goldwarden icon indicating copy to clipboard operation
goldwarden copied to clipboard
verified publisher icon quexten

Setup polkit : issue on Silverblue

Open artav4 opened this issue 2 years ago • 4 comments

Hello,

I have been trying to setup goldwarden in order to enable the usage of the fingerprint reader on the browser on Fedora Silverblue 39. I installed goldwarden through the RPM Package and Firefox was pre-installed. However, when I try to executre goldwarden setup polkit, I am faced to this:

panic: exit status 1

goroutine 1 [running]:
github.com/quexten/goldwarden/cmd.setupPolkit()
	/home/runner/work/goldwarden/goldwarden/cmd/setup_linux.go:33 +0x436
github.com/quexten/goldwarden/cmd.glob..func16(0xc96080?, {0x92d806?, 0x0?, 0x0?})
	/home/runner/work/goldwarden/goldwarden/cmd/setup_linux.go:65 +0x17
github.com/spf13/cobra.(*Command).execute(0xc96080, {0xd06198, 0x0, 0x0})
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:987 +0xa91
github.com/spf13/cobra.(*Command).ExecuteC(0xc95ac0)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x425
github.com/spf13/cobra.(*Command).Execute(...)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039
github.com/quexten/goldwarden/cmd.Execute({0x0, 0x0, {0x0, 0x0}, 0x0, {0xc0000322c0, 0x33}, 0x0, 0x0, {0x0, ...}, ...})
	/home/runner/work/goldwarden/goldwarden/cmd/root.go:35 +0x1fb
main.main()
	/home/runner/work/goldwarden/goldwarden/main.go:83 +0x965

artav4 avatar Jan 26 '24 22:01 artav4

Thanks for the report. I'm not sure if / how we can actually install the policy on silverblue since it seems to be read only?

On the other hand, it might make sense to just have an fprintd fallback for cases like this. Then, no setup is required.

quexten avatar Jan 27 '24 00:01 quexten

https://github.com/flatpak/xdg-desktop-portal/discussions/1275

quexten avatar Jan 30 '24 11:01 quexten

What do exactly the polkit setup action? I'm on NixOS and all the base system is read only, so if this try to modify a system file will be the cause of this error.

lfdominguez avatar Feb 07 '24 01:02 lfdominguez

So, polkit requires defining policies in a system directory (/usr/share/polkit-1/actions). If we want to authenticate with the system password/biometrics, and show a message such as "Goldwarden wants to authenticate you to unlock your vault", we need this policy. This is usually installed at the package level in other applications (rpm/deb/arch packagebuild). I'm not sure about the cli version on nixos, but for the flatpak this can't be done. Either a rpm ostree overwrite is necessary, or a modificationless authentication method.

That's why I linked https://github.com/flatpak/xdg-desktop-portal/discussions/1275, which discusses adding a portal API for authentication, which would fix this.

quexten avatar Feb 07 '24 08:02 quexten