-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snap: Improve Web-browser Native Messaging host functionality #10906
Snap: Improve Web-browser Native Messaging host functionality #10906
Conversation
PR marked as a draft as due Snap Store policy, being able to distribute KeepassXC will require a one time review that could take up to 2 weeks. We would like to minimize the time between acquiring permission from the Snap Store and actually building/uploading any snaps with this functionality as otherwise doing so will keep triggering the review process and deny uploads. Ideally, the store would agree for this to be autoconnected as it enables major functionality in the app and the permissions required to do so are very specific and within reasonable users expectations. |
This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files. Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions. This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc. For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps. e.g., `sudo ln -s /var/lib/snapd/snap /snap`
fd5bbcb
to
a7849e4
Compare
Request for |
This looks excellent! Haven't tested it yet though. |
Decrease privileges on TBB Native Hosts folder to just the KeepassXC manifest
* Snap: Improve Web-browser Native Messaging host functionality This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files. Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions. This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc. For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps. e.g., `sudo ln -s /var/lib/snapd/snap /snap` --------- Co-authored-by: Jonathan White <[email protected]>
Release 2.7.9 * Passkeys: Ability to easily remove a passkey from an entry [keepassxreboot#10777] * Snap: Use new desktop portal for native messaging integration [keepassxreboot#10906] * Improve entry placeholder/reference feature [keepassxreboot#10846] * Improve CSV importing when title field isn't specified [keepassxreboot#10843] * Improve encrypted Bitwarden importing [keepassxreboot#10800] * Improve database settings UX [keepassxreboot#10821] * Improve handling of clipboard actions from entry preview [keepassxreboot#10810] * Improve group/entry view resize behavior and set sensible defaults [keepassxreboot#10641] * Passkeys: Fix incorrect username fill [keepassxreboot#10874] * Passkeys: Return additional data to the extension [keepassxreboot#10857] * Fix password clear timer inconsistency on unlock view [keepassxreboot#10708] * Fix portability check [keepassxreboot#10760] * Fix page overflow on HTML exports [keepassxreboot#10735] * Fix broken builds when using system provided zxcvbn [keepassxreboot#10717] * Fix copy password button when text is selected [keepassxreboot#10853] * Fix tab ordering on application settings pages [keepassxreboot#10907] * SSH Agent: Fix broken decrypt button [keepassxreboot#10638] * Windows: Fix ALT Auto-Type modifier [keepassxreboot#10795] * Windows: Fix wrong DACL memory size allocation [keepassxreboot#10712] * macOS: Fix monospace font sizing [keepassxreboot#10739] * Flatpak: Fix configuration settings off-by-one error [keepassxreboot#10688] * BSD: Fix compiling with libusb implementation [keepassxreboot#10736] # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEENIkEDB8MPuq41ValRA/GXy4MbgEFAmZzTogACgkQRA/GXy4M # bgHahggAg+hzMTiM0uDaw5yfxhv6GEfQQBPHMhX3JDyHEC+i7Pq6OjlxQkdUrRdu # f4w74od5jSul0Al/ehu9L2eZwNPMnU87FWDn16o1btYHsG9n24v5S0DuQoLXUjde # Y9nJNKeRNoWAlVKWbUG2YGvy9hF9YbtrFaiBksaQ+g3w8Xz82PzLY0VaUu4Xa/LO # RXAhryJC+8T3T479dXpHxJcUmEWkoY4bqj1i6R8tEK5Kz9y1c0kqzqwWysKMj+rD # WxTb2V4y9s57pO35zt9yxMLg66xx9bdcQHbSULa2vZNMFd9qdqk8WJmWFle112yG # UCBXv2ZIjd3lghPt0IrD+WKcuL85Aw== # =rbfs # -----END PGP SIGNATURE----- # gpg: directory '/home/runner/.gnupg' created # gpg: keybox '/home/runner/.gnupg/pubring.kbx' created # gpg: Signature made Wed Jun 19 21:32:56 2024 UTC # gpg: using RSA key 3489040C1F0C3EEAB8D556A5440FC65F2E0C6E01 # gpg: Can't check signature: No public key
…sxreboot#10906) * Snap: Improve Web-browser Native Messaging host functionality This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files. Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run `sudo snap connect keepassxc:browser-native-messaging` to grant permissions. This will work on all distributions that expose `/snap/bin/` - such as Ubuntu, Debian, etc. For systems which don't provide `/snap/`, such as Fedora, follow instructions for enabling "Classic" snaps. e.g., `sudo ln -s /var/lib/snapd/snap /snap` --------- Co-authored-by: Jonathan White <[email protected]>
