goldwarden icon indicating copy to clipboard operation
goldwarden copied to clipboard

Published 20 hours ago verified publisher icon quexten

Windows & Mac Support

Open quexten opened this issue 2 years ago • 21 comments
trafficstars

Windows

  • [x] CI Build
  • [x] Basic functionality tested
  • [x] Fido2 login
  • [x] Autotype (using pyautogui)
  • [ ] Authorization (Windows Hello - Missing Golang Binding, probably easiest with https://github.com/NordSecurity/uniffi-bindgen-go wrapper around the windows rust api)
  • [x] SSH agent
  • [x] Pinentry
  • [ ] GTK UI
  • [ ] Autostart daemon
  • [x] Notifications
  • [ ] scooop package
  • [ ] winget package
  • [ ] gui msi

Mac

  • [x] CI Build
  • [x] Basic functionality tested
  • [x] Fido2 login
  • [x] Autotype (using pyautogui)
  • [x] Authorization (Touchid)
  • [x] SSH agent
  • [x] Pinentry
  • [x] GTK UI
  • [ ] Autostart daemon
  • [x] Notifications
  • [ ] brew package
  • [ ] gui package

quexten avatar Aug 24 '23 20:08 quexten

Macos and windows build are now added on every release. They might not support all features as they are not tested much.

quexten avatar Sep 19 '23 23:09 quexten

In case anyone is wondering, it's not usable yet on Windows.

  • [x] Can't log in without setting a pin, but setting pin is not implemented
  • [ ] No setup command to install as a service (can probably be worked around by running daemonize as a startup program)
  • [x] If it closes/crashes, sockets are left behind, and then it will refuse to start because the sockets exist (#94)

lalomartins avatar Feb 02 '24 23:02 lalomartins

At least setting pin is implemented now.

quexten avatar Feb 03 '24 22:02 quexten

I'll give it a spin when you make a release, and let you know how well it works.

I'd offer to contribute code, but Go is not one of my languages 😅 I guess at least I can pitch in as a tester. I'd be happy to help with documentation too, when it's mature enough.

lalomartins avatar Feb 03 '24 22:02 lalomartins

Thanks, I'll get back to that. I mostly don't use windows/mac so development here has been slow, but I'm looking to get at least ssh agent & cli functionality working soon on Windows & Mac.

Anything beyond that (gtk gui packaging/windows hello/autotype) will probably rely on contributors doing PRs ;)

quexten avatar Feb 03 '24 23:02 quexten

Successfully tested the SSH agent on Windows now. For pinentry, installing GPG4win is required, for the ssh sockets just follow https://developer.1password.com/docs/ssh/get-started/#step-4-configure-your-ssh-or-git-client to disable your openssh service, restart the goldwarden daemon and it should just work.

quexten avatar Feb 03 '24 23:02 quexten

@kothavade When you have time, feel free to test https://github.com/quexten/goldwarden/actions/runs/7770097240#artifacts on MacOS. The pinentry implementation should also cover MacOS, but I have not been able to test that. On MacOS the instructions for setting up ssh agent (environment variables) should be the same as on Linux.

quexten avatar Feb 03 '24 23:02 quexten

@quexten edit: ignore message, i'd forgotten to install macgpg2. will test properly and get back to you.

kothavade avatar Feb 04 '24 04:02 kothavade

Thanks! One other package that might work is pinentry-mac, though I think macgpg2 might bring it too.

quexten avatar Feb 04 '24 08:02 quexten

Fido2 should be supported on most CI builds (Intel Mac, Apple Silicone Mac, x86_64 Windows) now. Also, I added ARM based Windows builds (without fido2) in case anyone uses that.

This is also required for fido2-only login https://github.com/quexten/goldwarden/issues/25

quexten avatar Feb 04 '24 09:02 quexten

I added some links on how to set up autostart manually for Windows/Mac in the wiki. I think as a first step towards automatic setup, the simplest way would be to spawn a daemon automatically when calling the cli and no daemon is running. This still leaves out ssh clients, so on boot-up the cli would need to be run at least once before ssh works.

The next step would be automatically setting up launchd on Mac and whatever startup tool Windows has.

quexten avatar Feb 04 '24 09:02 quexten

Next best thing for Windows support IMO would be if daemonize could run without a console and log to a file. As it is, even if I run it as a startup program, it will open a cmd window.

I worked around with this powershell script:

Start-Process "C:\Users\Lalo\Programs\goldwarden.exe" -ArgumentList "daemonize" -RedirectStandardOutput C:\Users\Lalo\Programs\goldwarden.log -RedirectStandardError C:\Users\Lalo\Programs\goldwarden.err -WindowStyle Hidden

The advice from superuser in the wiki runs in a minimized cmd window, which is not ideal.

whatever startup tool Windows has.

It's just called “services”. I set it up for an app for work what, 5 years ago 😅 I'm not sure if there's support to do it directly from Go, or you need a wrapper or installer. I can look into it this week if you don't beat me to it.

Super preliminary research says the sane way to do it is using https://github.com/judwhite/go-svc. For alternatives that don't modify the main code, NSSM or go-msi.

lalomartins avatar Feb 04 '24 09:02 lalomartins

Autotype should work now on mac/windows (untested, on windows/mac, but using pyautogui, tested on linux)

quexten avatar May 03 '24 23:05 quexten

I've setup goldwarden via launchd. Here's my config for inspiration (adjust your path):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>goldwarden</string>
	<key>Program</key>
	<string>/Users/ullrich/bin/goldwarden</string>
	<key>ProgramArguments</key>
	<array>
        <string>/Users/ullrich/bin/goldwarden</string>
		<string>daemonize</string>
	</array>
	<key>KeepAlive</key>
	<true/>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>

I've saved the entire thing in ~/Library/LaunchAgents/goldwarden.plist and then loaded it with launctl load ~/Library/LaunchAgents/goldwarden.plist.

stigi avatar May 07 '24 16:05 stigi

@stigi just to confirm, since I haven to been able to test this on MacOS yet, which functions have you used so far? Theoretically (with some setup) ssh-agent, biometric unlock (touch id), and even gui/autotype should work (though the gui might need some tweaking).

I hope I get to fixing up mac support soon, as it shouldn't be that much more work to bring it to feature parity.

quexten avatar May 11 '24 04:05 quexten

Hmm, seems gtk/adwaita icons are not present / super low res on mac..
grafik

quexten avatar Jun 01 '24 12:06 quexten

Gui mostly works on mac now, just need to create instructions on how to build / dependencies. Next step is a brew package.

quexten avatar Jun 02 '24 15:06 quexten

Autotype is also tested and working on mac. However, there seem to be some keyboard layout problems. It works on qwerty, but on dvorak the keymap is messed up. Most likely an issue in pyautogui.

quexten avatar Jun 02 '24 15:06 quexten

Is there any help needed in finalizing a brew release for goldwarden? Or setting up a dev environment for MacOS? I would like to use this application given Bitwarden's rejection of your ssh-agent integration.

HeroesLament avatar Aug 13 '24 16:08 HeroesLament

@HeroesLament Yeah, I've not been able to get around to seeing what's required for a brew release time wise. I'm definitely open to PR's.

That being said, I've since restarted work on ssh-agent and ssh-key support, and it has been signed off by the product team as a feature. The work is being tracked here: https://github.com/bitwarden/server/pull/4575 (with the PR's for ssh-agent and ssh-key support in bitwarden clients linked in the first comment). This will work on MacOS, using Bitwarden's desktop app too.

I cannot give a timeline though.

quexten avatar Aug 13 '24 17:08 quexten