Keepassxc-browser: Extension starts KeepassXC
Expected Behavior
When my browser starts, I don't want KeepassXC to be started if I didn't do it
Current Behavior
When my browser starts, KeepassXC starts with the last loaded db. So it may not be the db I use for internet logins...
Possible Solution
Just a setting to not start the app if it cannot connect to a db. I don't know how it manages to launch it, actually.
Debug info
KeePassXC - KeepassXC 2.3.3
KeePassXC-Browser Version: 1.2.0
Operating system: Linux Mint 19 with Cinnamon desktop
Browser: Opera 57 & Firefox 61.0.1
mat-m
All 16 comments
Please enable the checkbox Use a proxy application between KeePassXC and browser extension from the Browser Integration settings, Advanced tab. It should be enabled by default.
varjolintu
on 12 Sep 2018
It is already checked.
My process chain looks like this:
ββopera-developer,6418
β ββbwrap,6844 --args 17 command-wrapper.sh chrome-extension://azertyuiopqsdfghhhhhhjjkkkkmwxcc/
β β ββbwrap,6852 --args 17 command-wrapper.sh chrome-extension://azertyuiopqsdfghhhhhhjjkkkkmwxcc/
β β ββsh,6855 /app/bin/command-wrapper.sh chrome-extension://azertyuiopqsdfghhhhhhjjkkkkmwxcc/
β β ββkeepassxc,6856 chrome-extension://azertyuiopqsdfghhhhhhjjkkkkmwxcc/
β β ββ{keepassxc},6857
β β ββ{keepassxc},6858
β β ββ{keepassxc},6864
β β ββ{keepassxc},6865
β β ββ{keepassxc},6866
β β ββ{keepassxc},6868
If it could help
mat-m
on 13 Sep 2018
Same applies for firefox
β β β β ββfirefox,8362
β β β β β ββWeb Content,8602 -contentproc -childID 3 -isForBrowser -prefsLen 15008 -schedulerPrefs 0001,2 -parentBuildID 20180912013803 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8362 true tab
β β β β β β ββ{Web Content},8605
β β β β β β ββ{Web Content},8607
β β β β β β ββ{Web Content},8623
β β β β β ββbwrap,8497 --args 29 command-wrapper.sh /home/mm/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json [email protected]
β β β β β β ββbwrap,8507 --args 29 command-wrapper.sh /home/mm/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json [email protected]
β β β β β β ββsh,8509 /app/bin/command-wrapper.sh /home/mm/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json [email protected]
β β β β β β ββkeepassxc,8510 /home/mm/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json [email protected]
β β β β β β ββ{keepassxc},8511
β β β β β β ββ{keepassxc},8518
β β β β β β ββ{keepassxc},8545
β β β β β β ββ{keepassxc},8546
β β β β β β ββ{keepassxc},8547
β β β β β β ββ{keepassxc},8551
So you are using Bubblewrap sandbox? That explains a lot. It's known that these kind of wrappers can cause issues. If you open the /home/mm/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json what's the path variable?
varjolintu
on 14 Sep 2018
I don't use bubblewrap, firefox packaged on Mint does.
path is "/var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC"
mat-m
on 21 Sep 2018
That path should point to keepassxc-proxy, not to KeePassXC directly. Please see this thread for additional info with flatpak: https://github.com/flathub/org.keepassxc.KeePassXC/issues/13#issuecomment-400784869
varjolintu
on 21 Sep 2018
Hello
I defined custom proxy in keepassxc to be /var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/files/bin/keepass-proxy which was resolved to /run/user/1000/doc/b02b76cc/keepassxc-proxy
Keepassxc did not start automatically, but Firefox could not connect to keepass neither.
mat-m
on 21 Sep 2018
This is because flatpak needs some extra configuration so it could access the Unix socket. Does it help if you enable the checkbox from Browser Integration Advanced settings that updates to manifest files each time at startup? Or use a custom proxy directory.
varjolintu
on 23 Sep 2018
With these settings, KeepassXC auto-starts with Firefox and Opera.
mat-m
on 11 Oct 2018
This happens because of flatpak. I need to do some testing.
varjolintu
on 12 Oct 2018
Found the solution for this. You need some manual work.
Create a wrapper script /var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC.proxy with the following content:
#!/bin/sh
exec /usr/bin/flatpak run --command=keepassxc-proxy org.keepassxc.KeePassXC "$@"
Make the script executable with chmod +x and then change the Use a custom proxy location to point this script.
varjolintu
on 12 Oct 2018
Fix is working, thanks.
Could you opened an issue to flatpak for a root-cause fix ?
mat-m
on 26 Jan 2019
@varjolintu Okay, but this only works if KeePassXC runs on the host, does not it?
rugk
on 13 Apr 2019
Haven't tried it with any other way.
varjolintu
on 13 Apr 2019
Okay, so to add one other theoretical workaround you may need to use if both use flatpaks:
You can "hole-pinch" a flatpak and allow it to to execute flatpak-spawn just like in this example.
But possibly, when building the flatpak you can do more and securely limit it to one command to be able to run.
Actually though, this all seems to be solved (as per https://github.com/flathub/org.keepassxc.KeePassXC/issues/13), so I'll need to test it.
rugk
on 13 Apr 2019
FYI, for everyone following: I have found a working around involving some manual steps you need to do though for KeePassXC<->Firefox communication, if Firefox is flatpaked/sandboxed (works if KeePassXC is sandboxed or not). Read the full write-up/tutorial here.
rugk
on 5 May 2020
Related issues
Generator
Β·
5Comments
metaxis
Β·
3Comments
sliwowitz
Β·
5Comments
ForsakenHarmony
Β·
4Comments
gwerbin
Β·
4Comments
Most helpful comment
Found the solution for this. You need some manual work.
Create a wrapper script
/var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC.proxywith the following content:Make the script executable with
chmod +xand then change theUse a custom proxy locationto point this script.