Firefox Snap & KeePassXC AppImage does not work with Ubuntu

[HDInfautre]

hello
I have set up Keepass correctly according to https://keepassxc.org/docs/KeePassXC_GettingStarted.html#_setup_browser_integration

Everything works fine with brave.
It does not work with Firefox 108.2

I removed (then reinstalled) the browser addon and re-run the keepassxc-snap-helper.sh script then re-run the browsers.

When I click on the KeepassXC icon, nothing happens
No databases connected in the browser settings page
the KeepassXC database is open and has the focus

Debug info

Capture d’écran du 2023-01-18 12-44-37
I don't see the little green button next to the input.
KeePassXC appImage- 2.7.4
KeePassXC-Browser - 1.8.4
Operating system:Ubuntu 22.10
Browser: Firefox 109 nOK !! - Brave Version 1.46.153 : Ok

[varjolintu]

Probably duplicate of: #1426. Check your Snap stuff.

[HDInfautre]

Hi
Thank you for your quick response
I forgot to say that last week I managed to get it to work several times. I didn't make any changes.
However, I see that Firefox is now 109 after my re-launch
Could this be a new problem with KeePassXC - Version 2.7.4 AppImage

[HDInfautre]

Hi
Ok no worries about coming back here if you read.
Did you understand that it worked for a few days and that the only change comes after the change from 108.2 to 109
That's why I think it's the same problem (and therefore not a spam), it's the 1st time I don't even see the keepass icon next to the input fields
If not, please tell me what I should do precisely? or wait for a new version for Firefox 109?

[varjolintu]

I don't know the details here. Is the Firefox installed as Snap (it's default in Ubuntu). Ubuntu just recently fixed Native Messaging (the API that the extension uses for message transferring) for Snap Firefox, so they've probably broken it?

Things you can try:

• Read the issue thread I linked earlier and see if it helps
• Read https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide
• Uninstall Snap Firefox and just use the PPA version

[HDInfautre]

I have re-read the thread, but I don't see anything helpful or too technical.
I had the same problem as some in previous years when deleting snap. i feel like keeping it.
Here is the feedback
If I understand correctly, this would be an ubuntu problem?
Can't you do anything?

I have re-read the thread, but I don't see anything helpful or too technical.
I had the same problem as some in previous years when deleting snap. i feel like keeping it.
Here is the feedback:

flatpak permissions webextensions
Table         Object                          App          Permissions Data
webextensions org.keepassxc.keepassxc_browser snap.firefox yes         0x00
webextensions mozillavpn                      snap.firefox yes         0x00

It looks good to me.

[varjolintu]

If the connection just broke when Ubuntu updates its Firefox, it's very probable that it's Snap's fault. Can you try to downgrade?

[HDInfautre]

HI
I think I understood. I've tried a lot of different configurations.
The only one that works on ubuntu 22.10 is Firefox (snap) with KeepassXC (snap)!

I'd like to run Firefox (snap) with KeepassXC (appimage) to have a portable version on a key!
I hope this helps to solve !?

Yes I can make suggestions, I have another one ;-)

[varjolintu]

Does the Native Messaging scripts in Snap Firefox point to your AppImage?

[HDInfautre]

Hi
I don't know, I'm not a ubuntu geek.
For clarification (which may block).
I had seen, with another person here a long time ago, putting the configuration in xxx.home to make a portable application (see picture)
Can you tell me the simple check/change to do on this system?

[HDInfautre]

Hi
It works with firefox/snap and keepassxc/snap
But, I would prefer keepassxc/ appImage
Were you able to reproduce the problem with an appImage?
Or if so is it possible to fix?

[HDInfautre]

Hi
This morning, after a week of correct operation, it is again impossible to connect keepassbrowser (firefox v109) with keepassXC. the computer was switched off at the weekend.
I have restarted the keepassxc-snap-helper.sh program without success.
Would you mind reopening the ticket?
Do you have a simple test to move you towards a solution?

[varjolintu]

The Snap helper script only helps if you are using KeePassXC as a Snap. I'll have to test this myself when I have the time.

[HDInfautre]

Ok I'm waiting and hoping for a more stable version under Ubuntu 22.10 for firefox/snap + keepassXC/snap
Thanks for looking at firefox/snap + keepassXC/appimage as I loved this possibility to have a portable version of keepassXC?
but can you reopen this ticket for public follow up?
Thank you
regards

[varjolintu]

I can, with a modified topic. But if this is clearly a Firefox Snap issue, there's nothing we can do about it.

[varjolintu]

Both KeePassXC Flatpak and Appimage are having the same problem with Firefox Snap: The browser is trying to start the keepassxc process inside the image instead of keepassxc-proxy. So maybe the Firefox Snap is starting something differently with Native Messaging and KeePassXC cannot identify if the process is trying to start the proxy or the main application.

[HDInfautre]

Hello
Thank you for trying.
I had already followed the many messages about the container aspect (appimage) and the difficulty of "messaging" :-(
I thought some progress had been made.
I guess you couldn't do much about it.
Nevertheless, have you reported this to the responsible developers? ubuntu? what are the perspectives?

[benbucksch]

Possible solutions, to fix this:

• Let KeyPassXC (Linux app, with user permissions) modify the AppArmor rules to allow the connection
• Work with Ubuntu Firefox snaps maintainer to allow the connection
• In the meantime: Instead of an error message in the addon, detect the problem and show clear instructions what the user should do. (This is not a fix for this bug, but only a hotfix, a temporary workaround until it's fixed properly.)

