Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Firefox flatpak #93

Open
bersace opened this issue Apr 29, 2020 · 9 comments
Open

Support Firefox flatpak #93

bersace opened this issue Apr 29, 2020 · 9 comments

Comments

@bersace
Copy link

bersace commented Apr 29, 2020

General information

  • Operating system + version: Debian GNU/Linux 10 (buster)
  • Browser + version: Firefox 76.0b3, mozilla-flatpak-1.0
  • Information about the host app:
    • How did you install it?
      I didn't found instruction on how to install host app for flatpak FF.
    • If installed an official release, put a version ($ browserpass --version): X
    • If built from sources, put a commit id ($ git describe --always): X
  • Information about the browser extension:
    • How did you install it? From marketplace.
    • Browserpass extension version as reported by your browser: 3.4.1

If you are getting an error immediately after opening popup, have you followed the Configure browsers documentation section?

I don't know how to configure FF in flatpak


Exact steps to reproduce the problem

  1. Install Firefox from https://flathub.org/apps/details/org.mozilla.firefox

  2. Install Browserpass-extension from https://addons.mozilla.org/fr/firefox/search/?q=browserpass&platform=Linux

  3. Search documentation for flatpak :-)

What should happen?

I suggest that browserpass-native supports FF flatpak. This is similar to #82

What happened instead?

I had to use FF outside flatpak (from tar.gz). It's awesome. I just wanted to use Flatpak for security and convenience.

Great work anyway. How to support you ? Could you add a Paypal money pool ?

@maximbaz
Copy link
Member

Hey! Yeah it's very similar to #82, we can keep this one open as well, but I'm afraid there is not much we can do from our side...

Quick googling showed a few similar unsolved requests:

As far as I understand from the threads, even if you can get the native host somehow inside the flatpak sandbox, browserpass will still not have access to the "outside", e.g. to ~/.password-store...

Let's see... I have a feeling that there will be a solution to this soon, because afaik in new Ubuntu they use sandboxed Chromium by default now, so many people will be affected.

Great work anyway. How to support you ? Could you add a Paypal money pool ?

Thank you! We didn't plan any monetization on the project, I'm just happy that many people find it useful and take the time to secure their internet browsing!

Setting up PayPal would probably be an overkill... I did setup a GitHub sponsors page for fun once they announced it, if you really want you can maybe use that instead 😄 https://github.com/sponsors/maximbaz

But keep in mind that this really is a community project, @erayd is another maintainer, and in general you can see many contributions from different folks!

@bersace
Copy link
Author

bersace commented Apr 29, 2020

I found this issue : https://bugzilla.mozilla.org/show_bug.cgi?id=1621763 which led to a feature request in xdg-desktop-portal flatpak/xdg-desktop-portal#283 .

But keep in mind that this really is a community project,

Yep, I wanted to thanks @erayd too.

@bersace
Copy link
Author

bersace commented Apr 29, 2020

I'll try the workaround.

@fourstepper
Copy link

fourstepper commented Jun 22, 2021

@bersace have you figured out how to work around this?

From my understanding, you would have to get the native messaging host into the flatpak and then somehow open the sandbox up for the app to be able to access ~/.password-store. Not sure if I am missing something though

@bersace
Copy link
Author

bersace commented Jun 23, 2021

@fourstepper nope. I gave up using browser pass in flatpack and falled back to system installation.

@bkaczynski
Copy link

bkaczynski commented Apr 8, 2023

Hi, flatpak provides utility called flatpak-spawn [1]. I thought that using it with combination of --host flag resolve this problem but unfortunately it's not.

Tested with Firefox on flatpak by editing:

{
    "name": "com.github.browserpass.native",
    "description": "Browserpass native component for the Firefox extension",
    "path": "/usr/bin/flatpak-spawn --host browserpass",  // tested also with "/usr/bin/flatpak-spawn --host /usr/bin/browserpass"
    "type": "stdio",
    "allowed_extensions": ["[email protected]"]
}

[1] https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-spawn

@xundeenergie
Copy link

Hi, flatpak provides utility called flatpak-spawn [1]. I thought that using it with combination of --host flag resolve this problem but unfortunately it's not.

Tested with Firefox on flatpak by editing:

{
    "name": "com.github.browserpass.native",
    "description": "Browserpass native component for the Firefox extension",
    "path": "/usr/bin/flatpak-spawn --host browserpass",  // tested also with "/usr/bin/flatpak-spawn --host /usr/bin/browserpass"
    "type": "stdio",
    "allowed_extensions": ["[email protected]"]
}

[1] https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-spawn

where or how do i do this?

@yvay
Copy link

yvay commented Jul 22, 2023

I was able to find a workaround by applying @bkaczynski's suggestion with some changes.

  • The first thing you need to do is find your browser's config directory. In my case the directory is located at /home/yyyyyy/.var/app/org.mozilla.firefox/.mozilla which is mounted as /home/yyyyyy/.mozilla inside Flatpak. This will be different depending on your browser and installation.
  • Using the Flatseal program, check "D-Bus session bus" for Mozilla Firefox (or whatever browser you're using).
  • Add a script with the following content somewhere under your browser's config directory and mark it as executable. I used /home/yyyyyy/.var/app/org.mozilla.firefox/.mozilla/bin/browserpass.sh:
#!/bin/sh
cd ~
/usr/bin/flatpak-spawn --host /usr/bin/browserpass
  • Create the file native/messaging-hosts/com.github.browserpass.native.json and modify it to run the previous script instead of /usr/bin/browserpass directly. In my install the file must be located at /home/yyyyyy/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.github.browserpass.native.json:
{
    "name": "com.github.browserpass.native",
    "description": "Browserpass native component for the Firefox extension",
    "path": "/home/yyyyyy/.mozilla/bin/browserpass.sh",
    "type": "stdio",
    "allowed_extensions": ["[email protected]"]
}
  • Install the browser extension if you haven't already done so.

If it doesn't work you can append 2>/tmp/error.log to the flatpak-spawn command and navigate to file:///tmp/error.log from the browser to see what the error message is. Happy to help if you find any issues.

@doitian
Copy link

doitian commented Aug 12, 2023

FYI, my steps to setup Edge.

The essential step is adding flatpak overrides to share folders to the sandbox. I install browserpass to "$HOME/opt", and put the password store in "$HOME/.password-store"

First install browserpass:

make BIN=browserpass-XXXX PREFIX=$HOME/opt configure
make BIN=browserpass-XXXX PREFIX=$HOME/opt install
make BIN=browserpass-XXXX PREFIX=$HOME/opt hosts-edge-user

Copy the native messaging hosts config file to the flatpak app config dir:

cp "$(realpath ~/.config/microsoft-edge/NativeMessagingHosts/com.github.browserpass.native.json)" ~/.var/app/com.microsoft.Edge/config/microsoft-edge/NativeMessagingHosts/

Share ~/opt and ~/.password-store to the app

flatpak override --user --filesystem=home/opt:ro com.microsoft.Edge
flatpak override --user --filesystem=home/.password-store:ro com.microsoft.Edge

Also share gpg config and run dir

flatpak override --user --filesystem=home/.gnupg:ro com.microsoft.Edge
flatpak override --user --filesystem=xdg-run/gnupg:ro com.microsoft.Edge 

The last, close Edge, kill the instances, then restart the app.

flatpak kill com.microsoft.Edge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

7 participants