Firefox extension not prompting for password

[eyalzek]

General information

• Operating system + version: Debian testing with GDM3
• Browser + version: Mozilla Firefox 102.6.0esr
• Information about the host app:
  • How did you install it? apt install webext-browserpass
  • If installed an official release, put a version ($ browserpass --version): Browserpass host app version: 3.0.7
• Information about the browser extension:
  • How did you install it? apt install webext-browserpass
  • Browserpass extension version as reported by your browser: 3.7.2

---

If you are getting an error immediately after opening popup, have you followed the Configure browsers documentation section?

---

Exact steps to reproduce the problem

1. click browserpass extension icon on a site (e.g. Github)

2. choose correct entry and click enter

3. extension shows "Filling login details" shortly then nothing happens

What should happen?

The extension should prompt for GPG password

What happened instead?

Nothing. If my gpg pass is cached (by running pass manually in the terminal shortly before) then the extensions works as expected.

I've tried explicitly setting the path to the pinentry binary:

pinentry-program /usr/bin/pinentry-gnome3

but it didn't make a difference.

I found similar issues that were reported in the past, but couldn't find a resolution. Is there a way to get some more debugging information? Opening the extensions console and reproducing doesn't produce any console logs...

Any troubleshooting help would be appreciated!

[maximbaz]

Hello! Do you actually see a new pinentry (pinentry-gnome3) being used? In other words, when you use pass from terminal, does pinentry look different now? Have you tried restarting gpg-agent or just rebooting?

It would also be interesting to see if it works in another browser, and if it works if you launch browser from terminal, as opposed from using a launcher / desktop shortcut.

[eyalzek]

Hey!

When I run pass I can see a pinentry-gnome3 process started and I get prompted for the gpg password. When using the extension I get no dialog and seemingly no pinentry process either...

I tried rebooting, restart gpg-agent, reinstalling firefox, reinstalling webext-browserpass.

Regarding other browsers, that's actually an interesting questions, because on chrome the extension doesn't work at all for me:

I removed the extension and expected it to reload (I though it was packaged as part of webext-browserpass?) but it didn't show up, even after reinstalling webext-browserpass and completely purging/reinstalling google chrome. Am I supposed to install the extension manually on chrome?

[maximbaz]

I'm not 100% certain about webext-browserpass as it's not us who provide it, it's quite possible that it only provides setup for Chromium and not Google Chrome.

Try also to start Firefox from terminal, and then also to specify full path to gpg binary in extension settings, would that help by any chance?

[eyalzek]

That's what I would expect as per the docs and the fact that it does install it for firefox. I can also see files created in /usr/share/chromium/extensions/browserpass, though not sure why they're not loaded..

I tried setting the path to gpg (by creating .browserpass.json` in the pass repo root) and it didn't work.

Starting firefox from the CLI also doesn't produce any meaningful info.

Is there any way to get any type of logs from the extension to better understand what it's trying to do?

[eyalzek]

I installed the chrome extension manually and fixed the symlink in $HOME/.config/google-chrome/NativeMessagingHosts/com.github.browserpass.native.json and I can confirm that the chrome extension works as expected.

[maximbaz]

There isn't much going on, the extension side just makes a request to browserpass native (which clearly works, as you do get a list of entries), and then for decryption in particular, the native host is just executing gpg binary with some flags, and it's completely out of our control what gpg decides to do, whether it wants to ask for pin by opening a pinentry or not...

Huh it's actually very surprising that Chrome extension works for you and Firefox shows the error 🤔🤔 So if native host in general is able to talk to gpg (as proven by Chrome), then the only difference left is how native host is getting called by different browsers? 🤔 I don't think anyone else before had such observations 🤔

[eyalzek]

I added some flags to the gpg agent (specifically --debug-pinentry) and I compared the log output to a successful pinentry prompt from the chrome extension.

What's interesting is that it seems like it that firefox is actually prompting (or trying to at least) but is immediately canceled.

