Does not work with Firejail

[ckotte]

Just installed the host app and the extension, but can't get it to work..

General information

• Operating system + version: Arch Linux 4.15.14-1-ARCH
• Browser + version: Chromium Version 65.0.3325.181 (Official Build) Arch Linux (64-bit)
• Information about the host app:
  • How did you install it? via pacaur
  • If installed an official release, put a version: Browserpass host app version: 2.0.18
• Information about the browser extension:
  • How did you install it? via Chrome webstore
  • Browserpass extension version as reported by your browser: browserpass-ce 2.0.18

---

Exact steps to reproduce the problem

1. Install Chrome extension
2. Install host app
3. Click icon

What should happen?

I should see entries

What happened instead?

Error: Specified native messaging host not found.

[maximbaz]

Could you double check that AUR package installed successfully?

The thing is, it should have installed chrome extension by itself, you would not have needed to go to chrome webstore and install it manually. It looks like this on chrome://extensions, and you cannot remove it by hand:

Do the following files exist?

/etc/chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json
/etc/chromium/policies/managed/com.dannyvankooten.browserpass.json

Is the path to browserpass binary correct in the first file?

[ckotte]

Both files are there. The path is also correct:

cat /etc/chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json
{
  "name": "com.dannyvankooten.browserpass",
  "description": "Browserpass binary for the Chrome extension",
  "path": "/usr/bin/browserpass",
  "type": "stdio",
  "allowed_origins": [
    "chrome-extension://naepdomgkenhinolocfifgehidddafch/",
    "chrome-extension://klfoddkbhleoaabpmiigbmpbjfljimgb/"
  ]
}

I've deinstalled the webstore extension and re-installed browserpass. I also did a reboot just to be sure. Now I can't see any browserpass extension in Chrome.

I have to admit that I installed the extension first and then I read the readme and discovered that I need the host app as well.

[maximbaz]

This is really weird. How did you install chromium, is it the official one from extra? It feels as if these two files have no effect, as if they are in a wrong location or unreadable by chromium. If the second file (in policies) was present and accepted by chromium, you would not have been able to delete the extension, so the fact that you don't see any extension in Chromium is very confusing.

[ckotte]

Ok. I figured it out. Firejail blocks the access to the extension or host app. The extension works if I run Chromium without firejail.

Does Chrome only need access to both json files in /etc or also to the browserpass binary or something else? My other extensions work when firefailed. I can also access external files like Keepass database.

A side question: I can only match urls if I use Logins/github.com with or without url: in the file. I get "No matching passwords found" if I use Logins/GitHub with url: included.

[maximbaz]

Chrome needs access to these two files and to the browserpass binary, the binary on the other hand will need access to files on your system (to read password store) and to gpg binary (to decrypt those).

If you make it work without disabling firejail, could you post here the details on how you did so, for others who will experience the same issue?

---

Side question: browserpass is not decrypting every single file every time just to understand if this file should match or not, that would be too expensive. So url: property is only used if you want to launch a URL via browserpass - see this part of the README. The reason why Logins/GitHub is not matched is because the extension is doing a full match on domain name to protect you from phishing attacks, so if I register github.co and try to trick you into signing in over there, browserpass will not leak the credentials (more details here). You can of course leak those yourself by using the manual search 🙂

[ckotte]

If you make it work without disabling firejail, could you post here the details on how you did so, for others who will experience the same issue?

Will do, but I need more time. I don't know that much yet about firejail. This is the first time I have issues with that.

Do I need to install the extension from the webstore on other distributions or on macOS / Windows? Maybe you can add the information that the extension is included in browserpass on Arch to the README.

[maximbaz]

You have to install the extension everywhere, and you can install it before or after the host app. The extension is not really "included" on Arch, but instead there is a special trick that is hinting to Chrome to automatically install the extension from webstore if it is not yet installed.

I'd rather see people go to webstore and see "this extension is already installed" than rely on AUR to install the extension and be disappointed when that doesn't happen 🙂

[maximbaz]

I'll close the ticket because there's nothing actionable for this project to do, if you figure it out I'd appreciate a PR that adds this info to README, or a note here so that I can update the README myself.