Call for testing: native messaging support in the Firefox snap

I cannot open URLs with firefox <URL> from the terminal when Firefox is already running either, I wonder if both problems have the same root cause. :thinking:

EDIT: Seems like I’m not completely alone: https://askubuntu.com/questions/1426478/snap-firefox-is-already-running-but-is-not-responding

Now I also got this while starting Firefox, could it be related?

okt 03 19:52:54 desk systemd[5709]: Started snap.firefox.firefox.cf626230-5357-4854-a80d-ea2b7cdda834.scope.
okt 03 19:52:54 desk audit[1304]: USER_AVC pid=1304 uid=106 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ListNames" mask="send" name="org.freedesktop.DBus" pid=17489 label="snap.firefox.firefox" peer_label="unconfined"
                                   exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?'
okt 03 19:52:54 desk audit: MAC_TASK_CONTEXTS subj_apparmor=unconfined
okt 03 19:52:54 desk kernel: audit: type=1107 audit(1664815974.938:535): pid=1304 uid=106 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ListNames" mask="send" name="org.freedesktop.DBus" pid=17489 label="snap.firefox.firefox" peer_label="unconfined"
                              exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?'
okt 03 19:52:54 desk kernel: audit: type=1420 audit(1664815974.938:536): subj_apparmor=unconfined
okt 03 19:52:55 desk audit[17409]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 subj=? pid=17409 comm="firefox" exe="/snap/firefox/1912/usr/lib/firefox/firefox" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f4ad5ad873d code=0x50000
okt 03 19:52:55 desk kernel: audit: type=1326 audit(1664815975.018:537): auid=1000 uid=1000 gid=1000 ses=3 subj=? pid=17409 comm="firefox" exe="/snap/firefox/1912/usr/lib/firefox/firefox" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f4ad5ad873d code=0x50000
okt 03 19:52:55 desk kernel: audit: type=1107 audit(1664815975.286:540): pid=1304 uid=106 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ListNames" mask="send" name="org.freedesktop.DBus" pid=17409 label="snap.firefox.firefox" peer_label="unconfined"
                              exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?'
okt 03 19:52:55 desk kernel: audit: type=1420 audit(1664815975.286:541): subj_apparmor=unconfined
okt 03 19:52:55 desk audit: MAC_TASK_CONTEXTS subj_apparmor=unconfined
okt 03 19:52:55 desk audit[1304]: USER_AVC pid=1304 uid=106 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ListNames" mask="send" name="org.freedesktop.DBus" pid=17409 label="snap.firefox.firefox" peer_label="unconfined"
                                   exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?'
okt 03 19:52:55 desk audit: MAC_TASK_CONTEXTS subj_apparmor=unconfined

That at least means that the correct version of the XDG desktop portal is running. But it complains that it cannot find the manifest for a native app that was requested by an extension. It could be that it’s for another manifest that you haven’t installed though, not necessarily for the keepassxc one.

Would you mind filing a separate issue to get this problem investigated?

Can you share details on your desktop environment, whether it’s an X11 or Wayland session, relevant environment variables, etc?

No, it’s normal for a call to the very generic org.freedesktop.DBus.ListNames method to be denied.

1 Like

https://github.com/snapcore/snapd-desktop-integration/issues/23

Ubuntu 22.04.1, Gnome 42.4, X11 (but tested Wayland too, same problem).

Comparing with a clean Ubuntu 22.04 VM, I found these differences that I found relevant:

Environment variable Current Clean VM
DBUS_SESSION_BUS_ADDRESS [empty] unix:path=/run/user/1000/bus
DESKTOP_SESSION ubuntu ubuntu-xorg
XDG_CONFIG_DIRS /etc/xdg/xdg-ubuntu:/etc/xdg /etc/xdg/xdg-ubuntu-xorg:/etc/xdg/xdg-ubuntu:/etc/xdg
XDG_DATA_DIRS /usr/share/ubuntu:/usr/share/gnome:/home/slovdahl/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop:/var/lib/snapd/desktop /usr/share/ubuntu-xorg:/usr/share/gnome:/usr/share/ubuntu:/home/slovdahl/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
XDG_SESSION_DESKTOP ubuntu ubuntu-xorg

Are there other relevant environment variables? :thinking:

DBUS_SESSION_BUS_ADDRESS being empty is very suspicious, and looks like it could explain the problem.

1 Like

Indeed. Any idea of why it would not be set?

I tried setting it to the same value as the clean VM had when starting Firefox with DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus firefox and then doing DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus firefox google.com, and that actually opened the URL in the existing browser window :+1:

It also seems to fix the webextensions issue:

$ MOZ_LOG=NativeMessagingPortal:5 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus firefox_beta
[GFX1-]: glxtest: VA-API test failed: failed to initialise VAAPI connection.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[2022-10-05T11:21:41Z ERROR glean_core::metrics::ping] Invalid reason code startup for ping background-update
[Parent 1134864: Main Thread]: D/NativeMessagingPortal NativeMessagingPortal::NativeMessagingPortal()
[Parent 1134864: Main Thread]: D/NativeMessagingPortal will be used
[Parent 1134864: Main Thread]: D/NativeMessagingPortal NativeMessagingPortal::DelayedCall::DelayedCall()
[Parent 1134864: Main Thread]: D/NativeMessagingPortal D-Bus proxy ready for name org.freedesktop.portal.Desktop, path /org/freedesktop/portal/desktop, interface org.freedesktop.portal.WebExtensions
[Parent 1134864: Main Thread]: D/NativeMessagingPortal is available

And also setting the environment variable for flatpak gives me something that looks better:

$ DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus flatpak permissions webextensions
Table         Object                          App               Permissions Data
webextensions org.keepassxc.keepassxc_browser snap.firefox_beta no          0x00

So… How to get the environment variable properly set? :thinking:

usually your desktop session should be designed in a way that it spawns a dbus first thing before launching anything else… this should also export the variable with the correct path …

did you tinker in any way with your desktop session or your login manager (GDM most likely) ?

or is there anything else that is special about your desktop session that might differ from a standard desktop one ?

1 Like

Nothing that I can recall at least. :thinking: Any hints on what files I could compare with a clean Ubuntu 22.04 installation to find out? Nothing in /etc/bash.bashrc, /etc/profile, ~/.profile or ~/.bashrc stands out at least.

Alright, this is a bit embarrassing… I even tried to grep through my home folder and /etc for DBUS_SESSION_BUS_ADDRESS, but couldn’t find anything relevant for some reason. Until now when I happened to check the .desktop entry for my terminal application (in ~/.local/share/applications)…

Exec=env DBUS_SESSION_BUS_ADDRESS='' terminator

No recollection of where this comes from, but it has probably been there for 5-10 to years and been retained through backups.

1 Like

I was able to enable native-messaging with my app with the flatpak command to set the permission.

As I want to add the permission without installing flatpak, I’m exploring the DBus route (with org.freedesktop.impl.portal.PermissionStore) but I must restart the user session the be able to activate the permission.

Does anyone know how to refresh the PermissionStore without a session reset?

Yeah this is quite tricky. I can get native messaging starting from krunner only with sh -c 'firefox'. Running firefox or snap run firefox from it’s integrated terminal doesn’t work.

The PermissionStore API is meant for use by portals exclusively, I think. It makes sense that portals aren’t watching for changes in the permission database, because they expect to be the only ones writing there.

1 Like

This sounds like krunner isn’t spawning the portal with the right environment? Could it be a bug in krunner itself?

1 Like

Long awaited update: native messaging support is now available in the stable channel.

If you find issues with the functionality, feel free to either report them here, or file a bug.

Thanks to everyone who helped along the way to get here, the testing and feedback has been very valuable.

15 Likes

this is amazing. Could you include the new canonical way to make KeepassXC (snap or deb) and Firefox (snap) work together?

All you need to do is use keepassxc normally. Just check the box to enable Firefox support and everything will work. For snap deployments we are updating the Helper script now. Thank you @oSoMoN

Long awaited update: native messaging support is now available in the stable channel.

If you find issues with the functionality, feel free to either report them here, or file a bug .

Is this supposed to work out of the box? I have Firefox 106.0.5-1 from latest/stable, my gnome shell integration extension is enabled in about:addons, but https://extensions.gnome.org says something about connector API v6 not being available.

That’s a harmless warning. The extension should be able to talk to the connector regardless, and list your locally installed extensions. Does it?

4 Likes

It does, actually! Neat.

3 Likes

This seems to work with extensions.gnome.org for me, but 1Password and open_with don’t seem to be able to talk to their native apps.

I managed to capture logs from Firefox startup, if that helps

[Parent 12521: Main Thread]: D/NativeMessagingPortal creating session with handle suffix firefox_open_with_540547117
[Parent 12521: Main Thread]: D/NativeMessagingPortal session created with handle /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117
[Parent 12521: Main Thread]: D/NativeMessagingPortal starting open_with, requested by openwith@darktrojan.net in session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117
[Parent 12521: Main Thread]: D/NativeMessagingPortal native application start requested in session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117, pending response for /org/freedesktop/portal/desktop/request/1_242/firefox/260106597
[Parent 12521: Main Thread]: D/NativeMessagingPortal got response signal for /org/freedesktop/portal/desktop/request/1_242/firefox/260106597 in session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117
[Parent 12521: Main Thread]: D/NativeMessagingPortal native application start successful in session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117, requesting file descriptors
[Parent 12521: Main Thread]: D/NativeMessagingPortal got file descriptors for native application in session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117: (192, 207, 208)
[Parent 12521: Main Thread]: D/NativeMessagingPortal session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117 was closed by the portal
[Parent 12521: Main Thread]: D/NativeMessagingPortal cannot close session /org/freedesktop/portal/desktop/session/1_242/firefox_open_with_540547117, unknown handle
[Parent 12521: Main Thread]: D/NativeMessagingPortal will be used
[Parent 12521: Main Thread]: D/NativeMessagingPortal is available
[Parent 12521: Main Thread]: D/NativeMessagingPortal creating session with handle suffix firefox_com_1password_1password_60275599
[Parent 12521: Main Thread]: D/NativeMessagingPortal session created with handle /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599
[Parent 12521: Main Thread]: D/NativeMessagingPortal starting com.1password.1password, requested by {d634138d-c276-4fc8-924b-40a0ea21d284} in session /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599
[Parent 12521: Main Thread]: D/NativeMessagingPortal native application start requested in session /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599, pending response for /org/freedesktop/portal/desktop/request/1_242/firefox/1460337894
[Parent 12521: Main Thread]: D/NativeMessagingPortal got response signal for /org/freedesktop/portal/desktop/request/1_242/firefox/1460337894 in session /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599
[Parent 12521: Main Thread]: D/NativeMessagingPortal native application start canceled by user in session /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599
[Parent 12521: Main Thread]: D/NativeMessagingPortal session /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599 was closed by the portal
[Parent 12521: Main Thread]: D/NativeMessagingPortal cannot close session /org/freedesktop/portal/desktop/session/1_242/firefox_com_1password_1password_60275599, unknown handle
[Parent 12521: Main Thread]: D/NativeMessagingPortal will be used
[Parent 12521: Main Thread]: D/NativeMessagingPortal is available