Firefox (shortened) output:

2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_11 -> SETPROMPT Passphrase:
2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_11 <- OK
2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_11 -> [[Confidential data not shown]]
2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_11 <- [[Confidential data not shown]]
2023-01-02 17:23:46 gpg-agent[39374] DBG: error calling pinentry: Operation cancelled <Pinentry>
2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_11 -> BYE
2023-01-02 17:23:46 gpg-agent[39374] failed to unprotect the secret key: Operation cancelled
2023-01-02 17:23:46 gpg-agent[39374] failed to read the secret key
2023-01-02 17:23:46 gpg-agent[39374] command 'PKDECRYPT' failed: Operation cancelled <Pinentry>
2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_10 -> ERR 83886179 Operation cancelled <Pinentry>
2023-01-02 17:23:46 gpg-agent[39374] DBG: chan_10 <- [eof]

Chrome (shortened) output:

2023-01-02 17:27:05 gpg-agent[39374] DBG: chan_11 -> SETPROMPT Passphrase:
2023-01-02 17:27:05 gpg-agent[39374] DBG: chan_11 <- OK
2023-01-02 17:27:05 gpg-agent[39374] DBG: chan_11 -> [[Confidential data not shown]]
2023-01-02 17:27:09 gpg-agent[39374] DBG: chan_11 <- [[Confidential data not shown]]
2023-01-02 17:27:09 gpg-agent[39374] DBG: error calling pinentry: Operation cancelled <Pinentry>
2023-01-02 17:27:09 gpg-agent[39374] DBG: chan_11 -> BYE
2023-01-02 17:27:09 gpg-agent[39374] failed to unprotect the secret key: Operation cancelled
2023-01-02 17:27:09 gpg-agent[39374] failed to read the secret key
2023-01-02 17:27:09 gpg-agent[39374] command 'PKDECRYPT' failed: Operation cancelled <Pinentry>
2023-01-02 17:27:09 gpg-agent[39374] DBG: chan_10 -> ERR 83886179 Operation cancelled <Pinentry>
2023-01-02 17:27:09 gpg-agent[39374] DBG: chan_10 <- [eof]

The relevant part here is the timestamp, in Firefox the "Operation cancelled" message came immediately. With Chrome I got the prompt and waited a few second before canceling it.

What could cause that? Any idea on how to debug further?

[maximbaz]

Hmmm very interesting 🤔 Could you compare your gpg configs to mine, do you see something that you have and I don't, that could be relevant?

[eyalzek]

The weirdest part is that I have a laptop running the exact same set up (debian testing, same versions of gdm, firefox, browserpass, pinentry, gpg, etc) and it works as expected... I cannot find any obvious difference between the two machines.

As for the gpg configs, I don't have any. Just added the following now to enable debug logging:

$ cat gpg-agent.conf 
log-file /home/eyal/gpg-agent.log
max-cache-ttl 0
debug-level guru
debug-pinentry
debug 1024

[maximbaz]

Unfortunately I don't have any other ideas at the moment... 🤔

[eyalzek]

Is there a way to enable debug logging for the extension?

Moreover, if the pinentry dialog would've been canceled, I would also expect the extension to show some kind of error (as I see on Chrome when I close the prompt without entering a password) - in my case I'm seeing nothing but "Loading entry details" and then nothing...

[maximbaz]

There's no debug logging built in, you can try to just use browser debugger to go step by step, or add console.log calls yourself... However in your particular case there just isn't much to debug because extension does not participate in anything except issuing a request and waiting for response... And so if you still see Loading, it likely means the browser does not even send the response back to the extension...

https://github.com/browserpass/browserpass-extension/blob/c10b47dd12193eadd6f6a088bfac3614d84a2261/src/background.js#L849

[eyalzek]

Yeah I'm really not sure how to proceed, I ran strace for gpg agent and tried to compare the output between chrome and firefox, but still can't find anything obvious there.

[maximbaz]

Let's see, maybe someone from the community will see this thread and help us out, if nothing else, with ideas of what else to try...

[eyalzek]

Just to update, this was happening on a PC that I wasn't using for a few good months, so I went through a significant round of updates...

I noticed that it wasn't booting to Wayland and I traced it to Nvidia driver. Today after some manual intervention and reinstallation of the nvidia-driver I finally managed to boot back to Wayland - and now (for the first time since discussing it here on the ticket) I tried the extension and it works as expected.

So I can't say for sure that it has anything to do with Wayland, because I hadn't done any testing throughout the process of getting it back into shape, but it's possible.

In any case, I will go ahead and close this issue. Thanks again for the support!