search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
20.79k stars 1.44k forks source link

The flatpak distribution has missing SSH Agent forwarding capabilities #8460

Closed martino87r closed 11 months ago

martino87r commented 2 years ago

Overview

The flatpak application creates an entry where the socket forwarding is not enabled and thus keepass cannot send the keys to the SSH_AGENT.

Steps to Reproduce

Default installation in KDE from flathub creates the following application command: /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=keepassxc --file-forwarding org.keepassxc.KeePassXC @@ %f @@

Which is missing the required ENV vars and a newly added argument to allow SSH_AUTH_SOCK to be passed to the application

Expected Behavior

Default command would allow to connect to the ssh-agent

Actual Behavior

Unable to connect to socket, because it's not forwarded to the container

FIX

I'm unable to locate the build files for the flatpak so can't really submit a PR, but the relevant options are:

--env=SSH_AUTH_SOCK=$SSH_AUTH_SOCK this exposes the location of the ssh-agent socket --socket=ssh-auth this allows the container to access the socket

Full working command on my system:

/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=keepassxc --env=SSH_AUTH_SOCK=$SSH_AUTH_SOCK --socket=ssh-auth --file-forwarding org.keepassxc.KeePassXC @@ %f @@

VERSION

KeePassXC - Version 2.7.1 Revision: 5916a8f Distribution: Flatpak

Qt 5.15.5 Debugging mode is disabled.

Operating system: KDE Flatpak runtime CPU architecture: x86_64 Kernel: linux 5.19.2-zen1-2-zen

Enabled extensions:

Cryptographic libraries:

martino87r commented 2 years ago

For reference check the following issue: https://github.com/flatpak/flatpak/issues/1438

droidmonkey commented 2 years ago

Here is our flathub repo: https://github.com/flathub/org.keepassxc.KeePassXC

arigit commented 12 months ago

For those landing here and using the official flatpak, the current (2023.09+) flatpak enables the ssh-auth socket by default, however it is missing the environment variable setting. To fix this, using "Flatseal", add an environment variable to the keepassxc flatpak configuration, 

SSH_AUTH_SOCK=$SSH_AUTH_SOCK

and relaunch keepassxc.

droidmonkey commented 11 months ago

Opened a new issue over on the flatpak repo. Closing this since it was technically implemented.