keepassxc-browser icon indicating copy to clipboard operation
keepassxc-browser copied to clipboard

Published 20 hours ago verified publisher icon keepassxreboot

Does not work with Flatpak browsers

Open candrapersada opened this issue 4 years ago • 18 comments

Expected Behavior

Current Behavior

KeePassXC-Browser in Chromium won't connect to KeePassXC even when database is open and Chromium is checked.

Possible Solution

Steps to Reproduce (for bugs)

1.Install KeePassXC on Linux from flathub.org and use or create a database. 2.Enable Browser Integration for Chromium. 3.Install Chromium on Linux from flathub.org. 4.Install KeePassXC-Browser extension from the Chrome Web Store. 5.Under Connected Databases in the settings of KeePassXC-Browser, click Connect.

Debug info

KeePassXC - {2.6.4} KeePassXC-Browser - {1.7.6} Operating system: Linux Flatpak - {1.10.2} Browser: Chromium and ungoogled-chromium

candrapersada avatar Mar 15 '21 03:03 candrapersada

If chromium is installed as a snap it will not work. Browsers installed as snaps cannot use native messaging.

droidmonkey avatar Mar 15 '21 03:03 droidmonkey

Offtopic: For users who want to use chromium on (K)Ubuntu anyway: My current workaround is to install chromium via linux mint's apt package. Here's a blog entry that explains how one can achieve this: https://ubuntuhandbook.org/index.php/2020/11/chromium-browser-deb-available-linux-mint-20/

michael-markl avatar Mar 15 '21 23:03 michael-markl

If chromium is installed as a snap it will not work. Browsers installed as snaps cannot use native messaging.

Hello Keepassxc team, I would like to draw your attention to the fact that someone in a forum managed to make keepassxc browser work with Firefox flatpak.

The idea is to run keepassxc-proxy inside Firefox Flatpak, then allowing Firefox Flatpak to access the socket : thus, the sandbox is preserved. Maybe this can be a solution as Mozilla prefers to work with snap packages and deb packages are planned to be end of life for Ubuntu.

Do you think this could be a possible solution ?

prog-amateur2 avatar Sep 24 '21 16:09 prog-amateur2

Experiencing the same issue as @candrapersada described. Using Ungoogled-Chomium installed via flatpak and KeepassXC-Browser in conjunction with KeePassXC (flatpak). Can you please look into the topic. Thank you!

Tiger862000 avatar Apr 26 '22 08:04 Tiger862000

and keepassxc does not work in Google Chrome (flatpak) image

candrapersada avatar May 10 '22 02:05 candrapersada

The issue still remains, you can't sync flatpak keepassxc and flatpak browsers P.S. Fedora Workstation 36

NSurtsev avatar Jul 07 '22 20:07 NSurtsev

See this for a possible workaround until Flatpak has an official support for Native Messaging: https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766

varjolintu avatar Jul 08 '22 03:07 varjolintu

Confirming the report by @NSurtsev on Fedora 36.

I have com.github.Eloston.UngoogledChromium installed from flathub, with org.keepassxc.keepassxc_browser.json being generated at /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/NativeMessagingHosts through the settings ("custom browser").

ungoogled-chromium com.github.Eloston.UngoogledChromium 103.0.5060.114-2 keepassxc-2.7.1-2.fc36.x86_64 KeePassXC-Browser 1.8.1 (installed manually from crx)

I get "Key exchange was not successful.".

Thank you for your help.

blockfeed avatar Jul 15 '22 18:07 blockfeed

@blockfeed make sure you have make keepassxc-proxy-wrapper.sh as executable. chmod +x keepassxc-proxy-wrapper.sh

tazihad avatar Jul 17 '22 14:07 tazihad

[@zihaaad Thanks for the suggestion, but it appears something else may be going on with UngoogledChromium, even after following your Brave guide (with adjustments, obviously).

# flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.github.Eloston.UngoogledChromium

File locations:

# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh
# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/org.keepassxc.keepassxc_browser.json

And my json:

{
    "allowed_extensions": [
        "[email protected]"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

And the result:

[user@computer Default]$ flatpak run --command=/bin/sh com.github.Eloston.UngoogledChromium
[📦 com.github.Eloston.UngoogledChromium Default]$  bash -x keepassxc-proxy-wrapper.sh
+ APP_REF=org.keepassxc.KeePassXC/x86_64/stable
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /home/user/.local/share/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ FLATPAK_INST=/var/lib/flatpak
+ break
+ '[' -z /var/lib/flatpak ']'
+ APP_PATH=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active
++ awk -F= '$1=="runtime" { print $2 }'
+ RUNTIME_REF=org.kde.Platform/x86_64/5.15-21.08
+ RUNTIME_PATH=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active
+ exec flatpak-spawn --app-path=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files --usr-path=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active/files -- keepassxc-proxy
keepassxc-proxy: error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory

Any suggestions are appreciated!

blockfeed avatar Jul 18 '22 06:07 blockfeed

@blockfeed strange it works with Google Chrome (flatpak) but not with Chromium or Ungoogled Chromium.

tazihad avatar Jul 18 '22 09:07 tazihad

Looks like flatpak-spawn sets LD_LIBRARY_PATH for the sub-sandbox when ran from Firefox sandbox, but not from Chromium sandbox (probably due to the later already set the env var for the parent app sandbox). Try adding --env=LD_LIBRARY_PATH=/app/lib to flatpak-spawn args in the script; I've updated the guide accordingly.

gasinvein avatar Nov 02 '22 11:11 gasinvein

@blockfeed @gasinvein

[@zihaaad Thanks for the suggestion, but it appears something else may be going on with UngoogledChromium, even after following your Brave guide (with adjustments, obviously).

# flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.github.Eloston.UngoogledChromium

File locations:

# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh
# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/org.keepassxc.keepassxc_browser.json

And my json:

{
    "allowed_extensions": [
        "[email protected]"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

And the result:

[user@computer Default]$ flatpak run --command=/bin/sh com.github.Eloston.UngoogledChromium
[📦 com.github.Eloston.UngoogledChromium Default]$  bash -x keepassxc-proxy-wrapper.sh
+ APP_REF=org.keepassxc.KeePassXC/x86_64/stable
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /home/user/.local/share/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ FLATPAK_INST=/var/lib/flatpak
+ break
+ '[' -z /var/lib/flatpak ']'
+ APP_PATH=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active
++ awk -F= '$1=="runtime" { print $2 }'
+ RUNTIME_REF=org.kde.Platform/x86_64/5.15-21.08
+ RUNTIME_PATH=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active
+ exec flatpak-spawn --app-path=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files --usr-path=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active/files -- keepassxc-proxy
keepassxc-proxy: error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory

Any suggestions are appreciated!

I followed what is written in those replies: https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766 https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1170629567

I was able to make it work with ungoogled-chromium flatpak by putting the script in this location: ~/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/WidevineCdm/keepassxc-proxy-wrapper.sh and updating the json file accordingly.

I use the native version of KeepassXC from my Fedora installation but I installed the Flathub KeepassXC flatpak alongside my native version for the proposed solution to work, even though I am running my native version and the proxy seems to come from the flatpak, everything works and connects fine now.

It seems that there's additional sandboxing somewhere that prevents access to the script anywhere else. I have not found any other shared folder, though I didnt try to look any further once that one worked.

llebout avatar Jul 20 '23 13:07 llebout

@leo-lb I don't see the --env=LD_LIBRARY_PATH=/app/lib arg in the flatpak-spawn invocation. Check if you've copied the script correctly.

gasinvein avatar Jul 21 '23 10:07 gasinvein