Problem connecting to KeePassXC with Thunderbird Snap in Ubuntu 24.04

[buehren]

Description

I really like this Add-On and have been using it for a long time, thank you very much!

Unfortunately the connection to KeepassXC does not work in my new installation of Ubuntu 24.04. Thunderbird is installed as a Snap. I followed the instructions to create the JSON file in ~/.mozilla/native-messaging-hosts. I have tried KeePassXC installed with Apt and also as Snap, and also updated the JSON file after switching.

Expected Behaviour

keepassxc-mail in Thunderbird (Snap) should be able to connect to KeePassXC (Snap). It works with Firefox (Snap).

It worked fine in Thunderbird in my old installation of Ubuntu 22.04 (Thunderbird and KeePassXC both installed as Snap, IIRC). Unfortunately the SSD stopped working, so I started with Ubuntu 24.04 for the new installation. But I still have a backup, so I could look up configuration files etc. if that should help.

I would like to stick with the Snap installations (especially Thunderbird) because of its presumably better isolation and better protection against security vulnerabilities.

Current Behaviour

When trying to get messages or to reconnect native messaging, one of these messages are logged in /var/log/syslog:

thunderbird_thunderbird.desktop[32246]: console.error: WebExtensions:
thunderbird_thunderbird.desktop[32246]:   Unable to connect to native messaging

thunderbird_thunderbird.desktop[29846]: JavaScript error: , line 0: uncaught exception: Unable to connect to native messaging

Can the problem be caused by AppArmor preventing access to D-Bus? Not sure if AppArmor was active in my previous Ubuntu 22.04 but probably not. This message is logged when starting Thunderbird:

dbus-daemon[4470]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/a11y/bus" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.a11y.Bus" pid=29642 label="snap.thunderbird.thunderbird" peer_pid=4783 peer_label="unconfined"

Other observations and log outputs:

• After starting Thunderbird, it hangs for 10 or 20 seconds ("Thunderbird Mail is not responding"). Not sure if that is related.

• When getting messages (IMAP), the password dialog does not always show up but only after retrying "Get Messages" a few times (or after a certain time?). It shows "Loading passwords..." for a while, then "No passwords found" and a "Retry" button. That button immediately leads to "No passwords found" most of the time (but sometimes shows "Loading passwords..." for a while).

• In the plugin settings, after clicking "Reconnect to Native Messaging", the button changes to inactive and shows "Reconnecting to Native Messaging" (without ever changing back as far as I observed). After switching to another tab and then back to the settings, the button is active again.

• The button "Connect to KeePassXC" changes to inactive for a second or so and then reverts to active. It does not improve the situation.

• Content of de.kkapsner.keepassxc_mail.json:

  thomas@rubino:~$ cat ~/.mozilla/native-messaging-hosts/de.kkapsner.keepassxc_mail.json
  {
      "name": "de.kkapsner.keepassxc_mail",
      "description": "KeePassXC integration with native messaging support",
      "path": "/snap/bin/keepassxc.proxy",
      "type": "stdio",
      "allowed_extensions": [
          "[email protected]"
      ]
  }
  

• Content of .thunderbird/profiles.ini (might be relevant because I created a new profile with the old data in a user-defined path and renamed that profile to "default"):

  root@rubino:~# cat /home/thomas/snap/thunderbird/common/.thunderbird/profiles.ini
  [Profile0]
  Name=default
  IsRelative=0
  Path=/home/thomas/data/appdata/Thunderbird/Profile
  Default=1
  
  [General]
  StartWithLastProfile=1
  Version=2
  

• Log outputs when opening the Add-On settings:

