sync-secret-service,crypto-rust"
-          - "sync-secret-service,crypto-openssl"
-          - "async-secret-service,tokio,crypto-rust"
-          - "async-secret-service,async-io,crypto-rust"
-          - "async-secret-service,tokio,crypto-openssl"
-          - "async-secret-service,async-io,crypto-openssl"
-          - "linux-native-sync-persistent,crypto-rust"
-          - "linux-native-sync-persistent,crypto-openssl"
-          - "linux-native-async-persistent,tokio,crypto-rust"
-          - "linux-native-async-persistent,async-io,crypto-rust"
-          - "linux-native-async-persistent,tokio,crypto-openssl"
-          - "linux-native-async-persistent,async-io,crypto-openssl"
+        features: ['', 'encrypted', 'vendored']
 
     steps:
-      - name: Install CI dependencies
+      - name: Install secret service
         run: |
           sudo apt update -y
-          sudo apt install -y libdbus-1-dev libssl-dev gnome-keyring
+          sudo apt install -y gnome-keyring
+
+      - name: Install dbus dynamic lib
+        if: matrix.features != 'vendored'
+        run: |
+          sudo apt update -y
+          sudo apt install -y libdbus-1-dev
 
       - name: Fetch head
         uses: actions/checkout@v4
@@ -76,6 +67,7 @@ jobs:
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           toolchain: stable
+          components: rustfmt, clippy
 
       - name: Cache dependencies
         uses: actions/cache@v4
@@ -86,6 +78,14 @@ jobs:
             target
           key: $test-cache-${{ steps.toolchain.outputs.rustc_hash }}-${{ hashFiles('**/Cargo.lock') }}
 
+      - name: Format check
+        if: matrix.features != 'vendored'
+        run: cargo fmt --all -- --check
+
+      - name: Clippy check
+        if: matrix.features != 'vendored'
+        run: cargo clippy -- -D warnings
+
       - name: Start gnome-keyring
         # run gnome-keyring with 'foobar' as password for the login keyring
         # this will create a new login keyring and unlock it
@@ -124,8 +124,8 @@ jobs:
       - name: Install rust MSRV
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.75
+          toolchain: 1.85
           components: clippy
 
       - name: Clippy check
-        run: cargo clippy --features=linux-native -- -D warnings
+        run: cargo clippy --features=vendored -- -D warnings
@@ -32,7 +32,6 @@ jobs:
 
       - name: Build docs
         run: |
-          FEATURES="apple-native, windows-native, linux-native-sync-persistent, crypto-rust"
           RUSTDOCFLAGS="--cfg docsrs" \
             cargo +nightly doc --no-deps --features "$FEATURES" --target ${{ matrix.target }} -Zbuild-std
 
@@ -1,3 +1,11 @@
+## Version 4.0
+- Remove all keystores but apple-native, windows-native, and secret-service.
+- Remove use of the async secret-service crate.
+- Remove ability to use openssl crypto with secret-service.
+- Rework the feature set.
+- Rework the way the "default" credential builder is set.
+- Move to Rust edition 2024, MSRV 1.85
+
 ## Version 3.6.2
 - Have docs.rs build docs for all modules on all platforms (thanks to @unkcpz - see #235).
 - Switch to `fastrand` for tests (see #237).
 
@@ -2,59 +2,42 @@
 authors = ["Walther Chen <[email protected]>", "Daniel Brotsky <[email protected]>"]
 description = "Cross-platform library for managing passwords/credentials"
 homepage = "https://github.com/hwchen/keyring-rs"
-keywords = ["password", "credential", "keychain", "keyring", "cross-platform"]
+keywords = ["password", "credential", "keychain", "secret-service", "cross-platform"]
 license = "MIT OR Apache-2.0"
 name = "keyring"
 repository = "https://github.com/hwchen/keyring-rs.git"
-version = "3.6.2"
-rust-version = "1.75"
-edition = "2021"
+version = "4.0.0-alpha.1"
+rust-version = "1.85"
+edition = "2024"
 exclude = [".github/"]
 readme = "README.md"
 
