librewolf: cannot communicate with keepassxc

[ghost]

Hey

I just recently installed librewolf on arch linux.

I'm trying to get the connection between wolf and keepassxc. The following set up works with firefox but not with wolf.

# Allow internet access
ignore net

# firefox requires a shell to launch on Arch.
private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

# Allow keepassxc addon
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server

So I changed only the line to:
private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which,keepassxc-proxy
for librewolf.local.

And for keepassxc I added the following:

# Needed for Firefox-Browser addon
mkfile ${HOME}/.librewolf/
whitelist ${HOME}/.librewolf/

Problem is, I can;t find this path like for firefox:

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

So might be a problem there?

[rusty-snake]

Problem is, I can;t find this path like for firefox:

Because LibeWolf isn't supported by KPXC, is it? Actually, it should work nevertheless with a manual setup because it's a fork.

Does it work without firejail?

mkfile ${HOME}/.librewolf/

Needs to be mkdir. And omit the trailing slashes.

[ghost]

Yeah, it does work without firejail.

Needs to be mkdir.

It doesn't make any difference. There is no ...

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

native-messaging-hosts folder in ~/.librewolf/. I just copied it from mozilla to wolf and changed the settings in keepass itself (Use a custom browser configuration location:) but nothing.

Edit:

Because LibeWolf isn't supported by KPXC, is it?

Yeah, it's not supported.

[rusty-snake]

How looks your full keepassxc.local?

[Neo00001]

Needed for Firefox-Browser addon
mkfile ${HOME}/.librewolf/
whitelist ${HOME}/.librewolf/

add noblacklist ${HOME}/.librewolf also as that path is in disable-programs.inc. & keepassxc profile has disable-programs.inc. If without firejail it works then it should also work with firejail.

[ghost]

That's my keepassxc.local file. Which works with firefox but still not with wolf. :

# Database path
whitelist ${HOME}/Software/KeePass/*.kdbx

# Key path
whitelist ${HOME}/.keys/keepass/*.key

# Needed for Firefox & LibreWolf-Browser addon
noblacklist ${HOME}/.librewolf
mkdir ${HOME}/.librewolf
whitelist ${HOME}/.librewolf

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

mkdir ${HOME}/.cache/keepassxc
mkdir ${HOME}/.config/keepassxc
whitelist ${HOME}/.cache/keepassxc
whitelist ${HOME}/.config/keepassxc
include whitelist-common.inc

# Uncomment or add to your keepassxc.local to allow Tray.
dbus-user.talk org.kde.StatusNotifierWatcher
dbus-user.own org.kde.*

# SSH key path
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.keys/.ssh
whitelist ${HOME}/.ssh
whitelist ${HOME}/.keys/ssh

That's the librewolf.local:

# Allow internet access
ignore net

# Uncomment (or add to librewolf.local) the following lines if you want to
# use the migration wizard.
#noblacklist ${HOME}/.mozilla
#whitelist ${HOME}/.mozilla

# librewolf requires a shell to launch on Arch. We can possibly remove sh though.
private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which,keepassxc-proxy
#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

# private-etc must first be enabled in firefox-common.profile
private-etc librewolf

# Allow keepassxc addon
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server

firefox-common.local:

# Allow internet access
ignore net

private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg

and firefox.local (I'm trying to allow dolphin and okular to use open with option):

# Allow internet access
ignore net

# firefox requires a shell to launch on Arch.
private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

# Allow keepassxc addon
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server
#ignore include whitelist-runuser-common.inc

# Allow PDF view with okular
#ignore dbus

noblacklist /usr/share/applications/org.kde.dolphin.desktop
noblacklist /usr/share/applications/org.kde.okular.desktop

#whitelist /usr/share/applications/org.kde.dolphin.desktop
#whitelist /usr/share/applications/org.kde.okular.desktop

[rusty-snake]

noblacklist /usr/share/applications/…

FYI: There is no such blacklist

ignore net

Do you have a globals.local?

[rusty-snake]

whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server

Just to be sure, you follow this rule:

firejail/etc/profile-a-l/librewolf.profile

Line 22 in 6df0ce7

# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them

[ghost]

FYI: There is no such blacklist

Still learning :D

Yes, I have.
globals.local:

# Deny internet
net none

# Enable apparmor 
apparmor

Just to be sure, you follow this rule:

Yes, I follow that. Keepass autostart every reboot and after login I start wolf/firefox.

[Neo00001]

That's my keepass.local file.

why keepass.local? Are you talking about keepass or keepassxc?

try the following,

• run keepassxc with firejail --noprofile & librewolf with its firejail profile
• run librewolf with firejail --noprofile & keepassxc with its firejail profile
  it will narrow down the problem. if in1st case keepassxc connects with librewolf then you have to work with keepassxc profile.

btw, is keepassxc working with firefox?

[ghost]

I'm sorry it's keepassxc.local. I changed it.

Keepassxc with firejail and wolf with noprofile works.
Firefox and keepassxc with firejail works. Same set up like above.

So there is something "wrong" here librewolf.local:

# Allow internet access
ignore net

# Uncomment (or add to librewolf.local) the following lines if you want to
# use the migration wizard.
#noblacklist ${HOME}/.mozilla
#whitelist ${HOME}/.mozilla

# librewolf requires a shell to launch on Arch. We can possibly remove sh though.
private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which,keepassxc-proxy
#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

# private-etc must first be enabled in firefox-common.profile
private-etc librewolf

# Allow keepassxc addon
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server

[Neo00001]

Uncomment (or add to librewolf.local) the following lines if you want to
use the migration wizard.
noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla

what happens if you uncomment these two? give it a try, it may do the trick.