  thunderbird_thunderbird.desktop[29642]: WARNING: content window passed to PrivateBrowsingUtils.isWindowPrivate. Use isContentWindowPrivate instead (but only for frame scripts).
  thunderbird_thunderbird.desktop[29642]: pbu_isWindowPrivate@resource://gre/modules/PrivateBrowsingUtils.sys.mjs:23:11
  thunderbird_thunderbird.desktop[29642]: isBrowserPrivate@resource://gre/modules/PrivateBrowsingUtils.sys.mjs:43:19
  thunderbird_thunderbird.desktop[29642]: fixupAndLoadURIString@resource://gre/modules/RemoteWebNavigation.sys.mjs:129:56
  thunderbird_thunderbird.desktop[29642]: fixupAndLoadURIString/<@chrome://global/content/elements/browser-custom-element.js:840:28
  thunderbird_thunderbird.desktop[29642]: _wrapURIChangeCall@chrome://global/content/elements/browser-custom-element.js:768:9
  thunderbird_thunderbird.desktop[29642]: fixupAndLoadURIString@chrome://global/content/elements/browser-custom-element.js:839:12
  thunderbird_thunderbird.desktop[29642]: fixupAndLoadURIString@chrome://mozapps/content/extensions/aboutaddons.js:1852:18
  thunderbird_thunderbird.desktop[29642]: render/<@chrome://mozapps/content/extensions/aboutaddons.js:1831:14
  thunderbird_thunderbird.desktop[29642]: render@chrome://mozapps/content/extensions/aboutaddons.js:1790:11
  thunderbird_thunderbird.desktop[29642]: waitForPromise@jar:file:///home/thomas/data/appdata/Thunderbird/Profile/extensions/[email protected]!/experiment/implementation.js:1237:15
  thunderbird_thunderbird.desktop[29642]: waitForCredentials@jar:file:///home/thomas/data/appdata/Thunderbird/Profile/extensions/[email protected]!/experiment/implementation.js:1247:9
  thunderbird_thunderbird.desktop[29642]: initPromptFunction/promptFunction.replacement@jar:file:///home/thomas/data/appdata/Thunderbird/Profile/extensions/[email protected]!/experiment/implementation.js:455:46
  thunderbird_thunderbird.desktop[29642]: _promiseAuthPrompt/<@resource:///modules/MsgAsyncPrompter.jsm:54:18
  thunderbird_thunderbird.desktop[29642]: _promiseAuthPrompt@resource:///modules/MsgAsyncPrompter.jsm:52:12
  thunderbird_thunderbird.desktop[29642]: run@resource:///modules/MsgAsyncPrompter.jsm:77:23
  

• Log outputs when starting Thunderbird:

  2024-05-31T11:19:52.501241+02:00 rubino systemd[4435]: Started snap.thunderbird.thunderbird-f8f60d26-12d2-4b3d-b223-f13088477506.scope.
  2024-05-31T11:19:52.809820+02:00 rubino thunderbird-bin[29642]: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.
  2024-05-31T11:19:52.930286+02:00 rubino thunderbird-bin[29642]: GTK+ module /snap/thunderbird/478/gnome-platform/usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so cannot be loaded.#012GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported.
  2024-05-31T11:19:52.930464+02:00 rubino thunderbird-bin[29642]: Failed to load module "canberra-gtk-module"
  2024-05-31T11:19:52.932347+02:00 rubino thunderbird-bin[29642]: GTK+ module /snap/thunderbird/478/gnome-platform/usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so cannot be loaded.#012GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported.
  2024-05-31T11:19:52.932475+02:00 rubino thunderbird-bin[29642]: Failed to load module "canberra-gtk-module"
  2024-05-31T11:19:53.059695+02:00 rubino thunderbird_thunderbird.desktop[29642]: [ImapModuleLoader] Using nsImapService.cpp
  2024-05-31T11:19:53.502137+02:00 rubino thunderbird_thunderbird.desktop[29642]: [GFX1-]: glxtest: libpci missing
  2024-05-31T11:19:53.822248+02:00 rubino dbus-daemon[4470]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/a11y/bus" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.a11y.Bus" pid=29642 label="snap.thunderbird.thunderbird" peer_pid=4783 peer_label="unconfined"
  2024-05-31T11:19:54.829545+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.debug: "Found 4 public keys and 0 secret keys (0 protected, 0 unprotected)"
  