Release 2.7.9 * Passkeys: Ability to easily remove a passkey from an entry [keepassxreboot#10777] * Snap: Use new desktop portal for native messaging integration [keepassxreboot#10906] * Improve entry placeholder/reference feature [keepassxreboot#10846] * Improve CSV importing when title field isn't specified [keepassxreboot#10843] * Improve encrypted Bitwarden importing [keepassxreboot#10800] * Improve database settings UX [keepassxreboot#10821] * Improve handling of clipboard actions from entry preview [keepassxreboot#10810] * Improve group/entry view resize behavior and set sensible defaults [keepassxreboot#10641] * Passkeys: Fix incorrect username fill [keepassxreboot#10874] * Passkeys: Return additional data to the extension [keepassxreboot#10857] * Fix password clear timer inconsistency on unlock view [keepassxreboot#10708] * Fix portability check [keepassxreboot#10760] * Fix page overflow on HTML exports [keepassxreboot#10735] * Fix broken builds when using system provided zxcvbn [keepassxreboot#10717] * Fix copy password button when text is selected [keepassxreboot#10853] * Fix tab ordering on application settings pages [keepassxreboot#10907] * SSH Agent: Fix broken decrypt button [keepassxreboot#10638] * Windows: Fix ALT Auto-Type modifier [keepassxreboot#10795] * Windows: Fix wrong DACL memory size allocation [keepassxreboot#10712] * macOS: Fix monospace font sizing [keepassxreboot#10739] * Flatpak: Fix configuration settings off-by-one error [keepassxreboot#10688] * BSD: Fix compiling with libusb implementation [keepassxreboot#10736]
This commit allows for the snap distribution of KeepassXC to self-manage native messaging manifests This is done by making the binary aware of the snapd environment changes that currently prevent this. Furthermore, the snap sandbox is expanded to the bare minimum needed to access these privileged files.
Please note if running a self-compiled / untrusted KeepassXC snap build (I.E, installed with --dangerous) that you must manually run
sudo snap connect keepassxc:browser-native-messaging
to grant permissions.This will work on all distributions that expose
/snap/bin/
- such as Ubuntu, Debian, etc. For systems which don't provide/snap/
, such as Fedora, follow instructions for enabling "Classic" snaps. e.g.,sudo ln -s /var/lib/snapd/snap /snap
Describe your changes in detail, why is this change required?
Currently, if users install KeepassXC as a snap, the "Browser Integration" interface will instruct them to use an external script to set up the Native Messaging hosts. This is a poor user experience as it's a snap specific requirement, and also because it prevents KeepassXC being able clean up the host files (the user cannot "untick" and press ok on any browser).
This helps remove user friction by making things "just work" without compromising in security in any manner, the sandbox is expanded purely to accommodate the exact files required, and all existing certificate checks on the app & extensions themselves, the authentication process, etc, all remain as standard.
Explain large or complex code modifications.
Ultimately, this mirrors the workarounds used for the Flatpak build, the app needs to actively consider that the $HOME path it is presented with is not the real value on the host. By doing so, the files are instead exposed where they need to be to enable other programs to use them.
Whilst this will reduce bug reports and user problems significantly, it's not a magic bullet. There's 2 elements that come into play with compatibility.
Ultimately, most Snap users are Ubuntu users, so considering population demographics, this should still improve the majority of typical use cases.
/bin/snap/keepassxc.proxy
, this isn't guaranteed to exist at that location. E.G., on Fedora, users would have to runsudo ln -s /var/lib/snapd/snap /snap
, this follows the same semantics as enabling "Classic Snaps" support. This can be done before or after installation of KeepassXC, and KeepassXC itself is still operating under Strict confinement.Again, considering user demographics, I'd imagine most other distributions use the AppImage, Flatpak, or distro repo versions before considering snap, meaning this shouldn't be a common occurrence relatively.
Screenshots
N/A
Testing strategy
sudo snap connect keepassxc:browser-native-messaging
is run, as will be required on any untrusted builds not published from the Snap Store.Test Environment, Ubuntu 24.04
Firefox Snap + KeepassXC snap: ✅
Firefox native + KeepassXC snap: ✅
Chromium Snap + KeepassXC Snap: ✅
Google-Chrome native + KeepassXC snap: ✅
Brave Snap + KeepassXC Snap: Failure as Brave has not adopted the XDG Desktop Portal patches, no regression in this patch.
Brave native + KeepassXC Snap: ✅
Type of change