vaultwarden/goldwarden-vaultwarden-bitwarden-client
1
0
Fork 0
mirror of https://github.com/quexten/goldwarden.git synced 2025-02-03 21:38:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix flatpak permissions

Browse Source
This commit is contained in:
Bernd Schoolmann 2023-12-26 20:49:47 +01:00
parent e675703c35
commit 5829f1a797
No known key found for this signature in database
8 changed files with 142 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
.github/workflows/go.yml vendored
View File

@ -1,6 +1,3 @@
# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
name: Go name: Go
on: on:
@ -9,29 +6,60 @@ on:
pull_request: pull_request:
branches: [ "main" ] branches: [ "main" ]
env:
GO_VERSION: '1.20'
jobs: jobs:
linux: build_linux_x86_64:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v4
with: with:
go-version: '1.20' go-version: ${{ env.GO_VERSION }}
- name: Install libfido2-dev - name: Install libfido2-dev
run: sudo apt-get install -y libfido2-dev run: sudo apt-get install -y libfido2-dev
- name: Install gio dependencies - name: Build
run: sudo apt-get install -y gcc pkg-config run: go build -o goldwarden_linux_x86_64 -v .
- name: Build
run: go build -v .
- name: Test
run: go test -v .
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
with: with:
name: goldwarden-linux name: goldwarden_linux_x86_64
path: ./goldwarden path: ./goldwarden_linux_x86_64
macos: build_linux_arm64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Install libfido2-dev
run: sudo apt-get install -y libfido2-dev
- name: Build
run: GOARCH=arm64 go build -tags nofido2 -o goldwarden_linux_arm64 -v .
- uses: actions/upload-artifact@v3
with:
name: goldwarden_linux_arm64
path: ./goldwarden_linux_arm64
build_linux_x86:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Build
run: GOARCH=386 go build -tags nofido2 -o goldwarden_linux_x86 -v .
- uses: actions/upload-artifact@v3
with:
name: goldwarden_linux_x86
path: ./goldwarden_linux_x86
build_macos_x86_64:
runs-on: macos-latest runs-on: macos-latest
steps: steps:
- name: Checkout - name: Checkout
@ -39,17 +67,15 @@ jobs:
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v4
with: with:
go-version: '1.20' go-version: ${{ env.GO_VERSION }}
- name: Build - name: Build
run: go build -tags "nofido2" -v . run: go build -tags "nofido2" -o "goldwarden_macos_x86_64" -v .
- name: Test
run: go test -tags "nofido2" -v .
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
with: with:
name: goldwarden-macos name: goldwarden-macos_x86_64
path: ./goldwarden path: ./goldwarden_macos_x86_64
windows: build_windows_x86_64:
runs-on: windows-latest runs-on: windows-latest
steps: steps:
- name: Checkout - name: Checkout
@ -57,12 +83,10 @@ jobs:
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v4
with: with:
go-version: '1.20' go-version: ${{ env.GO_VERSION }}
- name: Build - name: Build
run: go build -tags "nofido2" -v . run: go build -tags "nofido2" -o "goldwarden_windows_x86_64.exe" -v .
- name: Test
run: go test -tags "nofido2" -v .
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
with: with:
name: goldwarden-windows.exe name: goldwarden-windows_x86_64.exe
path: ./goldwarden.exe path: ./goldwarden_windows_x86_64.exe

