search

keepassxreboot / keepassxc-browser

KeePassXC Browser Extension
GNU General Public License v3.0
1.74k stars 182 forks source link

Does not work in Chromium and Google Chrome (flatpak). #1267

Open candrapersada opened 3 years ago

candrapersada commented 3 years ago

Expected Behavior

Current Behavior

KeePassXC-Browser in Chromium won't connect to KeePassXC even when database is open and Chromium is checked.

Possible Solution

Steps to Reproduce (for bugs)

1.Install KeePassXC on Linux from flathub.org and use or create a database. 2.Enable Browser Integration for Chromium. 3.Install Chromium on Linux from flathub.org. 4.Install KeePassXC-Browser extension from the Chrome Web Store. 5.Under Connected Databases in the settings of KeePassXC-Browser, click Connect.

Debug info

KeePassXC - {2.6.4} KeePassXC-Browser - {1.7.6} Operating system: Linux Flatpak - {1.10.2} Browser: Chromium and ungoogled-chromium

droidmonkey commented 3 years ago

If chromium is installed as a snap it will not work. Browsers installed as snaps cannot use native messaging.

michael-markl commented 3 years ago

Offtopic: For users who want to use chromium on (K)Ubuntu anyway: My current workaround is to install chromium via linux mint's apt package. Here's a blog entry that explains how one can achieve this: https://ubuntuhandbook.org/index.php/2020/11/chromium-browser-deb-available-linux-mint-20/

prog-amateur2 commented 3 years ago

If chromium is installed as a snap it will not work. Browsers installed as snaps cannot use native messaging.

Hello Keepassxc team, I would like to draw your attention to the fact that someone in a forum managed to make keepassxc browser work with Firefox flatpak.

The idea is to run keepassxc-proxy inside Firefox Flatpak, then allowing Firefox Flatpak to access the socket : thus, the sandbox is preserved. Maybe this can be a solution as Mozilla prefers to work with snap packages and deb packages are planned to be end of life for Ubuntu.

Do you think this could be a possible solution ?

Tiger862000 commented 2 years ago

Experiencing the same issue as @candrapersada described. Using Ungoogled-Chomium installed via flatpak and KeepassXC-Browser in conjunction with KeePassXC (flatpak). Can you please look into the topic. Thank you!

candrapersada commented 2 years ago

and keepassxc does not work in Google Chrome (flatpak) image

NSurtsev commented 2 years ago

The issue still remains, you can't sync flatpak keepassxc and flatpak browsers P.S. Fedora Workstation 36

varjolintu commented 2 years ago

See this for a possible workaround until Flatpak has an official support for Native Messaging: https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766

blockfeed commented 2 years ago

Confirming the report by @NSurtsev on Fedora 36.

I have com.github.Eloston.UngoogledChromium installed from flathub, with org.keepassxc.keepassxc_browser.json being generated at /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/NativeMessagingHosts through the settings ("custom browser").

ungoogled-chromium com.github.Eloston.UngoogledChromium 103.0.5060.114-2 keepassxc-2.7.1-2.fc36.x86_64 KeePassXC-Browser 1.8.1 (installed manually from crx)

I get "Key exchange was not successful.".

Thank you for your help.

tazihad commented 2 years ago

@blockfeed make sure you have make keepassxc-proxy-wrapper.sh as executable. chmod +x keepassxc-proxy-wrapper.sh

blockfeed commented 2 years ago

[@zihaaad Thanks for the suggestion, but it appears something else may be going on with UngoogledChromium, even after following your Brave guide (with adjustments, obviously).

# flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.github.Eloston.UngoogledChromium

File locations:

# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh
# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/org.keepassxc.keepassxc_browser.json

And my json:

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

And the result:

[user@computer Default]$ flatpak run --command=/bin/sh com.github.Eloston.UngoogledChromium
[📦 com.github.Eloston.UngoogledChromium Default]$  bash -x keepassxc-proxy-wrapper.sh
+ APP_REF=org.keepassxc.KeePassXC/x86_64/stable
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /home/user/.local/share/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ FLATPAK_INST=/var/lib/flatpak
+ break
+ '[' -z /var/lib/flatpak ']'
+ APP_PATH=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active
++ awk -F= '$1=="runtime" { print $2 }'
+ RUNTIME_REF=org.kde.Platform/x86_64/5.15-21.08
+ RUNTIME_PATH=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active
+ exec flatpak-spawn --app-path=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files --usr-path=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active/files -- keepassxc-proxy
keepassxc-proxy: error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory

