Support Firefox flatpak

[bersace]

General information

• Operating system + version: Debian GNU/Linux 10 (buster)
• Browser + version: Firefox 76.0b3, mozilla-flatpak-1.0
• Information about the host app:
  • How did you install it? I didn't found instruction on how to install host app for flatpak FF.
  • If installed an official release, put a version ($ browserpass --version): X
  • If built from sources, put a commit id ($ git describe --always): X
• Information about the browser extension:
  • How did you install it? From marketplace.
  • Browserpass extension version as reported by your browser: 3.4.1

---

If you are getting an error immediately after opening popup, have you followed the Configure browsers documentation section?

I don't know how to configure FF in flatpak

---

Exact steps to reproduce the problem

1. Install Firefox from https://flathub.org/apps/details/org.mozilla.firefox

2. Install Browserpass-extension from https://addons.mozilla.org/fr/firefox/search/?q=browserpass&platform=Linux

3. Search documentation for flatpak :-)

What should happen?

I suggest that browserpass-native supports FF flatpak. This is similar to #82

What happened instead?

I had to use FF outside flatpak (from tar.gz). It's awesome. I just wanted to use Flatpak for security and convenience.

Great work anyway. How to support you ? Could you add a Paypal money pool ?

[maximbaz]

Hey! Yeah it's very similar to #82, we can keep this one open as well, but I'm afraid there is not much we can do from our side...

Quick googling showed a few similar unsolved requests:

• https://github.com/xhorak/firefox-devedition-flatpak/issues/92
• https://github.com/xhorak/firefox-devedition-flatpak/issues/97
• https://gitlab.gnome.org/GNOME/chrome-gnome-shell/issues/5

As far as I understand from the threads, even if you can get the native host somehow inside the flatpak sandbox, browserpass will still not have access to the "outside", e.g. to ~/.password-store...

Let's see... I have a feeling that there will be a solution to this soon, because afaik in new Ubuntu they use sandboxed Chromium by default now, so many people will be affected.

Great work anyway. How to support you ? Could you add a Paypal money pool ?

Thank you! We didn't plan any monetization on the project, I'm just happy that many people find it useful and take the time to secure their internet browsing!

Setting up PayPal would probably be an overkill... I did setup a GitHub sponsors page for fun once they announced it, if you really want you can maybe use that instead 😄 https://github.com/sponsors/maximbaz

But keep in mind that this really is a community project, @erayd is another maintainer, and in general you can see many contributions from different folks!

[bersace]

I found this issue : https://bugzilla.mozilla.org/show_bug.cgi?id=1621763 which led to a feature request in xdg-desktop-portal https://github.com/flatpak/xdg-desktop-portal/issues/283 .

But keep in mind that this really is a community project,

Yep, I wanted to thanks @erayd too.

[bersace]

I'll try the workaround.

[fourstepper]

@bersace have you figured out how to work around this?

From my understanding, you would have to get the native messaging host into the flatpak and then somehow open the sandbox up for the app to be able to access ~/.password-store. Not sure if I am missing something though

[bersace]

@fourstepper nope. I gave up using browser pass in flatpack and falled back to system installation.

[bkaczynski]

Hi, flatpak provides utility called flatpak-spawn [1]. I thought that using it with combination of --host flag resolve this problem but unfortunately it's not.

Tested with Firefox on flatpak by editing:

{
    "name": "com.github.browserpass.native",
    "description": "Browserpass native component for the Firefox extension",
    "path": "/usr/bin/flatpak-spawn --host browserpass",  // tested also with "/usr/bin/flatpak-spawn --host /usr/bin/browserpass"
    "type": "stdio",
    "allowed_extensions": ["browserpass@maximbaz.com"]
}

[1] https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-spawn

[xundeenergie]

Hi, flatpak provides utility called flatpak-spawn [1]. I thought that using it with combination of --host flag resolve this problem but unfortunately it's not.

Tested with Firefox on flatpak by editing:

{
    "name": "com.github.browserpass.native",
    "description": "Browserpass native component for the Firefox extension",
    "path": "/usr/bin/flatpak-spawn --host browserpass",  // tested also with "/usr/bin/flatpak-spawn --host /usr/bin/browserpass"
    "type": "stdio",
    "allowed_extensions": ["browserpass@maximbaz.com"]
}

[1] https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-spawn

where or how do i do this?

[yvay]

I was able to find a workaround by applying @bkaczynski's suggestion with some changes.

• The first thing you need to do is find your browser's config directory. In my case the directory is located at /home/yyyyyy/.var/app/org.mozilla.firefox/.mozilla which is mounted as /home/yyyyyy/.mozilla inside Flatpak. This will be different depending on your browser and installation.
• Using the Flatseal program, check "D-Bus session bus" for Mozilla Firefox (or whatever browser you're using).
• Add a script with the following content somewhere under your browser's config directory and mark it as executable. I used /home/yyyyyy/.var/app/org.mozilla.firefox/.mozilla/bin/browserpass.sh:

  #!/bin/sh
  cd ~
  /usr/bin/flatpak-spawn --host /usr/bin/browserpass

• Create the file native/messaging-hosts/com.github.browserpass.native.json and modify it to run the previous script instead of /usr/bin/browserpass directly. In my install the file must be located at /home/yyyyyy/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.github.browserpass.native.json:

  {
  "name": "com.github.browserpass.native",
  "description": "Browserpass native component for the Firefox extension",
  "path": "/home/yyyyyy/.mozilla/bin/browserpass.sh",
  "type": "stdio",
  "allowed_extensions": ["browserpass@maximbaz.com"]
  }

• Install the browser extension if you haven't already done so.

If it doesn't work you can append 2>/tmp/error.log to the flatpak-spawn command and navigate to file:///tmp/error.log from the browser to see what the error message is. Happy to help if you find any issues.

[doitian]

FYI, my steps to setup Edge.

The essential step is adding flatpak overrides to share folders to the sandbox. I install browserpass to "$HOME/opt", and put the password store in "$HOME/.password-store"

First install browserpass:

make BIN=browserpass-XXXX PREFIX=$HOME/opt configure
make BIN=browserpass-XXXX PREFIX=$HOME/opt install
make BIN=browserpass-XXXX PREFIX=$HOME/opt hosts-edge-user

Copy the native messaging hosts config file to the flatpak app config dir:

cp "$(realpath ~/.config/microsoft-edge/NativeMessagingHosts/com.github.browserpass.native.json)" ~/.var/app/com.microsoft.Edge/config/microsoft-edge/NativeMessagingHosts/

Share ~/opt and ~/.password-store to the app

flatpak override --user --filesystem=home/opt:ro com.microsoft.Edge
flatpak override --user --filesystem=home/.password-store:ro com.microsoft.Edge

Also share gpg config and run dir

flatpak override --user --filesystem=home/.gnupg:ro com.microsoft.Edge
flatpak override --user --filesystem=xdg-run/gnupg:ro com.microsoft.Edge 

The last, close Edge, kill the instances, then restart the app.

flatpak kill com.microsoft.Edge