48
.github/workflows/release.yml vendored
View File

@ -6,6 +6,9 @@ permissions:
contents: write contents: write
packages: write packages: write
env:
GO_VERSION: '1.20'
jobs: jobs:
build_linux: build_linux:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -15,19 +18,14 @@ jobs:
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@v4
with: with:
go-version: '1.20' go-version: ${{ env.GO_VERSION }}
- name: Install libfido2-dev - name: Install libfido2-dev
run: sudo apt-get install -y libfido2-dev run: sudo apt-get install -y libfido2-dev
- name: Build with All features - name: Build
run: go build -o goldwarden_linux_x86_64 -v . run: go build -o goldwarden_linux_x86_64 -v .
- name: Build minimal x86 featureset
run: GOARCH=386 go build -tags nofido2 -o goldwarden_linux_x86 -v .
- name: Build minimal arm64 featureset
run: GOARCH=arm64 go build -tags nofido2 -o goldwarden_linux_arm64 -v .
- uses: AButler/upload-release-assets@v2.0 - uses: AButler/upload-release-assets@v2.0
with: with:
files: './goldwarden_linux_x86_64;./goldwarden_linux_x86;./goldwarden_linux_arm64' files: './goldwarden_linux_x86_64'
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Validate ArchLinux PKGBUILD - name: Validate ArchLinux PKGBUILD
uses: hapakaien/archlinux-package-action@v2 uses: hapakaien/archlinux-package-action@v2
@ -46,7 +44,6 @@ jobs:
ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
commit_message: Update AUR package from GitHub Actions automation commit_message: Update AUR package from GitHub Actions automation
ssh_keyscan_types: ed25519 ssh_keyscan_types: ed25519
- name: Move binaries to directories - name: Move binaries to directories
run: | run: |
mkdir -p .debpkg/usr/bin mkdir -p .debpkg/usr/bin
@ -57,7 +54,6 @@ jobs:
mkdir -p .rpmpkg/usr/share/polkit-1/actions/ mkdir -p .rpmpkg/usr/share/polkit-1/actions/
cp -p resources/com.quexten.goldwarden.policy .debpkg/usr/share/polkit-1/actions/ cp -p resources/com.quexten.goldwarden.policy .debpkg/usr/share/polkit-1/actions/
cp -p resources/com.quexten.goldwarden.policy .rpmpkg/usr/share/polkit-1/actions/ cp -p resources/com.quexten.goldwarden.policy .rpmpkg/usr/share/polkit-1/actions/
- uses: jiro4989/build-deb-action@v3 - uses: jiro4989/build-deb-action@v3
with: with:
package: goldwarden package: goldwarden
@ -70,7 +66,6 @@ jobs:
with: with:
files: './*.deb' files: './*.deb'
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: jiro4989/build-rpm-action@v2 - uses: jiro4989/build-rpm-action@v2
with: with:
summary: 'Goldwarden' summary: 'Goldwarden'
@ -88,6 +83,37 @@ jobs:
files: './*.rpm' files: './*.rpm'
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}
build_linux_arm64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Build
run: GOARCH=arm64 go build -tags nofido2 -o goldwarden_linux_arm64 -v .
- uses: AButler/upload-release-assets@v2.0
with:
files: './goldwarden_linux_arm64'
repo-token: ${{ secrets.GITHUB_TOKEN }}
build_linux_x86:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Build
run: GOARCH=386 go build -tags nofido2 -o goldwarden_linux_x86 -v .
- uses: AButler/upload-release-assets@v2.0
with:
files: './goldwarden_linux_x86'
repo-token: ${{ secrets.GITHUB_TOKEN }}
build_macos_x86_64: build_macos_x86_64:
runs-on: macos-latest runs-on: macos-latest
steps: steps:

22
agent/systemauth/biometrics/polkit.go
View File

@ -63,7 +63,19 @@ func CheckBiometrics(approvalType Approval) bool {
if err != nil { if err != nil {
log.Error("Failed to create polkit authority: %s", err.Error()) log.Error("Failed to create polkit authority: %s", err.Error())
return false log.Info("Falling back to pkexec permissions")
result, err = authority.CheckAuthorization(
"org.freedesktop.policykit.exec",
nil,
uint32(polkit.AuthenticationRequiredRetained), "",
)
if err != nil {
log.Error("Failed to create polkit authority: %s", err.Error())
return false
}
log.Info("Biometrics result: %t", result.IsAuthorized)
return result.IsAuthorized
} }
log.Info("Biometrics result: %t", result.IsAuthorized) log.Info("Biometrics result: %t", result.IsAuthorized)
@ -100,5 +112,13 @@ func BiometricsWorking() bool {
} }
} }
testFor = "org.freedesktop.policykit.exec"
for _, action := range result {
if Approval(action.ActionID) == testFor {
log.Warn("Only pkexec permissions found, consider installing polkit policies")
return true
}
}
return false return false
} }

21
com.quexten.Goldwarden.yml
View File

@ -4,16 +4,25 @@ runtime-version: '45'
sdk: org.gnome.Sdk sdk: org.gnome.Sdk
command: main.py command: main.py
finish-args: finish-args:
- --share=ipc # Allow network access for sync
- --share=network - --share=network
# GUI
- --share=ipc
- --socket=wayland - --socket=wayland
- --socket=fallback-x11 - --socket=fallback-x11
- --device=dri - --device=dri
# - --filesystem=home
- --filesystem=host # Lock on screensave
# polkit & locking.. should filter this later on - --talk-name=org.gnome.ScreenSaver
- --socket=session-bus - --talk-name=org.freedesktop.ScreenSaver
- --socket=system-bus
# Home directory access to setup browser ipc
- --filesystem=home
# pinentry & approval
- --talk-name=org.gnome.keyring.SystemPrompter
# biometric / user password auth
- --system-talk-name=org.freedesktop.PolicyKit1
modules: modules:
- name: goldwarden - name: goldwarden
buildsystem: simple buildsystem: simple

