Windows & Mac Support

[quexten]

Windows

• CI Build
• Basic functionality tested
• Fido2 login
• Autotype (using pyautogui)
• Authorization (Windows Hello - Missing Golang Binding, probably easiest with https://github.com/NordSecurity/uniffi-bindgen-go wrapper around the windows rust api)
• SSH agent
• Pinentry
• GTK UI
• Autostart daemon
• Notifications
• scooop package
• winget package
• gui msi

Mac

• CI Build
• Basic functionality tested
• Fido2 login
• Autotype (using pyautogui)
• Authorization (Touchid)
• SSH agent
• Pinentry
• GTK UI
• Autostart daemon
• Notifications
• brew package
• gui package

[quexten]

Macos and windows build are now added on every release. They might not support all features as they are not tested much.

[lalomartins]

In case anyone is wondering, it's not usable yet on Windows.

• Can't log in without setting a pin, but setting pin is not implemented
• No setup command to install as a service (can probably be worked around by running daemonize as a startup program)
• If it closes/crashes, sockets are left behind, and then it will refuse to start because the sockets exist (Zombie sockets left behind #94)

[quexten]

At least setting pin is implemented now.

[lalomartins]

I'll give it a spin when you make a release, and let you know how well it works.

I'd offer to contribute code, but Go is not one of my languages 😅 I guess at least I can pitch in as a tester. I'd be happy to help with documentation too, when it's mature enough.

[quexten]

Thanks, I'll get back to that. I mostly don't use windows/mac so development here has been slow, but I'm looking to get at least ssh agent & cli functionality working soon on Windows & Mac.

Anything beyond that (gtk gui packaging/windows hello/autotype) will probably rely on contributors doing PRs ;)

[quexten]

Successfully tested the SSH agent on Windows now. For pinentry, installing GPG4win is required, for the ssh sockets just follow https://developer.1password.com/docs/ssh/get-started/#step-4-configure-your-ssh-or-git-client to disable your openssh service, restart the goldwarden daemon and it should just work.

[quexten]

@kothavade When you have time, feel free to test https://github.com/quexten/goldwarden/actions/runs/7770097240#artifacts on MacOS. The pinentry implementation should also cover MacOS, but I have not been able to test that. On MacOS the instructions for setting up ssh agent (environment variables) should be the same as on Linux.

[kothavade]

@quexten edit: ignore message, i'd forgotten to install macgpg2. will test properly and get back to you.

[quexten]

Thanks! One other package that might work is pinentry-mac, though I think macgpg2 might bring it too.

[quexten]

Fido2 should be supported on most CI builds (Intel Mac, Apple Silicone Mac, x86_64 Windows) now. Also, I added ARM based Windows builds (without fido2) in case anyone uses that.

This is also required for fido2-only login #25

[quexten]

I added some links on how to set up autostart manually for Windows/Mac in the wiki. I think as a first step towards automatic setup, the simplest way would be to spawn a daemon automatically when calling the cli and no daemon is running. This still leaves out ssh clients, so on boot-up the cli would need to be run at least once before ssh works.

The next step would be automatically setting up launchd on Mac and whatever startup tool Windows has.

[lalomartins]

Next best thing for Windows support IMO would be if daemonize could run without a console and log to a file. As it is, even if I run it as a startup program, it will open a cmd window.

I worked around with this powershell script:

Start-Process "C:\Users\Lalo\Programs\goldwarden.exe" -ArgumentList "daemonize" -RedirectStandardOutput C:\Users\Lalo\Programs\goldwarden.log -RedirectStandardError C:\Users\Lalo\Programs\goldwarden.err -WindowStyle Hidden

The advice from superuser in the wiki runs in a minimized cmd window, which is not ideal.

whatever startup tool Windows has.

It's just called “services”. I set it up for an app for work what, 5 years ago 😅 I'm not sure if there's support to do it directly from Go, or you need a wrapper or installer. I can look into it this week if you don't beat me to it.

Super preliminary research says the sane way to do it is using https://github.com/judwhite/go-svc. For alternatives that don't modify the main code, NSSM or go-msi.

[quexten]

Autotype should work now on mac/windows (untested, on windows/mac, but using pyautogui, tested on linux)

[stigi]

I've setup goldwarden via launchd. Here's my config for inspiration (adjust your path):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>goldwarden</string>
	<key>Program</key>
	<string>/Users/ullrich/bin/goldwarden</string>
	<key>ProgramArguments</key>
	<array>
        <string>/Users/ullrich/bin/goldwarden</string>
		<string>daemonize</string>
	</array>
	<key>KeepAlive</key>
	<true/>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>

I've saved the entire thing in ~/Library/LaunchAgents/goldwarden.plist and then loaded it with launctl load ~/Library/LaunchAgents/goldwarden.plist.

[quexten]

@stigi just to confirm, since I haven to been able to test this on MacOS yet, which functions have you used so far? Theoretically (with some setup) ssh-agent, biometric unlock (touch id), and even gui/autotype should work (though the gui might need some tweaking).

I hope I get to fixing up mac support soon, as it shouldn't be that much more work to bring it to feature parity.

[quexten]

Hmm, seems gtk/adwaita icons are not present / super low res on mac..

[quexten]

Gui mostly works on mac now, just need to create instructions on how to build / dependencies. Next step is a brew package.

[quexten]

Autotype is also tested and working on mac. However, there seem to be some keyboard layout problems. It works on qwerty, but on dvorak the keymap is messed up. Most likely an issue in pyautogui.

[HeroesLament]

Is there any help needed in finalizing a brew release for goldwarden? Or setting up a dev environment for MacOS? I would like to use this application given Bitwarden's rejection of your ssh-agent integration.

[quexten]

@HeroesLament Yeah, I've not been able to get around to seeing what's required for a brew release time wise. I'm definitely open to PR's.

That being said, I've since restarted work on ssh-agent and ssh-key support, and it has been signed off by the product team as a feature. The work is being tracked here: bitwarden/server#4575 (with the PR's for ssh-agent and ssh-key support in bitwarden clients linked in the first comment). This will work on MacOS, using Bitwarden's desktop app too.

I cannot give a timeline though.

[Aalivexy]

Implementing Windows biometric authentication in Rust is fairly straightforward, the basic code can be done in 20 lines, if you need help I'd be happy to provide it.

#[no_mangle]
pub fn biometrics_working() -> bool {
    windows::Security::Credentials::UI::UserConsentVerifier::CheckAvailabilityAsync()
        .map_or(false, |async_op| {
            async_op.get().map_or(false, |availability| {
                availability == windows::Security::Credentials::UI::UserConsentVerifierAvailability::Available
            })
        })
}

#[no_mangle]
pub fn check_biometrics() -> bool {
    windows::Security::Credentials::UI::UserConsentVerifier::RequestVerificationAsync(
        &windows::core::HSTRING::new(),
    )
    .map_or(false, |async_op| {
        async_op.get().map_or(false, |result| {
            result == windows::Security::Credentials::UI::UserConsentVerificationResult::Verified
        })
    })
}

I think this can be linked statically or dynamically in CGO