Due to Snap sandboxing, you must run a script to enable browser integration

[xpusostomos]

Overview

I installed the keepass snap package as provided on keepassxc.org (2.5.4) on the latest Ubuntu, and the extention in Chrome.

While trying to get this working, I see this cryptic text in the Browser Integration settings pane:
"Due to Snap sandboxing, you must run a script to enable browser integration.
You can obtain this script from https://keepassxc.org"

Putting aside that making users run scripts isn't cool, there is no script mentioned at https://keepassxc.org. And I've just wasted an hour of my life diving into the documentation, FAQs and Google, and not found this mysterious script.

Can I suggest that the app itself might generate the script, or if that's not possible popup a window with the text, or worst case... at least link the user to some actual web page with the correct instructions.

Steps to Reproduce

1. Install keepassxc snap on Ubuntu and Chrome browser integration.

Expected Behavior

That integration might work.

Actual Behavior

Key exchange was not successful.

KeePassXC - 2.5.4
Revision: REVISION

Operating System: Ubuntu 20.04 LTS
Desktop Env: Gnome
Windowing System: X11

[droidmonkey]

If you clicked the link in the message it would literally have brought you to where you needed to go.

[droidmonkey]

[xpusostomos]

Well isn't that ass hattery on a major scale... a link that doesn't take you to where it says it does. And this stupidity warrants closing the issue does it?

[artemkozlenkov]

@xpusostomos
bash <(curl -s the_link_you_ve_copied_according_to_instructions)

[FelixSelter]

The title text should really be renamed to "download here" to avoid confusion

[ferenczy]

I had the same issue, I also didn't understand that the link points to a specific target and not just to the https://keepassxc.org homepage so it took me some time to locate the script. It would definitely help to change the link text to something less confusing, for example "Download here" as previously suggested.

[ferenczy]

I had the same issue. The link to download the script appeared (according to its text) to point to the keepassxc.org homepage, so I spent some time by searching for the script. It would definitely help to change the link text to something more clear like "Download here" as suggested previously.

[droidmonkey]

If you click the link it should bring you right to the download page that hosts the link to the script. We do that to allow changes to the script link without having to change the program itself. Either way I recommend moving to flatpak which doesn't need a script.

[FelixSelter]

Switched to flatpak. Now I get this error when trying to connect from the browser:

QSocketNotifier: Can only be used with threads started with QThread
Gtk-Message: 16:43:12.508: Failed to load module "appmenu-gtk-module"
Gtk-Message: 16:43:12.534: Failed to load module "canberra-gtk-module"
Gtk-Message: 16:43:12.534: Failed to load module "canberra-gtk-module"
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
QCommandLineParser: option not defined: "allow-screencapture"

I get this message on every click at the connect button: "qt.qpa.wayland: Wayland does not support QWindow::requestActivate()"

[droidmonkey]

That isn't preventing connecting to browser.

[FelixSelter]

I enabled the extension for firefox in the settings but still get the error: "Key exchange was not successful."

[droidmonkey]

https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide

[FelixSelter]

• I have installed keepassxc and firefox via flatpak.
• This is my config file cat ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json:

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC",
    "type": "stdio"
}

• I checked for keepassxc-proxy which was not running.
• I executed /var/lib/flatpak/app/org.keepassxc.KeePassXC/current/active/files/bin/keepassxc-proxy
• It was missing a dependency which might be installed through flatpak error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory
• I fixed it by installing botan sudo apt install botan
• It recognized some events {"action":"database-unlocked"}
• Key exchange is still failing

I checked the native messaging configuration path:

pgrep firefox
5406
16978
readlink -f /proc/5406/exe 
/snap/firefox/2710/usr/lib/firefox/firefox
readlink -f /proc/16978/exe

Both returned nothing:

• sudo strace -f -p 5406 2>&1 | grep keepass
• sudo strace -f -p 16978 2>&1 | grep keepass
  Both exchange many messages though
• sudo strace -f -p 5406 2>&1 | grep keepass
• sudo strace -f -p 16978 2>&1 | grep keepass
• sudo strace -f -p 5406
• sudo strace -f -p 16978

I checked the sockets

file /run/user/1000/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer 
/run/user/1000/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer: socket
file /run/user/1000/org.keepassxc.KeePassXC.BrowserServer
/run/user/1000/org.keepassxc.KeePassXC.BrowserServer: cannot open `/run/user/1000/org.keepassxc.KeePassXC.BrowserServer' (No such file or directory)

Firejail

cat ~/.config/firejail/firefox.local
cat: /home/felix/.config/firejail/firefox.local: No such file or directory
cat ~/.config/firejail/keepassxc.local
cat: /home/felix/.config/firejail/keepassxc.local: No such file or directory

