Firefox is not detected for setup browserbiometrics unless the native-messaging-hosts folder already exists.

[Anthony-Fiddes]

Here is an example to illustrate the issue:

~/.mozilla ··········································································································································· 18:19:59
❯ goldwarden setup browserbiometrics
Found chrome-like browser: /home/anthonyfiddes/.config/google-chrome/NativeMessagingHosts
Found chrome-like browser: /home/anthonyfiddes/.config/thorium/NativeMessagingHosts
Done.

~/.mozilla ··········································································································································· 18:20:16
❯ mkdir native-messaging-hosts

~/.mozilla ··········································································································································· 18:20:17
❯ goldwarden setup browserbiometrics
Found chrome-like browser: /home/anthonyfiddes/.config/google-chrome/NativeMessagingHosts
Found chrome-like browser: /home/anthonyfiddes/.config/thorium/NativeMessagingHosts
Found mozilla-like browser: /home/anthonyfiddes/.mozilla/native-messaging-hosts
Done.

Maybe we could add instructions to the wiki page about this, since I'm not sure if goldwarden is supposed to create the folder, or if the folder is already supposed to exist and for some reason does not.

I personally use librewolf and cloned the repo to add .librewolf as a folder to search when I noticed this.

[Anthony-Fiddes]

Right now I'm stuck here:

Brave:

Librewolf:

I tried downloading the regular Bitwarden application and enabling fingerprint there. I wasn't sure that was the right thing to do but I wondered if it would create the needed folders (it did not) or do something else needed to make the fingerprint auth work:

[quexten]

Thanks so much for the report. I'll update the wiki. For automatic setup, ideally a folder would be created. The issue is that the nativemessaginghosts folder is used to dynamically detect browsers. When the folder is not present, the best alternative would be to let the user manually select the browser's config directory, or hard-coding some paths. I'll think about this.

I tried downloading the regular Bitwarden application and enabling fingerprint there. I wasn't sure that was the right thing to do but I wondered if it would create the needed folders (it did not) or do something else needed to make the fingerprint auth work:

The regular linux desktop app does not support biometrics. I do have PR open that adds support:
bitwarden/clients#4586
but I'm unsure about Bitwarden's progress on reviewing that.

[quexten]

For getting your extensions configured in Librewolf and Brave; I have not tested them, but since they are basically just Firefox and Chromium, this should just be a matter of getting the manifest into the correct place.

Just to make sure, are the browsers installed as flatpak? (In that case the sandboxing prevents IPC from working)

[Anthony-Fiddes]

Thanks for the advice! I'll keep messing around with it and let you know how it goes. Maybe I'll try getting it working in Chromium or Chrome before anything else.

Also they are natively installed, so that part should be fine:

[quexten]

Can you try running:
rsync -avzP /home/anthonyfiddes/.mozilla/native-messaging-hosts/ /home/anthonyfiddes/.librewolf/native-messaging-hosts/

And rsync -avzP /home/anthonyfiddes/.config/google-chrome/NativeMessagingHosts/ /home/anthonyfiddes/.config/BraveSoftware/NativeMessagingHosts/

If that doesn't work, I'll install the browsers locally and see what's going on.

[quexten]

Just released https://github.com/quexten/goldwarden/releases/tag/v0.2.7, which should automatically create the native-messaging-host paths for many browsers, including librewolf and brave. You can try updating, and re-running the setup.

[Anthony-Fiddes]

Hey @quexten, I tried out the new release and it works well, creating the folders where they don't exist. The only thing I get now is this message from Bitwarden to confirm in my desktop application:

Which is definitely better than before. I tried purging my vault and logging in again and calling the setup for systemd again.

When I check journalctl, this is the output:

Dec 31 00:19:12 Fiddes-Thinkpad goldwarden[6437]: [INF] [00:19] [Goldwarden > Websocket] >>> Connected to websocket server...
Dec 31 00:19:26 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:29 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:29 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:30 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:32 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:33 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:34 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:42 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:19:46 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:19] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:02 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Update requested for cipher 2a2c2573-e34b-4019-b2cd-aa9c0004d3f1
Dec 31 00:21:08 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:26 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:29 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:29 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:30 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:32 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:33 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:34 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:42 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 31 00:21:46 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:21] [Goldwarden > Websocket] >>> Invalid message received, length too short
lines 369-409/409 (END)

I also noticed lines like this:

Dec 31 00:34:38 Fiddes-Thinkpad goldwarden[6437]: [WRN] [00:34] [Goldwarden > Agent] >>> Idling detected but no action is implemented

And I'm not using my local build:

With this part I may be missing something simple to tie it all together. I get the same message when I try in Brave as well.

Edit for added context, I did have what looked like an error in my polkit setup, but it said it was successful so I figured it was fine.

~ ···················································································································································· 00:37:21
❯ goldwarden setup polkit
failed setting selinux context
exit status 1
Polkit setup successfully

[spyfly]

Hey @quexten, I tried out the new release and it works well, creating the folders where they don't exist. The only thing I get now is this message from Bitwarden to confirm in my desktop application:

Stuck at the same message, "Awaiting confirmation from Desktop", both in Firefox and Chrome.

[quexten]

Ah, sorry forgot to follow up on the issue until now. Can either of you compile with go build -tags debuglogging ., install the binary and restart the service, try again and then post systemd service logs, and /tmp/DELETE_ME.log. DO BE CAREFUL TO REMOVE SECERTS, usually these should not be logged, but just in case they are, manually check.

[Anthony-Fiddes]

Hey @quexten,

I just emailed you (from your website on your profile) a secure Bitwarden note with the text from the log after pulling the latest main (I redacted some stuff on the lines marked SENSITIVE, but I sent a note expiring in a month just to be safe).

I built goldwarden as you instructed, copying to /usr/bin/goldwarden and restarting the systemd service. All I did was attempt to enable biometrics in the extension like before to generate the log.

[Anthony-Fiddes]

The journalctl logs are still just full of [WRN] [18:22] [Goldwarden > Websocket] >>> Invalid message received, length too short

[quexten]

Thanks a lot for the log!

The journalctl logs are still just full of [WRN] [18:22] [Goldwarden > Websocket] >>> Invalid message received, length too short

This is unrelated, but due to keepalives the official server implementation sends, which I have not implemented proper filtering for yet.

[ERROR] 2024-01-07 18:12:51 Unable to send message to agent: dial unix: missing address

This seems to be the issue, for some reason goldwarden - when invoked by your browser - seems not to have a socket path, and thus can't connect to the daemon. The rest of the handshake seems fine. Not entirely sure yet why this is happening, but it's a good clue!

[quexten]

I think I found the issue (01aca35), should be fixed on the latest master version.

[Anthony-Fiddes]

I tried it out and it worked! The only problem I'm finding now is that my vault keeps getting corrupted like in this issue: #38. The vault purge and log in step fixed it, but I had to do it 2 or 3 times.

[quexten]

Thanks, closing this now.