search

quexten / goldwarden

A feature-packed Bitwarden compatible desktop client
MIT License
673 stars 19 forks source link

Setup polkit : issue on Silverblue #90

Open artav4 opened 7 months ago

artav4 commented 7 months ago

Hello,

I have been trying to setup goldwarden in order to enable the usage of the fingerprint reader on the browser on Fedora Silverblue 39. I installed goldwarden through the RPM Package and Firefox was pre-installed. However, when I try to executre goldwarden setup polkit, I am faced to this:

panic: exit status 1

goroutine 1 [running]:
github.com/quexten/goldwarden/cmd.setupPolkit()
    /home/runner/work/goldwarden/goldwarden/cmd/setup_linux.go:33 +0x436
github.com/quexten/goldwarden/cmd.glob..func16(0xc96080?, {0x92d806?, 0x0?, 0x0?})
    /home/runner/work/goldwarden/goldwarden/cmd/setup_linux.go:65 +0x17
github.com/spf13/cobra.(*Command).execute(0xc96080, {0xd06198, 0x0, 0x0})
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987 +0xa91
github.com/spf13/cobra.(*Command).ExecuteC(0xc95ac0)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115 +0x425
github.com/spf13/cobra.(*Command).Execute(...)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039
github.com/quexten/goldwarden/cmd.Execute({0x0, 0x0, {0x0, 0x0}, 0x0, {0xc0000322c0, 0x33}, 0x0, 0x0, {0x0, ...}, ...})
    /home/runner/work/goldwarden/goldwarden/cmd/root.go:35 +0x1fb
main.main()
    /home/runner/work/goldwarden/goldwarden/main.go:83 +0x965
quexten commented 7 months ago

Thanks for the report. I'm not sure if / how we can actually install the policy on silverblue since it seems to be read only?

On the other hand, it might make sense to just have an fprintd fallback for cases like this. Then, no setup is required.

quexten commented 6 months ago

https://github.com/flatpak/xdg-desktop-portal/discussions/1275

lfdominguez commented 6 months ago

What do exactly the polkit setup action? I'm on NixOS and all the base system is read only, so if this try to modify a system file will be the cause of this error.

quexten commented 6 months ago

So, polkit requires defining policies in a system directory (/usr/share/polkit-1/actions). If we want to authenticate with the system password/biometrics, and show a message such as "Goldwarden wants to authenticate you to unlock your vault", we need this policy. This is usually installed at the package level in other applications (rpm/deb/arch packagebuild). I'm not sure about the cli version on nixos, but for the flatpak this can't be done. Either a rpm ostree overwrite is necessary, or a modificationless authentication method.

That's why I linked https://github.com/flatpak/xdg-desktop-portal/discussions/1275, which discusses adding a portal API for authentication, which would fix this.