 [features]
-linux-native = ["dep:linux-keyutils"]
+default = ["apple-native", "secret-service", "windows-native"]
+
+## Use the built-in Keychain Services on macOS and iOS
 apple-native = ["dep:security-framework"]
+## Use the secret-service on *nix.
+secret-service = ["dep:dbus-secret-service"]
+## Use the built-in credential store on Windows
 windows-native = ["dep:windows-sys", "dep:byteorder"]
 
-linux-native-sync-persistent = ["linux-native", "sync-secret-service"]
-linux-native-async-persistent = ["linux-native", "async-secret-service"]
-sync-secret-service = ["dep:dbus-secret-service"]
-async-secret-service = ["dep:secret-service", "dep:zbus"]
-crypto-rust = ["dbus-secret-service?/crypto-rust", "secret-service?/crypto-rust"]
-crypto-openssl = ["dbus-secret-service?/crypto-openssl", "secret-service?/crypto-openssl"]
-tokio = ["zbus?/tokio"]
-async-io = ["zbus?/async-io"]
-vendored = ["dbus-secret-service?/vendored", "openssl?/vendored"]
+## Link any external required libraries statically
+vendored = ["dbus-secret-service?/vendored"]
+## Encrypt values when passing them to/from the keystore, if supported.
+encrypted = []
 
 [dependencies]
-log = "0.4.22"
-openssl = { version = "0.10.66", optional = true }
+log = "0.4"
 
-[target.'cfg(target_os = "macos")'.dependencies]  # see issue #190
+[target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
 security-framework = { version = "3", optional = true }
 
-[target.'cfg(target_os = "ios")'.dependencies]  # see issue #190
-security-framework = { version = "2", optional = true }
-
-[target.'cfg(target_os = "linux")'.dependencies]
-secret-service = { version = "4", optional = true }
-zbus = { version = "4", optional = true }
-linux-keyutils = { version = "0.2", features = ["std"], optional = true }
-dbus-secret-service = { version = "4.0.0-rc.2", optional = true }
-
-[target.'cfg(target_os = "freebsd")'.dependencies]
-secret-service = { version = "4", optional = true }
-zbus = { version = "4", optional = true }
-dbus-secret-service = { version = "4.0.1", optional = true }
-
-[target.'cfg(target_os = "openbsd")'.dependencies]
-secret-service = { version = "4", optional = true }
-zbus = { version = "4", optional = true }
-dbus-secret-service = { version = "4.0.0-rc.1", optional = true }
+[target.'cfg(any(target_os = "linux",target_os = "freebsd", target_os = "openbsd"))'.dependencies]
+dbus-secret-service = { version = "4", features = ["crypto-rust"], optional = true }
 
 [target.'cfg(target_os = "windows")'.dependencies]
-byteorder = { version = "1.2", optional = true }
+byteorder = { version = "1", optional = true }
 windows-sys = { version = "0.59", features = ["Win32_Foundation", "Win32_Security_Credentials"], optional = true }
 
 [[example]]
@@ -79,4 +62,3 @@ whoami = "1.5"
 [package.metadata.docs.rs]
 default-target = "x86_64-unknown-linux-gnu"
 targets = ["x86_64-unknown-linux-gnu", "aarch64-apple-darwin", "aarch64-apple-ios", "x86_64-pc-windows-msvc"]
-features = ["apple-native", "windows-native", "linux-native-sync-persistent", "crypto-rust"]
@@ -9,15 +9,15 @@ A cross-platform library to manage storage and retrieval of passwords (and other
 
 ## Usage
 
-To use this crate in your project, you must include it in your `Cargo.toml` and specify a feature for each supported credential store you want to use. For example, if you want to use the platform credential stores on Mac and Win, and use the Secret Service (synchronously) on Linux and \*nix platforms, you would add a snippet such as this to your `[dependencies]` section:
+To use this crate in your project, include it in your `Cargo.toml` and don't disable the default features:
 
 ```toml
-keyring = { version = "3", features = ["apple-native", "windows-native", "sync-secret-service"] }
+keyring = "4"
 ```
 
 This will give you access to the `keyring` crate in your code. Now you can use the `Entry::new` function to create a new keyring entry. The `new` function takes a service name and a user's name which together identify the entry.
 
