Snap: Improve Web-browser Native Messaging host functionality #10906
Conversation
|
PR marked as a draft as due Snap Store policy, being able to distribute KeepassXC will require a one time review that could take up to 2 weeks. We would like to minimize the time between acquiring permission from the Snap Store and actually building/uploading any snaps with this functionality as otherwise doing so will keep triggering the review process and deny uploads. Ideally, the store would agree for this to be autoconnected as it enables major functionality in the app and the permissions required to do so are very specific and within reasonable users expectations. |
This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files. Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions. This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc. For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps. e.g., `sudo ln -s /var/lib/snapd/snap /snap`
|
Request for |
|
This looks excellent! Haven't tested it yet though. |
Decrease privileges on TBB Native Hosts folder to just the KeepassXC manifest
* Snap: Improve Web-browser Native Messaging host functionality This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files. Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions. This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc. For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps. e.g., `sudo ln -s /var/lib/snapd/snap /snap` --------- Co-authored-by: Jonathan White <[email protected]>
Release 2.7.9 * Passkeys: Ability to easily remove a passkey from an entry [keepassxreboot#10777] * Snap: Use new desktop portal for native messaging integration [keepassxreboot#10906] * Improve entry placeholder/reference feature [keepassxreboot#10846] * Improve CSV importing when title field isn't specified [keepassxreboot#10843] * Improve encrypted Bitwarden importing [keepassxreboot#10800] * Improve database settings UX [keepassxreboot#10821] * Improve handling of clipboard actions from entry preview [keepassxreboot#10810] * Improve group/entry view resize behavior and set sensible defaults [keepassxreboot#10641] * Passkeys: Fix incorrect username fill [keepassxreboot#10874] * Passkeys: Return additional data to the extension [keepassxreboot#10857] * Fix password clear timer inconsistency on unlock view [keepassxreboot#10708] * Fix portability check [keepassxreboot#10760] * Fix page overflow on HTML exports [keepassxreboot#10735] * Fix broken builds when using system provided zxcvbn [keepassxreboot#10717] * Fix copy password button when text is selected [keepassxreboot#10853] * Fix tab ordering on application settings pages [keepassxreboot#10907] * SSH Agent: Fix broken decrypt button [keepassxreboot#10638] * Windows: Fix ALT Auto-Type modifier [keepassxreboot#10795] * Windows: Fix wrong DACL memory size allocation [keepassxreboot#10712] * macOS: Fix monospace font sizing [keepassxreboot#10739] * Flatpak: Fix configuration settings off-by-one error [keepassxreboot#10688] * BSD: Fix compiling with libusb implementation [keepassxreboot#10736] # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEENIkEDB8MPuq41ValRA/GXy4MbgEFAmZzTogACgkQRA/GXy4M # bgHahggAg+hzMTiM0uDaw5yfxhv6GEfQQBPHMhX3JDyHEC+i7Pq6OjlxQkdUrRdu # f4w74od5jSul0Al/ehu9L2eZwNPMnU87FWDn16o1btYHsG9n24v5S0DuQoLXUjde # Y9nJNKeRNoWAlVKWbUG2YGvy9hF9YbtrFaiBksaQ+g3w8Xz82PzLY0VaUu4Xa/LO # RXAhryJC+8T3T479dXpHxJcUmEWkoY4bqj1i6R8tEK5Kz9y1c0kqzqwWysKMj+rD # WxTb2V4y9s57pO35zt9yxMLg66xx9bdcQHbSULa2vZNMFd9qdqk8WJmWFle112yG # UCBXv2ZIjd3lghPt0IrD+WKcuL85Aw== # =rbfs # -----END PGP SIGNATURE----- # gpg: directory '/home/runner/.gnupg' created # gpg: keybox '/home/runner/.gnupg/pubring.kbx' created # gpg: Signature made Wed Jun 19 21:32:56 2024 UTC # gpg: using RSA key 3489040C1F0C3EEAB8D556A5440FC65F2E0C6E01 # gpg: Can't check signature: No public key
Release 2.7.9 * Passkeys: Ability to easily remove a passkey from an entry [keepassxreboot#10777] * Snap: Use new desktop portal for native messaging integration [keepassxreboot#10906] * Improve entry placeholder/reference feature [keepassxreboot#10846] * Improve CSV importing when title field isn't specified [keepassxreboot#10843] * Improve encrypted Bitwarden importing [keepassxreboot#10800] * Improve database settings UX [keepassxreboot#10821] * Improve handling of clipboard actions from entry preview [keepassxreboot#10810] * Improve group/entry view resize behavior and set sensible defaults [keepassxreboot#10641] * Passkeys: Fix incorrect username fill [keepassxreboot#10874] * Passkeys: Return additional data to the extension [keepassxreboot#10857] * Fix password clear timer inconsistency on unlock view [keepassxreboot#10708] * Fix portability check [keepassxreboot#10760] * Fix page overflow on HTML exports [keepassxreboot#10735] * Fix broken builds when using system provided zxcvbn [keepassxreboot#10717] * Fix copy password button when text is selected [keepassxreboot#10853] * Fix tab ordering on application settings pages [keepassxreboot#10907] * SSH Agent: Fix broken decrypt button [keepassxreboot#10638] * Windows: Fix ALT Auto-Type modifier [keepassxreboot#10795] * Windows: Fix wrong DACL memory size allocation [keepassxreboot#10712] * macOS: Fix monospace font sizing [keepassxreboot#10739] * Flatpak: Fix configuration settings off-by-one error [keepassxreboot#10688] * BSD: Fix compiling with libusb implementation [keepassxreboot#10736]
|
@JGCarroll Hi, thanks for your great work. But i tried the keepassXC snap beta channel (ver 2.7.9) , it didn't work with the chromium snap, anything i'm missing ? |
|
@boukendesho As far as I know, Chromium Snap does not have native messaging support. Only the Firefox has. |
The compatability matrix isn't as high as I'd currently like. This patch should work on Ubuntu 22.04 and derivs with the Chromium snap. It wouldn't work on Chromium Snap on E.G Fedora but would work for Chrome (unsandboxed) on Fedora. The underlying cause comes down to the Ubuntu XDG Desktop Portals having a custom interface that's not yet upstreamed but has picked up steam again recently: This should provide the framework for other distributions (and also generally for Flatpaks), the Firefox patch for snaps is now actually upstreamed into Firefox and would be ready for Flatpaks as soon as if/when this interface is merged upstream. For Chrome I'm unsure, but the Chromium snap should have it anyway. Effectively this comes down to, what distribution are you trying on? |
|
Thanks for the explanation.