[droidmonkey]

Let KeyPassXC (Linux app, with user permissions) modify the AppArmor rules to allow the connection

This would be a HUGE security vulnerability.

Work with Ubuntu Firefox snaps maintainer to allow the connection

That just isn't possible

[benbucksch]

isn't possible

Care to elaborate? Are the Ubuntu Firefox snap maintainers not reachable? It is technically impossible? (I doubt that.)

Instead of an error message in the addon, detect the problem and show clear instructions what the user should do

You can definitely do that, and that would be the very minimum to do.

Have you considered using other communication mechanisms between addon and app?

As is, it looks like a bug in KeePass addon to the end user.

[fossil-free]

firefox snap and keepassxc worked for me in Ubuntu 22.04 after initialising webextensions.
Addon integration broke now when upgrading to 24.04. "Last connection" to the database by keepassxc-browser was five days ago, hence before my OS upgrade. Therefore #2370 doesn't seem like a duplicate to me - may those be different issues? Maybe some path for webextensions changed?

--
Firefox 133.0b2 64bit
Firefox snap for Ubuntu canonical-002 - 1.0

KeePassXC-Browser - 1.9.4

KeePassXC - Version 2.7.9
Revision: 8f6dd13
Qt 5.15.13
OS: Ubuntu 24.04.1 LTS
CPU architecture: x86_64
kernel: linux 6.8.0-48-generic

Activated extensions:

• Auto-Type
• Browser-Integration
• Passkeys
• SSH-Agent
• KeeShare
• YubiKey
• Secret-Service-Integration

Kryptographische Bibliotheken:

• Botan 2.19.3

[varjolintu]

@fossil-free This is probably purely Ubuntu/Snap issue.

[fossil-free]

Firefox snap's console is giving following error when trying to connect to the keepassxc database by pushing the respective buttons:

File at path "/usr/bin/keepassxc-proxy" does not exist, or is not executable 2 Subprocess.sys.mjs:141:21
    call resource://gre/modules/Subprocess.sys.mjs:141

keepassxc-proxy is existent though, and also flagged as executable. Might the file permissions make a difference here? Though root:root seems legit to me for bin files.

Firefox addon shows key exchange not successful.

Meanwhile MOZ_LOG=NativeMessagingPortal:5 snap run firefox returns with every button push:
D/NativeMessagingPortal will not be used

sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass does not return any result.

keepassxc-proxy shows no communication with firefox:

ps aux | grep keepassxc
[user]    291734  0.0  0.0 146124 14848 ?        Sl   11:08   0:00 /usr/bin/keepassxc-proxy
[user]    297690  0.4  0.5 1706132 183120 ?      SLl  11:39   0:05 /usr/bin/keepassxc

sudo strace -f -yy -e read,write -s 1000000 -p 291734
strace: Process 291734 attached with 2 threads
[pid 291735] read(0<pipe:[2046359]>,

The configuration path in keepassxc settings > broswer integration > advanced correctly (?) points to my current snap:
~/snap/firefox/common/.mozilla/firefox/n80h6q6h.default/native-messaging-hosts/

App Armor is not denying traffic.
All other extensions have been temporarily disabled with no effect.
flatpak permissions webextensions is correctly initialized via terminal:
webextensions org.keepassxc.keepassxc_browser snap.firefox yes 0x00

To me it does seem like a keepassxc-proxy connection problem.
Any ideas how to fix it?
Should I file a new bug since no AppImage is involved here?

(Besides, I am somewhat confused by the existence of the apt package webext-keepassxc-browser found in the docs. Installing it didn't make any difference though. Why does it exist in parallel to the firefox and chromium addons?)

[droidmonkey]

This is 100% on the Firefox Snap, please file a bug with them.

flatpak permissions webextensions is correctly initialized via terminal:

Flatpak and snap are completely different.

You should also not be configuring an advanced custom browser. Just check the Firefox checkbox. The snap Firefox (is supposed to) look in the ~/.mozilla directory for the native messaging. By placing the config inside the snap directory, Firefox may be trying to find the keepassxc proxy from within the sandbox which it obviously won't find.

[fossil-free]

I filed a mozilla bug now, thanks for pointing me there:
https://bugzilla.mozilla.org/show_bug.cgi?id=1930119

As far as I can recall, the snap profile configuration folder was actually set automatically to the snap directory (I just checked it via the advanced tab; if not, it has been working for over a year now with the snap profile). I now tried the ~/.mozilla directory as well and will keep it in mind checking both options.

In the keepassxc-browser troubleshooting guide the flatpak permission point is mentioned as necessary in 5) Ubuntu snap... and indeed this had been necessary for me to get keepassxc-browser working in Ubuntu 22.04.

[fossil-free]

The firefox bug exists in snap firefox 133 + 134.

It can be solved by this workaround until the patch goes live in 135 or so:

1. visit about:config in the URL bar
2. search for "widget.use-xdg-desktop-portal.native-messaging" and set it from "0" to "2"

My keepass works flawlessly again with this hotfix.

[droidmonkey]

Firefox 133.0b2 64bit

This is the beta channel for Firefox, the current stable release for snap is 132.0.1-2. I also saw the bug in 132. Either way, this is disheartening to say the least.