-Passwords (strings) or secrets (binary data) can be added to an entry using its `set_password` or `set_secret` methods, respectively. (These methods create an entry in the underlying credential store.) The password or secret can then be read back using the `get_password` or `get_secret` methods. The underlying credential (with its password/secret data) can then be removed using the `delete_credential` method.
+Passwords (strings) or secrets (binary data) can be added to an entry using its `set_password` or `set_secret` methods, respectively. (These methods create an entry in the underlying platform's persistent credential store.) The password or secret can then be read back using the `get_password` or `get_secret` methods. The underlying credential (with its password/secret data) can then be removed using the `delete_credential` method.
 
 ```rust
 use keyring::{Entry, Result};
@@ -40,9 +40,9 @@ Creating and operating on entries can yield a `keyring::Error` which provides bo
 
 The keychain-rs project contains a sample application (`keyring-cli`) and a sample library (`ios`).
 
-The `keyring-cli` application is a command-line interface to the full functionality of the keyring. Invoke it without arguments to see usage information. It handles binary data input and output using base64 encoding. It can be installed using `cargo install` and used to experiment with library functionality. It can also be used when debugging keyring-based applications to probe the contents of the credential store; just be sure to build it using the same features/credential stores that are used by your application.
+The `keyring-cli` application is a command-line interface to the full functionality of the keyring. Invoke it without arguments to see usage information. It handles binary data input and output using base64 encoding. It can be installed using `cargo install` and used to experiment with library functionality. It can also be used when debugging keyring-based applications to probe the contents of the credential store.
 
-The `ios` library is a full exercise of all the iOS functionality; it's meant to be loaded into an iOS test harness such as the one found in [this project](https://github.com/brotskydotcom/rust-on-ios). While the library can be compiled and linked to on macOS as well, doing so doesn't provide any advantages over using the crate directly.
+The `ios` library is a full exercise of all the iOS functionality; it's meant to be loaded into an iOS test harness such as the one found in [this project](https://github.com/brotskydotcom/rust-on-ios).
 
 ## Client Testing
 
@@ -56,44 +56,35 @@ This crate allows clients to "bring their own credential store" by providing tra
 
 This crate provides built-in implementations of the following platform-specific credential stores:
 
-* _Linux_: The DBus-based Secret Service, the kernel keyutils, and a combo of the two.
-* _FreeBSD_, _OpenBSD_: The DBus-based Secret Service.
-* _macOS_, _iOS_: The local keychain.
+* _Linux_, _FreeBSD_, _OpenBSD_: The DBus-based Secret Service.
+* _macOS_, _iOS_: Keychain Services.
 * _Windows_: The Windows Credential Manager.
 
-To enable the stores you want, you use features: there is one feature for each possibly-included credential store. If you specify a feature (e.g., `dbus-secret-service`) _and_ your target platform (e.g., `freebsd`) supports that credential store, it will be included as the default credential store in that build. That way you can have a build command that specifies a single credential store for each of your target platforms, and use that same build command for all targets.
-
-If you don't enable any credential stores that are supported on a given platform, the _mock_ keystore will be the default on that platform. See the [developer docs](https://docs.rs/keyring/) for details of which features control the inclusion of which credential stores.
-
 ### Platform-specific issues
 
 Since neither the maintainers nor GitHub do testing on BSD variants, we rely on contributors to support these platforms. Thanks for your help!
 
 If you use the *Secret Service* as your credential store, be aware of the following:
 
-* Access to credential stores via this crate is always *synchronous*; that is, it blocks the thread on which it was invoked.  This is true *even if* your feature set specifies using the Zbus-based `secret-service` crate, which offers an async interface, because this crate always uses the blocking interface.  If your application is using an async runtime already, and you build with the `async-secret-service` feature in this crate, you should (1) specify the same async runtime you are using as a feature for this crate, and (2) be sure to have a separate thread that is used for all `keyring` calls that access the credential store. Failure to use a separate thread is known to cause deadlocks.