Ubuntu 24.10 |
|
I've just tried the Ubuntu 24.10 Gnome live image in a VM, with the KeepassXC 2.7.9 snap (on the beta channel for now) and the default snap Firefox, it works for me fine. There's a chance you might benefit from resetting the stored XDG Portals state for the Webextensions interface, which is as simple as: Followed by logging in and out in order to have the services reload the now empty config. If this doesn't work, it'd imply that there's something misconfigured or unavailable outside the snap itself, given that both Firefox and KeepassXC can be all but assured to be operating correctly, this would be the XDG Portals themselves on your system, each DE needs a valid frontend to function, so e.g., there's a Gnome specific frontend, a generic GTK one, a KDE one, an Xapps one, etc. Could you check that you have the right package for your DE (assuming there is one). If not, try the GTK one as it's considered the effective default fallback, e.g., for Ubuntu that'd be Edit: Just some other quick points
|
|
Thank you for reminding me, I forgot to promote beta to stable, just did that now |
|
@JGCarroll Hi, thanks for the test. In my experience, the firefox snap always works fine with keepassXC snap, from long time ago , even without this patch. I'm a bit frustrated that I haven't been able to find a way to make the chromium snap work effectively with keepassXC snap. |
|
With the external script that's been provided this would have worked sure, the patch effectively replaced the script that was recommended historically letting the application take responsibility itself, so there's not a different UX flow between KeepassXC as a snap Vs the other packages. I'd imagine you'd used this script before to get it working. I'll try again with Chromium specifically in the next few hours, it could be Chromium has regressed, but ultimately as far as KeepassXC goes I can't imagine this code would ever get changed unless the portals spec significantly changes, it's advertising itself to the system properly so it's up to the rest of the system to collaborate with that. My original testing with Chromium showed it working fine but I'll check in a while on the offchance Chromium itself has regressed. |
|
I've just tried this myself and this does appear to be specific to Chromium, which was shown to be working in April so is suggesting the Chromium Snap itself has regressed, I've logged the bug here: I wouldn't expect a resolution from the KeepassXC side here if it is indeed that the Chromium snap has dropped the patch at some point, the only fix is for them to add it back in and even the older script method to enable KeepassXC's snap WebExtension functionality wouldn't help here, if/when this patch is restored in Chromium I'd expect the KeepassXC snap to suddenly kick in with no changes on this end. |
This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files.
Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run
sudo snap connect keepassxc:browser-native-messagingto grant permissions.This will work on all distributions that expose
/snap/bin/- such as Ubuntu, Debian, etc. For systems which don't provide/snap/, such as Fedora, follow instructions for enabling "Classic" snaps. e.g.,sudo ln -s /var/lib/snapd/snap /snapDescribe your changes in detail, why is this change required?
Currently, if users install KeepassXC as a snap, the "Browser Integration" interface will instruct them to use an external script to set up the Native Messaging hosts. This is a poor user experience as it's a snap specific requirement, and also because it prevents KeepassXC being able clean up the host files (the user cannot "untick" and press ok on any browser).
This helps remove user friction by making things "just work" without compromising in security in any manner, the sandbox is expanded purely to accommodate the exact files required, and all existing certificate checks on the app & extensions themselves, the authentication process, etc, all remain as standard.
Explain large or complex code modifications.
Ultimately, this mirrors the workarounds used for the Flatpak build, the app needs to actively consider that the $HOME path it is presented with is not the real value on the host. By doing so, the files are instead exposed where they need to be to enable other programs to use them.
Whilst this will reduce bug reports and user problems significantly, it's not a magic bullet. There's 2 elements that come into play with compatibility.
Ultimately, most Snap users are Ubuntu users, so considering population demographics, this should still improve the majority of typical use cases.
/bin/snap/keepassxc.proxy, this isn't guaranteed to exist at that location. E.G., on Fedora, users would have to runsudo ln -s /var/lib/snapd/snap /snap, this follows the same semantics as enabling "Classic Snaps" support. This can be done before or after installation of KeepassXC, and KeepassXC itself is still operating under Strict confinement.Again, considering user demographics, I'd imagine most other distributions use the AppImage, Flatpak, or distro repo versions before considering snap, meaning this shouldn't be a common occurrence relatively.
Screenshots
N/A
Testing strategy
sudo snap connect keepassxc:browser-native-messagingis run, as will be required on any untrusted builds not published from the Snap Store.Test Environment, Ubuntu 24.04
Firefox Snap + KeepassXC snap: ✅
Firefox native + KeepassXC snap: ✅
Chromium Snap + KeepassXC Snap: ✅
Google-Chrome native + KeepassXC snap: ✅
Brave Snap + KeepassXC Snap: Failure as Brave has not adopted the XDG Desktop Portal patches, no regression in this patch.
Brave native + KeepassXC Snap: ✅
Type of change