Any suggestions are appreciated!

tazihad commented 2 years ago

@blockfeed strange it works with Google Chrome (flatpak) but not with Chromium or Ungoogled Chromium.

gasinvein commented 1 year ago

Looks like flatpak-spawn sets LD_LIBRARY_PATH for the sub-sandbox when ran from Firefox sandbox, but not from Chromium sandbox (probably due to the later already set the env var for the parent app sandbox). Try adding --env=LD_LIBRARY_PATH=/app/lib to flatpak-spawn args in the script; I've updated the guide accordingly.

llebout commented 1 year ago

@blockfeed @gasinvein

[@zihaaad Thanks for the suggestion, but it appears something else may be going on with UngoogledChromium, even after following your Brave guide (with adjustments, obviously).

# flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.github.Eloston.UngoogledChromium

File locations:

# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh
# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/org.keepassxc.keepassxc_browser.json

And my json:

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

And the result:

[user@computer Default]$ flatpak run --command=/bin/sh com.github.Eloston.UngoogledChromium
[📦 com.github.Eloston.UngoogledChromium Default]$  bash -x keepassxc-proxy-wrapper.sh
+ APP_REF=org.keepassxc.KeePassXC/x86_64/stable
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /home/user/.local/share/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ FLATPAK_INST=/var/lib/flatpak
+ break
+ '[' -z /var/lib/flatpak ']'
+ APP_PATH=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active
++ awk -F= '$1=="runtime" { print $2 }'
+ RUNTIME_REF=org.kde.Platform/x86_64/5.15-21.08
+ RUNTIME_PATH=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active
+ exec flatpak-spawn --app-path=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files --usr-path=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active/files -- keepassxc-proxy
keepassxc-proxy: error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory

Any suggestions are appreciated!

I followed what is written in those replies: https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766 https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1170629567

I was able to make it work with ungoogled-chromium flatpak by putting the script in this location: ~/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/WidevineCdm/keepassxc-proxy-wrapper.sh and updating the json file accordingly.

I use the native version of KeepassXC from my Fedora installation but I installed the Flathub KeepassXC flatpak alongside my native version for the proposed solution to work, even though I am running my native version and the proxy seems to come from the flatpak, everything works and connects fine now.

It seems that there's additional sandboxing somewhere that prevents access to the script anywhere else. I have not found any other shared folder, though I didnt try to look any further once that one worked.

gasinvein commented 1 year ago

@leo-lb I don't see the --env=LD_LIBRARY_PATH=/app/lib arg in the flatpak-spawn invocation. Check if you've copied the script correctly.

klack commented 1 week ago

Ungoogled Chromium Flatpak Instructions:

Modified from fix created by @gasinvein

  1. Grant the browser access to KeePassXC flatpak app and KDE runtime installations, and to the KeePassXC proxy socket: 

    flatpak override --user \
--filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro \
--filesystem=xdg-run/app/org.keepassxc.KeePassXC:create \
io.github.ungoogled_software.ungoogled_chromium

  2. Create wrapper script at
    ~/.var/app/io.github.ungoogled_software.ungoogled_chromium/data/bin/keepassxc-proxy-wrapper.sh and chmod +x ~/.var/app/io.github.ungoogled_software.ungoogled_chromium/data/bin/keepassxc-proxy-wrapper.sh

#!/bin/bash

APP_REF="org.keepassxc.KeePassXC/x86_64/stable"

for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
    if [ -d "$inst/app/$APP_REF" ]; then
        FLATPAK_INST="$inst"
        break
    fi
done
[ -z "$FLATPAK_INST" ] && exit 1

APP_PATH="$FLATPAK_INST/app/$APP_REF/active"

RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"

exec flatpak-spawn \
    --env=LD_LIBRARY_PATH=/app/lib \
    --app-path="$APP_PATH/files" \
    --usr-path="$RUNTIME_PATH/files" \
    -- keepassxc-proxy "$@"
  1. Put the native messaging host json manifest to a the path where flatpaked Ungoogled Chromium will look ~/.var/app/io.github.ungoogled_software.ungoogled_chromium/config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
{
    "allowed_origins": [
        "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/",
        "chrome-extension://oboonakemofpalcgghocfoadofidjkkk/"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/<your-username>/.var/app/io.github.ungoogled_software.ungoogled_chromium/data/bin/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}
klack commented 1 week ago

KeepassXC extention with a flatpak browser 2024 Getting KeepassXC to work with Chromium flatpak Getting KeepassXC to work with Ungoogled Chromium flatpak