Does not work in Chromium and Google Chrome (flatpak).

[candrapersada]

Expected Behavior

Current Behavior

KeePassXC-Browser in Chromium won't connect to KeePassXC even when database is open and Chromium is checked.

Possible Solution

Steps to Reproduce (for bugs)

1.Install KeePassXC on Linux from flathub.org and use or create a database.
2.Enable Browser Integration for Chromium.
3.Install Chromium on Linux from flathub.org.
4.Install KeePassXC-Browser extension from the Chrome Web Store.
5.Under Connected Databases in the settings of KeePassXC-Browser, click Connect.

Debug info

KeePassXC - {2.6.4}
KeePassXC-Browser - {1.7.6}
Operating system: Linux
Flatpak - {1.10.2}
Browser: Chromium and ungoogled-chromium

[droidmonkey]

If chromium is installed as a snap it will not work. Browsers installed as snaps cannot use native messaging.

[michael-markl]

Offtopic: For users who want to use chromium on (K)Ubuntu anyway: My current workaround is to install chromium via linux mint's apt package. Here's a blog entry that explains how one can achieve this: https://ubuntuhandbook.org/index.php/2020/11/chromium-browser-deb-available-linux-mint-20/

[prog-amateur2]

If chromium is installed as a snap it will not work. Browsers installed as snaps cannot use native messaging.

Hello Keepassxc team, I would like to draw your attention to the fact that someone in a forum managed to make keepassxc browser work with Firefox flatpak.

The idea is to run keepassxc-proxy inside Firefox Flatpak, then allowing Firefox Flatpak to access the socket : thus, the sandbox is preserved. Maybe this can be a solution as Mozilla prefers to work with snap packages and deb packages are planned to be end of life for Ubuntu.

Do you think this could be a possible solution ?

[Tiger862000]

Experiencing the same issue as @candrapersada described. Using Ungoogled-Chomium installed via flatpak and KeepassXC-Browser in conjunction with KeePassXC (flatpak).
Can you please look into the topic. Thank you!

[candrapersada]

and keepassxc does not work in Google Chrome (flatpak)

[NSurtsev]

The issue still remains, you can't sync flatpak keepassxc and flatpak browsers
P.S. Fedora Workstation 36

[varjolintu]

See this for a possible workaround until Flatpak has an official support for Native Messaging: #1631 (comment)

[blockfeed]

Confirming the report by @NSurtsev on Fedora 36.

I have com.github.Eloston.UngoogledChromium installed from flathub, with org.keepassxc.keepassxc_browser.json being generated at /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/NativeMessagingHosts through the settings ("custom browser").

ungoogled-chromium com.github.Eloston.UngoogledChromium 103.0.5060.114-2
keepassxc-2.7.1-2.fc36.x86_64
KeePassXC-Browser 1.8.1 (installed manually from crx)

I get "Key exchange was not successful.".

Thank you for your help.

[tazihad]

@blockfeed make sure you have make keepassxc-proxy-wrapper.sh as executable.
chmod +x keepassxc-proxy-wrapper.sh

[blockfeed]

[@zihaaad Thanks for the suggestion, but it appears something else may be going on with UngoogledChromium, even after following your Brave guide (with adjustments, obviously).

# flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.github.Eloston.UngoogledChromium

File locations:

# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh
# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/org.keepassxc.keepassxc_browser.json

And my json:

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

And the result:

[user@computer Default]$ flatpak run --command=/bin/sh com.github.Eloston.UngoogledChromium
[📦 com.github.Eloston.UngoogledChromium Default]$  bash -x keepassxc-proxy-wrapper.sh
+ APP_REF=org.keepassxc.KeePassXC/x86_64/stable
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /home/user/.local/share/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ FLATPAK_INST=/var/lib/flatpak
+ break
+ '[' -z /var/lib/flatpak ']'
+ APP_PATH=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active
++ awk -F= '$1=="runtime" { print $2 }'
+ RUNTIME_REF=org.kde.Platform/x86_64/5.15-21.08
+ RUNTIME_PATH=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active
+ exec flatpak-spawn --app-path=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files --usr-path=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active/files -- keepassxc-proxy
keepassxc-proxy: error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory

Any suggestions are appreciated!

[tazihad]

@blockfeed strange it works with Google Chrome (flatpak) but not with Chromium or Ungoogled Chromium.

[gasinvein]

Looks like flatpak-spawn sets LD_LIBRARY_PATH for the sub-sandbox when ran from Firefox sandbox, but not from Chromium sandbox (probably due to the later already set the env var for the parent app sandbox). Try adding --env=LD_LIBRARY_PATH=/app/lib to flatpak-spawn args in the script; I've updated the guide accordingly.

[llebout]

@blockfeed @gasinvein

[@zihaaad Thanks for the suggestion, but it appears something else may be going on with UngoogledChromium, even after following your Brave guide (with adjustments, obviously).

# flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.github.Eloston.UngoogledChromium

File locations:

# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh
# /home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/org.keepassxc.keepassxc_browser.json

And my json:

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/user/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/Default/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

And the result:

[user@computer Default]$ flatpak run --command=/bin/sh com.github.Eloston.UngoogledChromium
[📦 com.github.Eloston.UngoogledChromium Default]$  bash -x keepassxc-proxy-wrapper.sh
+ APP_REF=org.keepassxc.KeePassXC/x86_64/stable
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /home/user/.local/share/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"
+ '[' -d /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable ']'
+ FLATPAK_INST=/var/lib/flatpak
+ break
+ '[' -z /var/lib/flatpak ']'
+ APP_PATH=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active
++ awk -F= '$1=="runtime" { print $2 }'
+ RUNTIME_REF=org.kde.Platform/x86_64/5.15-21.08
+ RUNTIME_PATH=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active
+ exec flatpak-spawn --app-path=/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files --usr-path=/var/lib/flatpak/runtime/org.kde.Platform/x86_64/5.15-21.08/active/files -- keepassxc-proxy
keepassxc-proxy: error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory

Any suggestions are appreciated!

I followed what is written in those replies: #1631 (comment) #1631 (comment)

I was able to make it work with ungoogled-chromium flatpak by putting the script in this location: ~/.var/app/com.github.Eloston.UngoogledChromium/config/chromium/WidevineCdm/keepassxc-proxy-wrapper.sh and updating the json file accordingly.

I use the native version of KeepassXC from my Fedora installation but I installed the Flathub KeepassXC flatpak alongside my native version for the proposed solution to work, even though I am running my native version and the proxy seems to come from the flatpak, everything works and connects fine now.

It seems that there's additional sandboxing somewhere that prevents access to the script anywhere else. I have not found any other shared folder, though I didnt try to look any further once that one worked.

[gasinvein]

@leo-lb I don't see the --env=LD_LIBRARY_PATH=/app/lib arg in the flatpak-spawn invocation. Check if you've copied the script correctly.