-* Because credential store access from this crate is always synchronous, there is really no reason not to use the `sync-secret-service` feature (rather than `async-secret-service`) with this crate, *even if* your code is already using one of the async runtimes. Yes, this feature requires that `libdbus` be installed on your user’s machines, but it is by default in all desktop OS installs that include a Secret Service implementation (such as the Gnome Keyring or the KWallet). If you want to be extra careful, you can use the additional `vendored` feature to this crate to statically link the dbus library with your app so it’s not required on user machines. Just keep in mind that, in the event of an update to `libdbus`, using the `vendored` feature will require a rebuild of your app to get the `libdbus` update to your users.
-* Every call to the Secret Service is done via an inter-process call, which takes time (typically tens if not hundreds of milliseconds). If, for some reason, your code is pounding on the Secret Service like a database, you will want to implement a write-through transactional backing cache to protect your users from slowdowns. The `mock` credential store can be adapted for this purpose.
+* This implementation requires that `libdbus` be installed on user machines. If you have users whose machines might not have `libdbus` installed, you can specify the `vendored` when building this crate to statically link the dbus library with your app.
+* Every call to the Secret Service is done via an inter-process call, which takes time (typically tens if not hundreds of milliseconds).
+* By default, this implementation does not encrypt secrets when sending them to or fetching them from the Dbus. If you want them encrypted, you can specify the `encrypted` feature when building this crate.
 
 If you use the *Windows-native credential store*, be careful about multi-threaded access, because the Windows credential store does not guarantee your calls will be serialized in the order they are made.  Always access any single credential from just one thread at a time, and if you are doing operations on multiple credentials that require a particular serialization order, perform all those operations from the same thread.
 
-The *macOS and iOS credential stores* do not allow service or user names to be empty, because empty fields are treated as wildcards on lookup.  Use some default, non-empty value instead.
-
-## Upgrading from v2
-
-The major functional change between v2 and v3 is the addition of synchronous support for the Secret Service via the [dbus-secret-service crate](https://crates.io/crates/dbus-secret-service). This means that keyring users of the Secret Service no longer need to link with an async runtime. (There are other advantages as well; see [above](#platform-specific-issues) for details.)
+The *macOS and iOS credential stores* do not allow service names or usernames to be empty, because empty fields are treated as wildcards on lookup.  Use some default, non-empty value instead.
 
-The main API change between v2 and v3 is the addition of support for non-string (i.e., binary) "password" data. To accommodate this, two changes have been made:
+## Upgrading from v3
 
-1. There are two new methods on `Entry` objects: `set_secret` and `get_secret`. These are the analogs of `set_password` and `get_password`, but instead of taking or returning strings they take or return binary data (byte arrays/vectors).
+There are no functional API changes between v4 and v3; all the changes are in the keystores and how they are specified.
 
-2. The v2 method `delete_password` has been renamed `delete_credential`, both to clarify what's actually being deleted and to emphasize that it doesn't matter whether it's holding a "password" or a "secret".
+Version 4 of this crate removes a number of the built-in credential stores that were available in version 3, namely the async secret service and linux keyutils.
 
-Another API change between v2 and v3 is that the notion of a default feature set has gone away: you must now specify explicitly which crate-supported keystores you want included (other than the `mock` keystore, which is always present). So all keyring client developers will need to update their `Cargo.toml` file to use the new features correctly.
+Version 4 of this crate also dispenses with the need to explicitly specify which credential store you want to use on each platform. Instead, the default feature set provides a single credential store on each platform. If you would rather bring your own store, and not build this crate's built-in ones, you can simply suppress the default feature set.
 
-All v2 data is fully forward-compatible with v3 data; there have been no changes at all in that respect.
+All v2/v3 data is fully forward-compatible with v4 data; there have been no changes at all in that respect.
 
-The MSRV has been moved to 1.75, and all direct dependencies are at their latest stable versions.
+The Rust edition of this crate has moved to 2024, and the MSRV has moved to 1.85.
 
 ## License
 
 
@@ -1,6 +1,6 @@
 use keyring::{Entry, Error};
 
-#[no_mangle]
+#[unsafe(no_mangle)]
 extern "C" fn test() {
     test_invalid_parameter();
     test_empty_keyring();