2
ui/autofill.py
View File

@ -104,5 +104,5 @@ class MainWindow(Gtk.ApplicationWindow):
self.set_default_size(700, 700) self.set_default_size(700, 700)
self.set_title("Goldwarden") self.set_title("Goldwarden")
app = MyApp(application_id="com.quexten.Goldwarden.autofill") app = MyApp(application_id="com.quexten.Goldwarden.autofill-menu")
app.run(sys.argv) app.run(sys.argv)

6
ui/main.py
View File

@ -30,8 +30,14 @@ def run_daemon():
# todo: do a proper check # todo: do a proper check
if is_hidden: if is_hidden:
time.sleep(20) time.sleep(20)
print("IS daemon running", goldwarden.is_daemon_running())
if not goldwarden.is_daemon_running(): if not goldwarden.is_daemon_running():
print("running daemon")
goldwarden.run_daemon() goldwarden.run_daemon()
print("daemon running")
thread = Thread(target=run_daemon)
thread.start()
def on_autofill(): def on_autofill():
subprocess.Popen(["python3", "/app/bin/autofill.py"], start_new_session=True) subprocess.Popen(["python3", "/app/bin/autofill.py"], start_new_session=True)

13
ui/monitors/dbus_autofill_monitor.py
View File

@ -6,22 +6,21 @@ import dbus
import dbus.service import dbus.service
from dbus.mainloop.glib import DBusGMainLoop from dbus.mainloop.glib import DBusGMainLoop
from threading import Thread from threading import Thread
import gi.repository.GLib
on_autofill = lambda: None on_autofill = lambda: None
class GoldwardenDBUSService(dbus.service.Object): class GoldwardenDBUSService(dbus.service.Object):
def __init__(self): def __init__(self):
bus_name = dbus.service.BusName('com.quexten.goldwarden', bus=dbus.SessionBus()) bus_name = dbus.service.BusName('com.quexten.Goldwarden.autofill', bus=dbus.SessionBus())
dbus.service.Object.__init__(self, bus_name, '/com/quexten/goldwarden') dbus.service.Object.__init__(self, bus_name, '/com/quexten/Goldwarden')
@dbus.service.method('com.quexten.goldwarden.Autofill') @dbus.service.method('com.quexten.Goldwarden.Autofill')
def autofill(self): def autofill(self):
on_autofill() on_autofill()
return "" return ""
def run_daemon(): def run_daemon():
mainloop = DBusGMainLoop(set_as_default=True) DBusGMainLoop(set_as_default=True)
service = GoldwardenDBUSService() service = GoldwardenDBUSService()
mloop = gi.repository.GLib.MainLoop() from gi.repository import GLib, GObject as gobject
mloop.run() gobject.MainLoop().run()

5
ui/settings.py
View File

@ -9,10 +9,13 @@ from gi.repository import Gtk, Adw, GLib
import goldwarden import goldwarden
from threading import Thread from threading import Thread
hidden = False
class SettingsWinvdow(Gtk.ApplicationWindow): class SettingsWinvdow(Gtk.ApplicationWindow):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
print("init settings window")
self.stack = Gtk.Stack() self.stack = Gtk.Stack()
self.stack.set_transition_type(Gtk.StackTransitionType.SLIDE_LEFT_RIGHT) self.stack.set_transition_type(Gtk.StackTransitionType.SLIDE_LEFT_RIGHT)
self.set_child(self.stack) self.set_child(self.stack)
@ -156,7 +159,6 @@ class MyApp(Adw.Application):
self.settings_win = SettingsWinvdow(application=app) self.settings_win = SettingsWinvdow(application=app)
self.settings_win.present() self.settings_win.present()
app = MyApp(application_id="com.quexten.Goldwarden")
def show_login(): def show_login():
dialog = Gtk.Dialog(title="Goldwarden") dialog = Gtk.Dialog(title="Goldwarden")
@ -218,4 +220,5 @@ def show_login():
dialog.set_modal(True) dialog.set_modal(True)
dialog.present() dialog.present()
app = MyApp(application_id="com.quexten.Goldwarden.settings")
app.run(sys.argv) app.run(sys.argv)