remove all old crypt mechs and only use the new one

Filevault.swift

@@ -259,9 +259,9 @@ private func handleFileVaultOutput(outputData: Data, filepath: String) throws ->
     let systemKeychainPath = "/Library/Keychains/System.keychain"
     var read_apps = getPref(key: .AppsAllowedToReadKey) as! [String]
     var change_apps = getPref(key: .AppsAllowedToChangeKey) as! [String]
-    // we need to insert empty strings into the arrays which will add the Authorization Framwork paths into lists so we can read and write the key later on.
-    read_apps.insert("", at: 0)
-    change_apps.insert("", at: 0)
+    // we need to append empty strings into the arrays which will add the Authorization Framwork paths into lists so we can read and write the key later on.
+    read_apps.append("")
+    change_apps.append("")
     let invisible = getPref(key: .InvisibleInKeychain) as! Bool
     let label: String = "com.grahamgilbert.crypt.recovery"
     guard syncRecoveryKeyToKeychain(label: label, recoveryKey: recoveryKey, keychain: systemKeychainPath, apps: read_apps, owners: change_apps, makeInvisible: invisible) else {

pkg/authmechs/authemechs.go

@@ -12,9 +12,10 @@ import (
 )
 
 var (
-	fv2Mechs       = []string{"Crypt:Check,privileged", "Crypt:CryptGUI", "Crypt:Enablement,privileged"}
-	fv2IndexMech   = "loginwindow:done"
-	fv2IndexOffset = 0
+	fv2Mechs         = []string{"Crypt:Check,privileged"}
+	fv2MechsToRemove = []string{"Crypt:Check,privileged", "Crypt:CryptGUI", "Crypt:Enablement,privileged"}
+	fv2IndexMech     = "loginwindow:done"
+	fv2IndexOffset   = 0
 )
 
 type AuthDB struct {
@@ -55,7 +56,7 @@ func checkMechsInDB(db AuthDB, mechList []string, indexMech string, indexOffset
 }
 
 func setMechsInDB(db AuthDB, mechList []string, indexMech string, indexOffset int, add bool) AuthDB {
-	db = removeMechsInDB(db, mechList)
+	db = removeMechsInDB(db, fv2MechsToRemove)
 
 	if add {
 		insertIndex := indexOf(db.Mechanisms, indexMech) + indexOffset