I have created the files

cat ~/.config/firejail/firefox.local
noblacklist ${RUNUSER}/app
mkdir ${RUNUSER}/app/org.keepassxc.KeePassXC
whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC

cat ~/.config/firejail/keepassxc.local
noblacklist ${RUNUSER}/app

Then I restarted everything

flatpak run org.mozilla.firefox                                                                              10:05:32
Gtk-Message: 10:06:39.890: Failed to load module "appmenu-gtk-module"
Gtk-Message: 10:06:39.918: Failed to load module "canberra-gtk-module"
Gtk-Message: 10:06:39.919: Failed to load module "canberra-gtk-module"
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.

flatpak run org.keepassxc.KeePassXC                                                                          09:54:00
QSocketNotifier: Can only be used with threads started with QThread
Gtk-Message: 10:07:05.233: Failed to load module "appmenu-gtk-module"
Gtk-Message: 10:07:05.259: Failed to load module "canberra-gtk-module"
Gtk-Message: 10:07:05.260: Failed to load module "canberra-gtk-module"
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
QCommandLineParser: option not defined: "allow-screencapture"
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()

/var/lib/flatpak/app/org.keepassxc.KeePassXC/current/active/files/bin/keepassxc-proxy                        10:06:22
{"action":"database-unlocked"}

snap run firefox
Gtk-Message: 10:08:40.650: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.
Gtk-Message: 10:08:40.650: Failed to load module "appmenu-gtk-module"
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[ERROR glean_core] Error setting metrics feature config: Json(Error("EOF while parsing a value", line: 1, column: 0))
[Child 23780, Main Thread] WARNING: JSWindowActorChild::SendRawMessage (Conduits, ConduitClosed) not sent: !CanSend() || !mManager || !mManager->CanSend(): file /build/firefox/parts/firefox/build/dom/ipc/jsactor/JSWindowActorChild.cpp:57
[Child 23780, Main Thread] WARNING: JSWindowActorChild::SendRawMessage (Conduits, ConduitClosed) not sent: !CanSend() || !mManager || !mManager->CanSend(): file /build/firefox/parts/firefox/build/dom/ipc/jsactor/JSWindowActorChild.cpp:57
[Child 23780, Main Thread] WARNING: JSWindowActorChild::SendRawMessage (Conduits, ConduitClosed) not sent: !CanSend() || !mManager || !mManager->CanSend(): file /build/firefox/parts/firefox/build/dom/ipc/jsactor/JSWindowActorChild.cpp:57
ALSA lib conf.c:4120:(snd_config_update_r) Cannot access file /usr/share/alsa/alsa.conf
ALSA lib seq.c:935:(snd_seq_open_noupdate) Unknown SEQ default

Its still failing

[FelixSelter]

Thats the extension log from snap firefox:

KeePassXC-Browser: Connecting to native messaging host org.keepassxc.keepassxc_browser [client.js:317:13](moz-extension://8a3c368d-d76d-460d-abbe-655016eeb1cb/background/client.js)
[Error ] KeePassXC-Browser - Failed to connect: Unknown error [global.js:145:13](moz-extension://8a3c368d-d76d-460d-abbe-655016eeb1cb/common/global.js)
[Error ] KeePassXC-Browser - No content script available for this tab. [global.js:145:13](moz-extension://8a3c368d-d76d-460d-abbe-655016eeb1cb/common/global.js)
[Error keepass.js:262] KeePassXC-Browser - 5: Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings. [global.js:145:13](moz-extension://8a3c368d-d76d-460d-abbe-655016eeb1cb/common/global.js)
[Error ] KeePassXC-Browser - No content script available for this tab. 2 [global.js:145:13](moz-extension://8a3c368d-d76d-460d-abbe-655016eeb1cb/common/global.js)
[Error ] KeePassXC-Browser - Cannot send activated_tab message: Could not establish connection. Receiving end does not exist.

This is flatpak

KeePassXC-Browser: Connecting to native messaging host org.keepassxc.keepassxc_browser [client.js:317:13](moz-extension://0d47f8b5-c45a-4dfe-9b63-321e49471e93/background/client.js)
[Error ] KeePassXC-Browser - Failed to connect: Unknown error [global.js:145:13](moz-extension://0d47f8b5-c45a-4dfe-9b63-321e49471e93/common/global.js)
[Error ] KeePassXC-Browser - No content script available for this tab. [global.js:145:13](moz-extension://0d47f8b5-c45a-4dfe-9b63-321e49471e93/common/global.js)
[Error keepass.js:262] KeePassXC-Browser - 5: Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings. [global.js:145:13](moz-extension://0d47f8b5-c45a-4dfe-9b63-321e49471e93/common/global.js)
[Error ] KeePassXC-Browser - No content script available for this tab.

[droidmonkey]

You can not run Firefox as a flatpak.... they haven't added support for native messaging to their flatpak offering.

[FelixSelter]

So neither snap nor flatpak is working, building from scratch takes a day and the apt package is outdated?

[droidmonkey]

Snap Firefox should work

[michaelk83]

apt package is outdated

If you want the latest apt package, you'll need to use their PPA. You can find it on the download page.