New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firefox Snap / KeepassXC flatpak: KeePassXC-Browser - Failed to connect: Unknown error #1875
Comments
This shouldn't happen. Make sure you have the most up to date flatpak version of keepassxc After that, uncheck Firefox from the browser settings, press ok, then go back in and check Firefox, press ok. |
It is. After you have installed the extension to Snap Firefox there should be a separate permissions prompt for Native Messaging. |
I installed the flatpak version only yesterday, after having the same problems with the apt version of keepassxc (minus the window comes to front without anything happening) which was, however, outdated.
Didn't change anything.
Wow. I've never seen that. I had the extension already installed before upgrading ubuntu to 22.04 from 20.04. |
@marcelklehr Have you tried to remove the extension and install it again? Maybe the prompt is not appearing because of an update. |
Just tried. Doesn't help. |
Good morning, |
Both KeePassXC Flatpak and Appimage are having the same problem with Firefox Snap: The browser is trying to start the |
Is there a way to reference keepassxc-proxy inside the flatpak in the native-messaging-hosts file? Currently it references:
|
|
How does keepassxc know that firefox wants to start the proxy then? |
Firefox is supposed to add the extension ID as a command line parameter |
Snap Firefox isn't clearly doing that. |
I'm having this problem in snap and PPA as well. Tested each with a new Firefox Profile.
|
in #1879 I assumed you told me to install Keepass from PPA. That is what I did. I would rather like to keep my browser sandboxed... (In this guide it says what to do if Firefox is installed from PPA) |
@Leokap Did the Firefox prompted you for additional permissions when you installed the extension? |
well the permission is certainly set. And it has been set by the prompt, yes. |
@Leokap So are you using KeePassXC from the PPA or Snap now? I'm a little confused. If you are using the PPA, check the troubleshooting guide again and report your findings. |
I have both flatpak and PPA versions of KeepassXC installed. Removed snap (and .deb=2.6.6) since I thought it might interfere. Only 2.6.6 was able to connect. I was able to get it connected with firefox snap. (I tested .deb, snap and flatpak of Firefox for Video Hardware Encoding, only snap was able to do it. (due to 12th gen intel cpu another reason why I want to stay with snap.) |
I'm sorry the Firefox-.deb version works. I didn't see that |
Narrow down to using just the flatpak keepassxc and one version of Firefox. You have a mess on your system and this isn't keepassxc at fault. |
you are right. I tried it on a Live USB and it worked. (firefox-snap and keepass-PPA) |
1 - ubuntu 22.04.2 : firefox snap 110.0.01+ keepassxc 2.7.4 deb+keepassxc-browser 1.8.5.1 => does not work anymore ! 2 - ubuntu 22.04.2 : firefox deb 110.0.01+ keepassxc 2.7.4 deb+keepassxc-browser 1.8.5.1 => everything is OK ! A try what is broken in case 1? enough, i don't use firefox snap anymore! |
@dom21121 Probably the AppArmor profile. See the previous messages for solution. |
ubuntu 22.10 fresh install (firefox snap + keepassxc deb), not working... I will try to understand the AppArmor profile question. In the initial popup that authorizes the connection (attachment), it is written: Sorry but I'm an average user and I don't see where? I would like to check. THANKS |
That is likely done in the ubuntu store app while looking at the Firefox snap entry. Unless they have introduced a dedicated privacy settings panel for snaps. |
I've run
everything is working fine again... understand nothing... (I've keepassxc deb installed...) |
It's the same setup (1) with the exact same versions mentioned. I've just dropped firefox as snap and reinstalled it as deb from PPA. Now everything is working as expected again. I wanted to get rid of snap anyway, so canonical just give me another reason. |
This worked for me. Thanks! Not sure if this has anything to do with Canonical changing me over from deb firefox to snap firefox during an upgrade to Ubuntu 23.04 Lunar Lobster. |
I've now removed the firefox snap and installed firefox via the mozillateam apt repo. Smooth sailing. |
I'm experiencing a similar issue. Running firefox 113.0.1 on Arch with KeepassXC 2.7.5 and extension 1.8.6.1. Tried deleting |
for me using the ppa version of keepassxc (instead of flatpak) solved the issue |
What about ungoogled-chromium + keepassxc both installed via flatpak? |
@TCB13 AFAIK Chromium-based browsers will not work, installed with Snap or Flatpak. |
Thank you for the clarification. It would be nice to have ungoogled-chromium working as it is one of the most private options avialable. Since it doesn't contact any servers / have updates built in I essentially would like to keep running it as a flatpak. Extra isolation is just a bonus. Related: #1267 (comment) |
