It occurred to me that throughout my High Sierra/Keychain Access ordeal I never thought to, nor did anybody ever suggest that I, install via simple upgrade, rather than clean install & migration of data, so I just did an upgrade (on an external volume), and my results were consistent with my previously reported results: my "upgraded" login keychain was
depopulated, and my keychain password no longer differed from my login password.
:shrug:
As I said...Really!
More: I don't think I've ever mentioned that I've run into the same bug with both HFS+ and APFS formatting.
I am not surprised there is no difference in results between HFS+ and APFS as the APFS virtualization layer is specifically intended to make what is going on in the data storage layer absolutely invisible to anything in the applications layer and all indications are it works very well.
As to clean
vs. upgrade install the MacOS installer has become very adept at minimizing the effective differences between the two. The only thing the upgrade installer cannot do is identify and eliminate detritus left over from long ago discarded applications, extensions,
etc. and that is because it has no way of knowing all of that information or what you might want to keep or discard.
The rationale behind Apple's decision to enforce user and login keychain passwords to match someone familiar. with Apple's security changes will have to explain. Probably not Tim Cook, but someone who reports to him. (I wonder how many users that change has impacted? I suspect very few.) I would posit the decision has as much to do with the advent of the iCloud Keychain as anything else. (See
this FAQ for more information abut the iCloud Keychain and its options for storing data on your Mac and/or on iCloud — yeah, yeah I know how much you love iCloud but it is getting harder to ignore. )
I have wondered whether your issue is actually the password difference or just perhaps an obscure glitch in your login keychain file structure itself. If you are still curious and have time for some experimentation you might try:
- To potentially eliminate the password as the issue:
- change your login keychin password to match your account password.
- Run the update/upgrade and see if the login password has been depopulated
- If it has NOT been depopulated then the issue is more likely a formatting or other glitch in the login keychain file.
- To Fix a damaged keychain file:
- Since Apple removed Keychain First Aid there is no simple way to repair a damaged keychain file
- The only option is to EXPORT the data from your old login keychain before the update/upgrade
- perform the update/upgrade
- IMPORT the data from your old login keychain into the newly created but depopulated login keychain
- Somewhere in that process change the new login keychain password to whatever you want.