  2024-05-31T11:19:57.313754+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get smtpEnterPasswordPromptTitle from bundle compose
  2024-05-31T11:19:57.315027+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get smtpEnterPasswordPromptTitle from bundle compose
  2024-05-31T11:19:57.316972+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get imapEnterPasswordPromptTitle from bundle imap
  2024-05-31T11:19:57.317413+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get pop3EnterPasswordPromptTitle from bundle local
  2024-05-31T11:19:57.317772+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get pop3EnterPasswordPromptTitle from bundle local
  2024-05-31T11:19:57.319604+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get loginDialog.label from bundle wcap
  2024-05-31T11:19:57.319907+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get loginDialog.label from bundle wcap
  2024-05-31T11:19:57.320155+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get PromptUsernameAndPassword2 from bundle commonDialog
  2024-05-31T11:19:57.320573+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get PromptUsernameAndPassword2 from bundle commonDialog
  2024-05-31T11:19:57.321286+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get PromptPassword2 from bundle commonDialog
  2024-05-31T11:19:57.322808+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.log: WebExtensions: KeePassXC-Mail: unable to get CertPassPromptDefault from bundle pipnss
  
  2024-05-31T11:20:00.024109+02:00 rubino thunderbird_thunderbird.desktop[29642]: JavaScript warning: resource://gre/modules/Troubleshoot.sys.mjs, line 710: WebGL context was lost.
  2024-05-31T11:20:00.031570+02:00 rubino thunderbird_thunderbird.desktop[29642]: JavaScript warning: resource://gre/modules/Troubleshoot.sys.mjs, line 710: WebGL context was lost.
  2024-05-31T11:20:00.115117+02:00 rubino thunderbird_thunderbird.desktop[29642]: JavaScript error: chrome://messenger/content/about-support/chat.js, line 53: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [imIAccountsService.getAccounts]
  
  2024-05-31T11:20:46.439904+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: WebExtensions:
  2024-05-31T11:20:46.441513+02:00 rubino thunderbird_thunderbird.desktop[29642]:   Unable to connect to native messaging
  
  2024-05-31T11:20:56.477606+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: WebExtensions:
  2024-05-31T11:20:56.477765+02:00 rubino thunderbird_thunderbird.desktop[29642]:   Unable to connect to native messaging
  
  2024-05-31T11:20:58.939863+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: carddav.sync: "Sync with server failed."
  2024-05-31T11:20:58.995422+02:00 rubino thunderbird_thunderbird.desktop[29642]: JavaScript error: resource:///modules/CardDAVUtils.jsm, line 212: NS_ERROR_FAILURE: Authorization failure
  
  2024-05-31T11:21:11.502057+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.warn: Calendar: No unique email address for lookup!
  
  2024-05-31T11:21:17.017783+02:00 rubino syncthing[3703]: [44NT3] INFO: Scanner (folder "thomas/appdata" (zkr5u-theia), item "Thunderbird/Profile/global-messages-db.sqlite"): hashing: file changed during hashing
  
  2024-05-31T11:21:26.709801+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: WebExtensions:
  2024-05-31T11:21:26.710127+02:00 rubino thunderbird_thunderbird.desktop[29642]:   Unable to connect to native messaging
  2024-05-31T11:21:26.816988+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: WebExtensions:
  2024-05-31T11:21:26.817076+02:00 rubino thunderbird_thunderbird.desktop[29642]:   Unable to connect to native messaging
  2024-05-31T11:21:36.784922+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: WebExtensions:
  2024-05-31T11:21:36.785363+02:00 rubino thunderbird_thunderbird.desktop[29642]:   Unable to connect to native messaging
  2024-05-31T11:21:36.949409+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.error: WebExtensions:
  2024-05-31T11:21:36.949507+02:00 rubino thunderbird_thunderbird.desktop[29642]:   Unable to connect to native messaging
  
  2024-05-31T11:21:41.033920+02:00 rubino thunderbird_thunderbird.desktop[29642]: console.warn: Calendar: No unique email address for lookup!
  2024-05-31T11:21:42.948644+02:00 rubino thunderbird_thunderbird.desktop[29642]: message repeated 6 times: [ console.warn: Calendar: No unique email address for lookup!]
  