For Flatpak, see: flatpak/xdg-desktop-portal#705 and https://bugzilla.mozilla.org/show_bug.cgi?id=1621763. |
Hi all,
::::::::::::::
At every restart, fie file org.keepassxc.keepassxc_browser.json is overwritten by an erroroneus string: I must replace with the "ok" file and after a restart of KeppassXC works well. BR, |
@teicors Your issue is not related to this thread. Please make a new one to the https://github.com/keepassxreboot/keepassxc/issues list. |
To clarify, According to @varjolintu:
So it seems that it is fundamentally problematic for flatpacks and snaps to engage in native messaging. If you install the PPA instead of the flatpack there are no such limitations and everything is rosy. A clear note to that effect in troubleshooting tips would have saved me some hours. This appears to have been a recurring issue for so long that google can only surface incomplete, outdated, or unclear results for it. |
Will the PPA version of keepassxc with a flatpak browser such as Firefox or Ungoogled Chromium? |
No. It's up to Flatpak to solve problems with Native Messaging in their browser packages. For now, it seems there's no easy solutions for it. |
So looks like I'll just wait for a fix and enjoy. No way I'm going to install both of those on my system. |
I have the PPA version of keepassxc, and snap firefox beta |
This also worked for me after trying basically everything else with my snap-based Firefox including reinstalling things, resetting the database, snaps, PPAs, manual deb, and ultimately flatpak. I was about to go through the trouble of reverting back to non-snap-based Firefox (it's a pain anyway) but this did it. So I finally have the browser integration working on Kubuntu 23.10 with default system-provided firefox snap and the PPA KeepassXC 2.7.6. I also manually installed webext-keepassxc-browser from the default system repos but I have no idea if it was necessary or not. |
@varjolintu was there any reason why the change from TCP sockets to native messaging? I think years back when I was using windows, it used TCP connections. (correct me if i'm wrong? or maybe that was another keepass addon) IMO it makes things complicated for linux users which has varying setups, the usual installation for Ubuntu new comers Firefox Snap + KeepassXC appimage and it isn't working right out of the box And it seems like this guide is out of date: https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide, should probably update that to reflect the events that transpired here A lot of Chrome users will be switching to Firefox the following year due to this, I hope this can be addressed at least documentation wise, on which setup is working (i.e. which to use, Snap/PPA/AppImage for KeepassXC or Firefox) https://arstechnica.com/gadgets/2022/09/chromes-new-ad-blocker-limiting-extension-platform-will-launch-in-2023/ What worked for me personally is KeepassXC PPA + Firefox Snap on Ubuntu 22.04 LTS, what didn't work for me before was KeepassXC AppImage (which was the default or recommended way of installing KeepassXC) KeepassXC AppImage + Chrome Deb however works for me. |
In short, you cannot restrict TCP sockets to a certain user or process. Native Messaging and Unix sockets restricted to user level gives slightly better security compared to a socket that any user or process can listen with minimal effort. This was one of the biggest faults in the old KeePassHTTP: anyone could listen the TCP socket and capture keys from the encryption handshake (because it was faulty as well). If i have understood correctly, many other password managers (1Password, Bitwarden..) have later switched to Native Messaging for the same reason.
This is due Snap's way to handle Native Messaging. I haven't looked at the AppImage case yet, but it seems Snap only knows how to start normal binaries. Anything wrapped in AppImage tries to start the main KeePassXC process instead (IIRC). |
Expected Behavior
Connect my Firefox KeePassXC-Brower WebExtension to my KeepassXC flatpak
Current Behavior
It does not.
Possible Solution
I don't know if firefox snap on ubuntu 22.04 is currently supported or not, so that may be the issue, but in that case I recommend making that more clear as firefox snap is the default on ubuntu 22.04 afaik.
Steps to Reproduce (for bugs)
Debug info
KeePassXC - Version 2.7.4
Revision: 63b2394
Distribution: Flatpak
Qt 5.15.8
Debugging mode is disabled.
Operating system: KDE Flatpak runtime
CPU architecture: x86_64
Kernel: linux 5.19.0-32-generic
Enabled extensions:
Cryptographic libraries:
KeePassXC-Browser - 1.8.5.1
Operating system: Linux x86_64
Browser: Mozilla Firefox Snap For Ubuntu 110.0.1 (64-bit)
Operating system:
Ubuntu 22.04.2 LTS
GNOME 42.5
X11
Troubleshooting results
sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass
yields noopenat
messages whatsoever/run/user/1000/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer
exists/run/user/1000/org.keepassxc.KeePassXC.BrowserServer
does not existThe text was updated successfully, but these errors were encountered: