Call for testing: native messaging support in the Firefox snap

Only in beta and edge for now. Working to get this merged upstream in order to cherry-pick into the stable channel ASAP.

2 Likes

What’s the output of flatpak permissions webextensions ?

1 Like

GNOME Shell integration works for me, but KeePassXC extension does not. I restarted my computer and all the apps a couple times, I reinstalled everything at least once.

Firefox install info

$ snap list | grep firefox
firefox                               105.0b9-1                   1826   latest/beta      mozilla**       -

xdg install info

dpkg -l | grep xdg-desktop
ii  xdg-desktop-portal                         1.14.4-1ubuntu2~22.04.1                 amd64        desktop integration portal for Flatpak and Snap
ii  xdg-desktop-portal-gnome                   42.1-0ubuntu1                           amd64        GNOME portal backend for xdg-desktop-portal
ii  xdg-desktop-portal-gtk                     1.14.0-1build1                          amd64        GTK+/GNOME portal backend for xdg-desktop-portal

Firefox debug info

snap run firefox
Failed to load module "canberra-gtk-module"
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
Missing chrome or resource URL: resource://gre/modules/UpdateListener.sys.mjs
...
[Parent 11866: Main Thread]: D/NativeMessagingPortal will be used
[Parent 11866: Main Thread]: D/NativeMessagingPortal is available
[Parent 11866: Main Thread]: D/NativeMessagingPortal creating session with handle suffix firefox_org_keepassxc_keepassxc_browser_1193117672
[Parent 11866: Main Thread]: D/NativeMessagingPortal session created with handle /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672
[Parent 11866: Main Thread]: D/NativeMessagingPortal starting org.keepassxc.keepassxc_browser, requested by keepassxc-browser@keepassxc.org in session /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672
[Parent 11866: Main Thread]: D/NativeMessagingPortal native application start requested in session /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672, pending response for /org/freedesktop/portal/desktop/request/1_212/firefox/1480557725
[Parent 11866: Main Thread]: D/NativeMessagingPortal got response signal for /org/freedesktop/portal/desktop/request/1_212/firefox/1480557725 in session /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672
[Parent 11866: Main Thread]: D/NativeMessagingPortal native application start canceled by user in session /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672
[Parent 11866: Main Thread]: D/NativeMessagingPortal session /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672 was closed by the portal
[Parent 11866: Main Thread]: D/NativeMessagingPortal cannot close session /org/freedesktop/portal/desktop/session/1_212/firefox_org_keepassxc_keepassxc_browser_1193117672, unknown handle

KeePassXC plugin error in UI is:

KeePassXC-Browser has encountered an error:
Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings.

KeePassXC install info

$ snap list | grep keepassxc
keepassxc                             2.7.1                       1563   latest/stable    keepassxreboot  -

Native messaging hosts

$ cat ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json 
{
    "name": "org.keepassxc.keepassxc_browser",
    "description": "KeePassXC integration with native messaging support",
    "path": "/snap/bin/keepassxc.proxy",
    "type": "stdio",
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ]
}

Came in this morning and found that it’s broken again.

It looks like it’s to do with the way it’s invoked - the application icon in my K-menu runs /snap/bin/firefox %u and KeepassXC doesn’t work.

Until this morning, I’d been running with snap run firefox. Using that again, KeepassXC springs back into life

snap list only shows one Firefox install.

Edit: editing the K-menu application to run snap run firefox doesn’t fix it. It only seems to run when snap run firefox is invoked from a terminal. Editing the application shortcut and setting “run in terminal” gets it working - I guess there must be something different in the environment…

The above suggests that it’s missing the user permission for keepassxc. What’s the output of flatpak permissions webextensions ?

1 Like

@oSoMoN My flatpak permissions are:

flatpak permissions webextensions
Table         Object                          App          Permissions Data
webextensions org.keepassxc.keepassxc_browser snap.firefox no          0x00
webextensions org.gnome.chrome_gnome_shell    snap.firefox yes         0x00

I’ll try again on the weekend and see if it works with keepass enabled in flatpak. That said, why should I need anything to do with flatpak if all my apps are installed with snap?

1 Like

because the portals do not yet ship their own permission management tool and are developed mainly by flatpak devs …

2 Likes

Yes, try this:

flatpak permission-set webextensions org.keepassxc.keepassxc_browser snap.firefox yes

The use of the flatpak command is quite confusing indeed. As @ogra wrote, this is because the permissions database, even though it’s not flatpak-specific (it’s also used for snaps), doesn’t have its own separate management tool yet.

2 Likes

I can’t reproduce the issue you’re describing here. Regardless of how firefox is launched, communication with a running keepassxc works. Note that keepassxc needs to be running for the key exchange to work, the firefox extension isn’t going to launch it for you.

Admittedly, I didn’t test on a KDE desktop, but I did launch firefox in various different ways (snap run firefox, firefox, /snap/bin/firefox, from the GNOME shell dock), and all worked.

This is with the latest revision in the beta channel, 105.0b9-1 (revision 1836).

1 Like

I don’t currently have a good explanation for it, as I got waylaid and haven’t dug much further yet. I had a quick look in about:support but the environment looks the same.

Keepassxc is open, Firefox just can’t talk to it.

I’ll try and fiddle with it in a little bit - my line of thinking was to adjust the command to enable logging and redirect that to a file somewhere to see if it yields anything.

OK, I’ve done some more testing - I don’t think you’re going to repro this without KDE.

Notes so far are here, but to summarise:

It seems to only happen when launching Firefox from the K-Menu, and only when Launch Feedback is enabled (which I think is the default). I assume there’s something D-Bus’y getting in the way but it’s been a while since I’ve delved into KDE’s internals.

It definitely needs K-Menu’s involvement though:

Launch Firefox from K-Menu, confirm you’re in a broken state, then exit

Copy the .desktop out of the menu

cp /home/ben/.local/share/applications/firefox_firefox.desktop firefox_firefox_notworking.desktop

Browse to the file
Double click it
Firefox will come up with Keepassxc comms working.

It also looks like the K-Menu tries to guess whether the provided command is a shell command, and changes the way that things are executed depending on that assessment

This gives the broken behaviour

env MOZ_LOG=NativeMessagingPortal:5 MOZ_LOG_FILE=/tmp/ff_log.log /usr/bin/snap run firefox %u

This doesn’t

MOZ_LOG=NativeMessagingPortal:5 MOZ_LOG_FILE=/tmp/ff_log.log /usr/bin/snap run firefox %u

Unfortunately neither results in any log lines :frowning:

Whatever this is, it looks like it’s probably K-Menu specific. I’ll try dig in a bit further later in the week and see whether I can find any more - I don’t yet have an explanation for why it’s working reliably on one system and not the other either.

But, for now at least, doesn’t look like it’s an issue with the snap

Edit:

I’ve not narrowed down why yet, but xdg-desktop-portal is asserting and dying.

XDP: org.freedesktop.portal.Desktop acquired
XDP: Assigning app ID "" to pid 756333 which has unit "app-firefox_firefox-5dcff4c2195f41a88a704e57462cf14c.scope"
XDP: Read org.freedesktop.appearance color-scheme
XDP: webextensions session owned by ':1.1798' created
XDP: No permissions stored for: webextensions org.keepassxc.keepassxc_browser, app 

(/usr/libexec/xdg-desktop-portal:756316): GLib-GIO-CRITICAL **: 20:27:04.443: g_app_info_get_id: assertion 'G_IS_APP_INFO (appinfo)' failed

(/usr/libexec/xdg-desktop-portal:756316): GLib-CRITICAL **: 20:27:04.443: g_strsplit: assertion 'string != NULL' failed

If I “fix” the item by enabling run in terminal, we don’t get that complaint about t here not being any permissions

XDP: providing portal org.freedesktop.portal.RemoteDesktop
XDP: org.freedesktop.portal.Desktop acquired
XDP: Running: snap routine portal-info 758029
XDP: Read org.freedesktop.appearance color-scheme
XDP: webextensions session owned by ':1.1830' created

A diff of the two logs shows

ben@optimus:~/tmp/xdg-desktop-portal$ diff -u xdg.log xdg-working.log 
--- xdg.log	2022-09-13 20:31:58.076901113 +0100
+++ xdg-working.log	2022-09-13 20:31:58.076901113 +0100
@@ -71,11 +71,6 @@
 XDP: Using kde.portal for org.freedesktop.impl.portal.RemoteDesktop in KDE
 XDP: providing portal org.freedesktop.portal.RemoteDesktop
 XDP: org.freedesktop.portal.Desktop acquired
-XDP: Assigning app ID "" to pid 756333 which has unit "app-firefox_firefox-5dcff4c2195f41a88a704e57462cf14c.scope"
+XDP: Running: snap routine portal-info 758029
 XDP: Read org.freedesktop.appearance color-scheme
-XDP: webextensions session owned by ':1.1798' created
-XDP: No permissions stored for: webextensions org.keepassxc.keepassxc_browser, app 
-
-(/usr/libexec/xdg-desktop-portal:756316): GLib-GIO-CRITICAL **: 20:27:04.443: g_app_info_get_id: assertion 'G_IS_APP_INFO (appinfo)' failed
-
-(/usr/libexec/xdg-desktop-portal:756316): GLib-CRITICAL **: 20:27:04.443: g_strsplit: assertion 'string != NULL' failed
+XDP: webextensions session owned by ':1.1830' created
2 Likes

Hey @oSoMoN

I’ve now got to the bottom of my issues. Believe it or not, the cause of it looks to be Zoom.

I won’t go into too much depth on false paths here - but I traced out the call chain for working/nonworking with auditd, compared environments etc etc and found nothing.

If you disable the Keepassxc extension and launch Firefox from the K-Menu xdg-desktop-portal launches as it should, but segfaults as soon as you re-enable the extension.

By chance, I was re-checking this whilst on a zoom call and zoom crashed out at the exact moment I re-enabled the KeepassXC extension.

I’ve had issues in the past with Zoom causing weird breakage - my terminal emulator (Terminator) started behaving weird a while back, which I ultimately tracked down to ibus (a Zoom dependency).

