2334647 – Browser integration fails: must expose the Flatpak wrapper binary

Bug 2334647 - Browser integration fails: must expose the Flatpak wrapper binary

Summary: Browser integration fails: must expose the Flatpak wrapper binary

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	keepassxc
Sub Component:
Version:	41
Hardware:	aarch64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Yaakov Selkowitz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2334705 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-28 05:08 UTC by Emi Matchu
Modified:	2025-01-03 01:36 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2025-01-03 01:36:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Fedora Package Sources	keepassxc pull-request 14	0	None	None	None	2024-12-29 03:49:59 UTC

Description Emi Matchu 2024-12-28 05:08:41 UTC

When using Fedora's Flatpak distribution of KeePassXC, the KeePassXC browser extensions fail to connect to KeePassXC, and instead force the KeePassXC window to open at seemingly random times.

This is because browsers need to run the `keepassxc-proxy` command, but Flatpaks only allow for a single binary entry point. To work around this, KeePassXC offers a `utils/keepassxc-flatpak-wrapper.sh` script that is designed to be used as the entry point for Flatpaks, which chooses whether to run `keepassxc` or `keepassxc-proxy`, depending on the command line arguments. Then, KeePassXC internally detects that it's running in a Flatpak, and configures the browser extension to call the main Flatpak entry point, assuming that this will run its `utils/keepassxc-flatpak-wrapper.sh` command.

But Fedora's distribution of KeePassXC just points to the main application binary `keepassxc` as the entry point, and does not expose `keepassxc-proxy`. So, the browser extensions run that, and it just does the same thing as if I clicked "KeePassXC" in the Applications menu, instead of silently connecting to the KeePassXC instance as intended.

In Flathub's distribution of KeePassXC, `utils/keepassxc-flatpak-wrapper.sh` is specified as the entry point, and browser integration works correctly.

Reproducible: Always

Steps to Reproduce:
1. In the KeePassXC settings, enable browser integration for Firefox.
2. Install the KeePassXC browser extension for Firefox.
Actual Results:
The browser extension shows a red X badge on the extension button in the toolbar. Clicking the extension button shows an error message explaining that the connection failed, and offering a button to reconnect. Clicking the reconnect button says "Key exchange failed."

Additionally, opening the browser or switching back and forth between browser windows will sometimes cause the main KeepassXC window to open into the foreground.

Expected Results:
The browser extension should automatically connect to KeePassXC, and be able to autofill forms.

Comment 1 Mikel Olasagasti Uranga 2024-12-28 22:42:33 UTC

*** Bug 2334705 has been marked as a duplicate of this bug. ***

Comment 2 Mikel Olasagasti Uranga 2024-12-28 22:43:54 UTC

Assigning to Yaakov as he is the creator of the Fedora flatpak package as per https://src.fedoraproject.org/flatpaks/keepassxc

@Yaakov can you add a README file in the repo specifying how and/or where to report issues?

Comment 3 Yaakov Selkowitz 2024-12-29 03:50:00 UTC

This will require modifications to both the spec file and container.yaml; PR filed for the former.

Comment 4 Germano Massullo 2024-12-29 22:38:28 UTC

(In reply to Yaakov Selkowitz from comment #3)
> This will require modifications to both the spec file and container.yaml; PR
> filed for the former.

PR merged. I am still puzzled by the choice of installing a flatpak over a well integrated Fedora rpm package

Comment 5 Emi Matchu 2024-12-29 22:57:02 UTC

Personally, my rationale for preferring Flatpaks by default is that I appreciate the ability to explicitly grant and deny permissions.

Even when I reasonably trust the authors and repository maintainers, it makes more sense to me to explicitly choose the permissions an application should have—and accept the additional maintenance burden—rather than grant it full access to my user account in exchange for the guarantee that it runs smoothly the first time.

That said, I can't speak to whether it's worth the Fedora project's time to maintain this package when there are alternatives available! I trust your team's judgment on this, and if you feel it's not worth the maintenance effort, that's a choice that I as a user would absolutely respect.

Thank you for taking the time to fix this issue!

Comment 6 Fedora Update System 2024-12-30 02:06:42 UTC

FEDORA-FLATPAK-2024-e14ea95284 (keepassxc-flatpak-2.7.9-5) has been submitted as an update to Fedora 41 Flatpaks.
https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-e14ea95284

Comment 7 Fedora Update System 2024-12-31 03:30:41 UTC

FEDORA-FLATPAK-2024-e14ea95284 has been pushed to the Fedora 41 Flatpaks testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-e14ea95284

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2025-01-03 01:36:40 UTC

FEDORA-FLATPAK-2024-e14ea95284 (keepassxc-flatpak-2.7.9-5) has been pushed to the Fedora 41 Flatpaks stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.