• Log outputs related to missing language files in the previous default profile directory (that I replaced with the old profile in a different path as described above):

  2024-05-31T11:50:03.478138+02:00 rubino thunderbird_thunderbird.desktop[32246]: JavaScript error: resource://gre/modules/Extension.sys.mjs, line 945: Error: Error while loading 'jar:file:///home/thomas/snap/thunderbird/common/.thunderbird/111dkyvx.default/extensions/[email protected]!/manifest.json' (NS_ERROR_FAILURE)
  2024-05-31T11:50:03.478562+02:00 rubino thunderbird_thunderbird.desktop[32246]: JavaScript error: resource://gre/modules/Extension.sys.mjs, line 945: Error: Error while loading 'jar:file:///home/thomas/snap/thunderbird/common/.thunderbird/111dkyvx.default/extensions/[email protected]!/manifest.json' (NS_ERROR_FAILURE)
  2024-05-31T11:50:03.478655+02:00 rubino thunderbird_thunderbird.desktop[32246]: JavaScript error: resource://gre/modules/Extension.sys.mjs, line 945: Error: Error while loading 'jar:file:///home/thomas/snap/thunderbird/common/.thunderbird/111dkyvx.default/extensions/[email protected]!/manifest.json' (NS_ERROR_FAILURE)
  2024-05-31T11:50:03.478688+02:00 rubino thunderbird_thunderbird.desktop[32246]: JavaScript error: resource://gre/modules/Extension.sys.mjs, line 945: Error: Error while loading 'jar:file:///home/thomas/snap/thunderbird/common/.thunderbird/111dkyvx.default/extensions/[email protected]!/manifest.json' (NS_ERROR_FAILURE)
  

Possible Solution

If the problem is caused by AppArmor, it should be possible to modify the AppArmor settings for Thunderbird to enable that (but I do not know how to do that), best without modification of /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird

Steps to Reproduce (for bugs)

What I did:

1. Install Ubuntu 24.04. Thunderbird and Firefox are installed by default as Snaps.
2. Install KeepassXC with Apt (because at that time the Snap was not up-to-date and no longer supported?).
3. Create a new Thunderbird profile from a backup of the previous installation.
4. Create the configuration file in native-messaging-hosts.
5. Remove and re-install the keepassxc-mail Add-On.
6. Install KeepassXC with Snap and update the native-messaging-hosts configuration.

Context

Trying to make keepassxc-mail work in Thunderbird (Snap) in a new installation of Ubuntu 24.04.

Your Environment

• KeePassXC-mail version used: 1.7
• KeePassXC version: Version 2.7.8, Revision: f6757d3, Distribution: Snap (also tried Apt installation)
• Thunderbird version: 115.11.0 (64-bit) installed as Snap
• Operating system and version: Ubuntu 24.04 LTS Linux rubino 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

[acolomb]

Just to share some experience, I went through much of the same troubles lately. Tried installing Thunderbird from flatpak as well, with similar outcome. After a lot of experimentation, I gave up on Snap and installed Thunderbird from here as a traditional DEB: https://launchpad.net/~mozillateam/+archive/ubuntu/ppa

It works sufficiently with KeePassXC from their official PPA (https://launchpad.net/~phoerious/+archive/ubuntu/keepassxc), but probably also with the stock Ubuntu-provided KeePassXC.

It must be possible to apply the same workarounds as for Firefox to make it work with the Thunderbird Snap, but that might need to happen in Thunderbird itself instead of this project.

For my part, I'm done with Snap and use it only very sparingly, much prefering Flatpak. Both have the downside of storing user files in non-standard places (~/.var/app/... resp. ~/snap/...), which makes stuff like the common native-messaging-hosts needlessly hard to get working between apps. But at least Flatpak does not make Snap's mistake of DELETING ALL USER DATA for an app when uninstalling it. My two cents.

[kkapsner]

Guess I have to install a Ubuntu VM see if the setup instructions can be updated to make it work with snap and flatpak...

[adrianf0]

@kkapsner, is there any update? What is the current status/understanding of the problem, so maybe it could be addressed collectively?