Installing Zoom on my working laptop didn’t break it, but updating Zoom on my not-working laptop (from 5.7.31792.0820 to 5.11.10.4400) did fix the Keepassxc extension.

I’ve killed and re-opened Firefox multiple times to be sure, and where comms with Keepass was consistently broken before, it now consistently works.

There’s nothing immediately obvious on their changelog about it (turns out I was running quite an old version), but I guess it has something to do with the way that Zoom hooks into the environment.

That’s an impressive piece of investigation, well done @btasker!

So if I understand correctly, an outdated zoom client was interfering with the portal, making it crash, and that’s the reason why the firefox snap wouldn’t manage to communicate with keepassxc through the WebExtensions portal. Are you using zoom installed as a deb, or the snap?

2 Likes

So if I understand correctly, an outdated zoom client was interfering with the portal, making it crash,

Exactly correct - the crash would only occur when the Keepass extension tried to communicate, I’ve not figured out exactly why as I didn’t fancy delving into Zoom’s inner workings.

Are you using zoom installed as a deb, or the snap?

It’s installed as a .deb - I’ll likely move to the snap now though so it doesn’t end up getting so far out of date again.

KeePassXC is working!!!

I enabled parallel installs via
sudo snap set system experimental.parallel-instances=true

I installed firefox beta in parallel via
sudo snap install --beta --unaliased firefox_beta

I enabled flatpak permissions via
flatpak permission-set webextensions org.keepassxc.keepassxc_browser snap.firefox_beta yes

Started firefox beta via
snap run firefox_beta

And KeePassXC browser extension just worked!

4 Likes

Late reply as I haven’t been using Linux much recently:

Table Object App Permissions Data
webextensions org.keepassxc.keepassxc_browser snap.firefox no 0x00

That command worked for me. KeePassXC now works. Updated output is below:

Table         Object                          App          Permissions Data
webextensions org.keepassxc.keepassxc_browser snap.firefox yes         0x00

After trying these commands:

sudo apt install flatpak
flatpak permission-set webextensions org.keepassxc.keepassxc_browser snap.firefox yes

the extension in firefox still does not work.
I don’t really understand enough about snap except that it keeps causing me difficulties time and time again. I do not know how to proceed. Do I need to wait for updates or should I try migrating my firefox back to a normal version?

The keepassxc-snap-helper.sh script also tells me “Sorry, browsers installed as snaps are not supported at this time”.

Edit - I’ll try this https://www.omgubuntu.co.uk/2022/07/ubuntu-devs-fix-another-frustrating-firefox-snap-flaw
Update: still nope when using firefox beta 106.0b4-1

Edit2:
I never ever get any popup asking me anything. These instructions do not hold: https://www.bentasker.co.uk/posts/blog/general/enabling-nativemessaging-for-keepassxc-on-ubuntus-snap-firefox.html

When I disable all extensions but keepassxc I still get:

[Parent 11301: Main Thread]: D/NativeMessagingPortal will be used
[Parent 11301: Main Thread]: D/NativeMessagingPortal is available
[Parent 11301: Main Thread]: D/NativeMessagingPortal creating session with handle suffix firefox_org_keepassxc_keepassxc_browser_2300902597
[Parent 11301: Main Thread]: D/NativeMessagingPortal session created with handle /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597
[Parent 11301: Main Thread]: D/NativeMessagingPortal starting org.keepassxc.keepassxc_browser, requested by keepassxc-browser@keepassxc.org in session /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597
[Parent 11301: Main Thread]: D/NativeMessagingPortal native application start requested in session /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597, pending response for /org/freedesktop/portal/desktop/request/1_166/firefox/1199416126
[Parent 11301: Main Thread]: D/NativeMessagingPortal got response signal for /org/freedesktop/portal/desktop/request/1_166/firefox/1199416126 in session /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597
[Parent 11301: Main Thread]: D/NativeMessagingPortal native application start failed in session /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597
[Parent 11301: Main Thread]: D/NativeMessagingPortal session /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597 was closed by the portal
[Parent 11301: Main Thread]: D/NativeMessagingPortal cannot close session /org/freedesktop/portal/desktop/session/1_166/firefox_org_keepassxc_keepassxc_browser_2300902597, unknown handle

even when using firefox snap beta.

I even tried manually creating the file snap/firefox/common/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json and watching the debug output for the extension, but nothing changes. It doesn’t work… and what really frustrates me about this is how opaque everything is when using snaps… I just can’t figure out where something is failing! :frowning:

Can you please share the output of the following commands?

cat ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

and

flatpak permissions webextensions
1 Like

Well, it’s not in .moxilla, but in the snap directory:

$ cat ./snap/firefox/common/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json 
{
    "name": "org.keepassxc.keepassxc_browser",
    "description": "KeePassXC integration with native messaging support",
    "path": "/snap/bin/keepassxc.proxy",
    "type": "stdio",
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ]
}

and

$ flatpak permissions webextensions 
Table         Object                          App          Permissions Data
webextensions org.keepassxc.keepassxc_browser snap.firefox yes         0x00
webextensions org.gnome.chrome_gnome_shell    snap.firefox yes         0x00