FWIW I figured out how to get a password manager (Browserpass, not KeePassXC) to communicate with flatpak Chrome if you want some advice on how to get it to work.
But yes, it was way more difficult than it should have been (which is “should work out of the box, just like a regular package”). So if you’re just listing some of the shortcomings of flatpak, never mind.
Keep an eye out, I’ll come back to this. It involves posting config file diffs and a script I wrote, it’ll be a longer post I don’t have the time to write right at this moment.
But yes, the fact that I need to find the time to post all the changes I needed to make to get this to work is part of the problem here.
I don’t remember how much I used each one, but eventually I pieced together enough information information to get the Browserpass extension working in the Google Chrome flatpak. But three of those links are KeePassXC, which should be useful for adapting this for your use.
The main file that was having problems was the Browserpass Native Messaging Hosts file in my config directory for the Chrome flatpak, ~/.var/app/com.google.Chrome/config/google-chrome/NativeMessagingHosts/com.github.browserpass.native.json. Originally it was a symlink to a file at /usr/lib/browserpass/hosts/chromium/com.github.browserpass.native.json:
{"name":"com.github.browserpass.native","description":"Browserpass native component for the Chromium extension","path":"/usr/bin/browserpass-linux64","type":"stdio","allowed_origins":["chrome-extension://naepdomgkenhinolocfifgehidddafch/"]}
The call to /usr/bin/browserpass-linux64 did not see to work for me, so I ended up making a copy of the file in the NativeMessagingHosts directory and modified it to point to a script in my home mount:
I don’t remember why I picked to do it inside the ~/.config directory, but it worked so I left it. And here is the script I put at ~/.config/browerpass/browserpass.sh:
I don’t remember how I came up with that script, it must be somewhere in the four links at the top.
Finally, I needed to use Flatseal to allow access to the script. In the Google Chrome settings, under “Filesystem->Other files”, I added an entry saying ~/.config/browserpass:ro. Also modified from the default in Flatseal, I have “Filesystem->All user files” enabled, along with “Socket->D-Bus session bus” and “Socket->D-Bus system bus”. I don’t know how necessary the last three are, but I’m not messing with it now that I have it working.
So, that’s what I did to get the Browserpass extension working in the Google Chrome flatpak. You’ll have to modify some things to get it working for KeePassXC, or for Firefox. But that general pattern should work.
FWIW I figured out how to get a password manager (Browserpass, not KeePassXC) to communicate with flatpak Chrome if you want some advice on how to get it to work.
But yes, it was way more difficult than it should have been (which is “should work out of the box, just like a regular package”). So if you’re just listing some of the shortcomings of flatpak, never mind.
Flatpak devs: “Let’s make a new portal!”
Point away!
Keep an eye out, I’ll come back to this. It involves posting config file diffs and a script I wrote, it’ll be a longer post I don’t have the time to write right at this moment.
But yes, the fact that I need to find the time to post all the changes I needed to make to get this to work is part of the problem here.
OK, so I looked though my browser history, and here are some relevant pages I found:
I don’t remember how much I used each one, but eventually I pieced together enough information information to get the Browserpass extension working in the Google Chrome flatpak. But three of those links are KeePassXC, which should be useful for adapting this for your use.
The main file that was having problems was the Browserpass Native Messaging Hosts file in my config directory for the Chrome flatpak,
~/.var/app/com.google.Chrome/config/google-chrome/NativeMessagingHosts/com.github.browserpass.native.json
. Originally it was a symlink to a file at/usr/lib/browserpass/hosts/chromium/com.github.browserpass.native.json
:{ "name": "com.github.browserpass.native", "description": "Browserpass native component for the Chromium extension", "path": "/usr/bin/browserpass-linux64", "type": "stdio", "allowed_origins": [ "chrome-extension://naepdomgkenhinolocfifgehidddafch/" ] }
The call to
/usr/bin/browserpass-linux64
did not see to work for me, so I ended up making a copy of the file in theNativeMessagingHosts
directory and modified it to point to a script in my home mount:wile_e8 NativeMessagingHosts $ diff com.github.browserpass.native.json.orig com.github.browserpass.native.json 4c4 < "path": "/usr/bin/browserpass-linux64", --- > "path": "/home/wile_e8/.config/browserpass/browserpass.sh",
I don’t remember why I picked to do it inside the
~/.config
directory, but it worked so I left it. And here is the script I put at~/.config/browerpass/browserpass.sh
:#!/bin/sh cd ~ /usr/bin/flatpak-spawn --host /usr/bin/browserpass-linux64 2>/tmp/error.log
I don’t remember how I came up with that script, it must be somewhere in the four links at the top.
Finally, I needed to use Flatseal to allow access to the script. In the Google Chrome settings, under “Filesystem->Other files”, I added an entry saying
~/.config/browserpass:ro
. Also modified from the default in Flatseal, I have “Filesystem->All user files” enabled, along with “Socket->D-Bus session bus” and “Socket->D-Bus system bus”. I don’t know how necessary the last three are, but I’m not messing with it now that I have it working.So, that’s what I did to get the Browserpass extension working in the Google Chrome flatpak. You’ll have to modify some things to get it working for KeePassXC, or for Firefox. But that general pattern should work.
Hmm I kind of tried that route before but haven’t gone so far. I’ll check it asap. Thanks!