By quick check of the addon's debug logs, as expected, it seems that snap's sandbox restricts access to Native Messaging:

2024-10-10 12:10:34.932: Initialization failed: Unable to connect to native messaging main.js:26:11
2024-10-10 12:10:42.541: Try native application de.kkapsner.keepassxc_mail main.js:26:11
KeePassXC-Mail: Connecting to native messaging host de.kkapsner.keepassxc_mail client.js:383:13
[Error ] KeePassXC-Mail - Failed to connect: Unknown error global.js:41:10
[Error main.js:56] KeePassXC-Mail - changePublicKeys failed: TypeError: keepassClient.nativePort is null global.js:41:10
2024-10-10 12:10:42.551: Try native application org.keepassxc.keepassxc_mail main.js:26:11
KeePassXC-Mail: Connecting to native messaging host org.keepassxc.keepassxc_mail client.js:383:13
[Error ] KeePassXC-Mail - Failed to connect: Unknown error global.js:41:10
[Error main.js:56] KeePassXC-Mail - changePublicKeys failed: TypeError: keepassClient.nativePort is null global.js:41:10
2024-10-10 12:10:42.558: Try native application org.keepassxc.keepassxc_browser main.js:26:11
KeePassXC-Mail: Connecting to native messaging host org.keepassxc.keepassxc_browser client.js:383:13
[Error ] KeePassXC-Mail - Failed to connect: Unknown error global.js:41:10
[Error main.js:56] KeePassXC-Mail - changePublicKeys failed: TypeError: keepassClient.nativePort is null global.js:41:10
Uncaught (in promise) Unable to connect to native messaging options.js:66:17
    <anonimowa> moz-extension://cc828f20-1157-4500-a674-565abacc2069/options/options.js:66
    InterpretGeneratorResume self-hosted:1417
    AsyncFunctionThrow self-hosted:808
    (asynchroniczny: async)
    <anonimowa> moz-extension://cc828f20-1157-4500-a674-565abacc2069/options/options.js:54
    forEach self-hosted:160
    <anonimowa> moz-extension://cc828f20-1157-4500-a674-565abacc2069/options/options.js:50

A while ago, a similar issue of snaped firefox was resolved (link). However, apparently it required xdg-desktop-portal integration in Firefox. Do we know if it's already the case for Thunderbird? If so, does keepassxc-mail support it?

[adrianf0]

I have opened an Ubuntu bug report regarding this issue.

[radasbona]

Seems there is a working solution for Firefox as a Flatpak. https://github.com/keepassxreboot/keepassxc/issues/7352#issuecomment-2409096972

[kkapsner]

I was able to get it working with Thunderbird as a Flatpak. The solution is very similar - just two tweaks and one addition:

• the id is org.mozilla.Thunderbird (has to be changed in all the flatpak commands and in the path)
• the native messaging json file has to be adjusted for KPM:
  • file name is de.kkapsner.keepassxc_mail.json
  • allowed extension is [email protected]
  • name is de.kkapsner.keepassxc_mail
• the .mozilla folder has to be created and be persistent:

FLATPAK_THUNDERBIRD_CONFIG="$(realpath ~/.var/app/org.mozilla.Thunderbird)"
cd $FLATPAK_THUNDERBIRD_CONFIG
mkdir -p "$FLATPAK_THUNDERBIRD_CONFIG/.mozilla/native-messaging-hosts"
sudo flatpak override --persist=.mozilla org.mozilla.Thunderbird

Same disclaimer as mentioned in the linked issue for Firefox: not officially supported.

The solution to use the preference widget.use-xdg-desktop-portal.native-messaging does also not work. I think is has to be enabled by the thunderbird snap/flatpak team. I created https://bugzilla.mozilla.org/show_bug.cgi?id=1940050 for this.

[kkapsner]

AppArmor seems not to be the issue for the snap version.

[buehren]

AppArmor seems not to be the issue for the snap version.

I have modified the title and text of this issue to focus less on AppArmor.

(AppArmor was just the most obvious line in the logs, and probably also a change compared to my old installation with Ubuntu 22.04 instead of 24.04, so I thought it might be the cause.)

[kkapsner]

widget.use-xdg-desktop-portal.native-messaging does work in Ubuntu with the latest Beta. So hopes are up it will just work out of the box soon.

[sgparry]

Updated to the beta of Thunderbird Ubuntu snap today (136.0b1) only to be told KeePassXC 1.9.1 is not compatible!?

[kkapsner]

This is related to #109. Hopefully I can push an update today. The download from github will work immediatelly - verification at ATN might take a while.

[kkapsner]

Version 1.10 should be compatible.

[kkapsner]

Since there is nothing left to do but to wait for the change to land in stable I will close this issue.