[ghost]

Indeed, that worked!

I played a little bit and moved the .mozilla folder as a backup folder (mozilla.backup) . It didn't worked.
So I created the .mozilla folder and it didn't worked.
I moved native-messaging-hosts which includes the file org.keepassxc.keepassxc_browser.json and it works.
I already tried to move the folder and file to .librewolf which doesn't work.
So I tried keepassxc -> tools -> browser integration -> advanced -> use a custom browser configuration location -> browser type: firefox -> config location: ~/.librewolf/native-messaging-hosts/ and created the folder.

Changed keepassxc.local

noblacklist ${HOME}/.librewolf
mkfile ${HOME}/.librewolf/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.librewolf/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

The file gets created.

And I added to librewolf.local (just in case):

noblacklist ${HOME}/.librewolf
whitelist ${HOME}/.librewolf

It seems to me that librewolf is only looking in the mozilla folder for the extension particular to ~/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json or I must miss something.

My plan is to get rid off firefox.

Edit:
Or is keepassxc browser addon looking only in the .mozilla folder?

[rusty-snake]

So actually this are the required locals?

keepassxc.local

# IF whitelist
mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
# FI

librewolf.local

# IF private-bin
private-bin keepassxc-proxy
# FI

noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

# newer kpxc
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
# older kpxc
whitelist ${RUNUSER}/kpxc_server

[ghost]

I have that keepassxc.local:

# Needed for Firefox & LibreWolf-Browser addon
#noblacklist ${HOME}/.librewolf
#mkfile ${HOME}/.librewolf/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.librewolf/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

mkdir ${HOME}/.cache/keepassxc
mkdir ${HOME}/.config/keepassxc
whitelist ${HOME}/.cache/keepassxc
whitelist ${HOME}/.config/keepassxc
include whitelist-common.inc

and librewolf.local:

# librewolf requires a shell to launch on Arch. We can possibly remove sh though.
private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which,keepassxc-proxy
#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

# private-etc must first be enabled in firefox-common.profile
private-etc librewolf

# Uncomment (or add to librewolf.local) the following lines if you want to
# use the migration wizard and for keepassxc addon.
noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server

So keepassxc-proxy probably necessary as well.

Is the folder .mozilla created even without using Mozilla software? So keepassxc creates it then? Otherwise the keepassxc addon on librewolf does not work, I guess.

Edit:
And firefox-common.local

# Allow internet access
ignore net

private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg

[rusty-snake]

firefox-common.local
private-etc librewolf

I mean for the locals to make kpxc-browser work with librewolf (as reference for other users).

Is the folder .mozilla created even without using Mozilla software?

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json need to create .mozilla in order to create a file under it.

librewolf.local

Can you test with only

noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

for ~/.mozilla.

[ghost]

I just tested it on a vm with only keepassxc and librewolf.

And that's the bare minimum for the addon ...

mkdir -p ~/.mozilla/native-messaging-hosts/

keepassxc.local:

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

and for librewolf.local:

noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer

But that's very annoying you probably know it already :D Better to add at least those to keepassxc.local as well:

mkdir ${HOME}/.config/keepassxc
whitelist ${HOME}/.config/keepassxc

Otherwise you have to enable browser integration every time you start keepass.

I still don't get it why I can't just use Use a custom browser configuration location:. I tried that too but nothing. Anyhow that's the solution for now, I guess.

[vnepogodin]

I have that keepassxc.local:

# Needed for Firefox & LibreWolf-Browser addon
#noblacklist ${HOME}/.librewolf
#mkfile ${HOME}/.librewolf/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.librewolf/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

mkdir ${HOME}/.cache/keepassxc
mkdir ${HOME}/.config/keepassxc
whitelist ${HOME}/.cache/keepassxc
whitelist ${HOME}/.config/keepassxc
include whitelist-common.inc

and librewolf.local:

# librewolf requires a shell to launch on Arch. We can possibly remove sh though.
private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which,keepassxc-proxy
#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which,keepassxc-proxy

# private-etc must first be enabled in firefox-common.profile
private-etc librewolf

# Uncomment (or add to librewolf.local) the following lines if you want to
# use the migration wizard and for keepassxc addon.
noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
whitelist ${RUNUSER}/kpxc_server

So keepassxc-proxy probably necessary as well.

Is the folder .mozilla created even without using Mozilla software? So keepassxc creates it then? Otherwise the keepassxc addon on librewolf does not work, I guess.

Edit:
And firefox-common.local

# Allow internet access
ignore net

private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg

https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/librewolf.profile#L21
You should just uncomment or put it to your librewolf.local

[rusty-snake]

@vnepogodin does this work for you?

[vnepogodin]

Yes

[rusty-snake]

@vnepogodin did you uncommented the .mozilla as well?

@dansman @vnepogodin How do you installed librewolf (could a wrong configure argument cause this?)?

[vnepogodin]

I did't uncommented .mozilla

librewolf and keepassxc installed as fresh as posible

[ghost]

It doesn't work here.

I need to have everything uncomment and the .mozilla folder manually created like I mentioned above. Which makes sense to me. Librewolf and keepassxc shouldn't have access to the .mozilla folder out of the box.

@vnepogodin
Where is the file org.keepassxc.keepassxc_browser.json stored on your computer and how get librewolf access to it?

Edit:
I use Arch Linux and used the AUR librewolf bin package.
Keepassxc just from the official repo.

[rusty-snake]

librewolf and keepassxc installed as fresh as posible

Compiled from git?

[ghost]

librewolf and keepassxc installed as fresh as posible

Compiled from git?

Does it really makes any difference?

[rusty-snake]

Other program version or configure arguments are the only idea I have ATM.

[ghost]

It doesn't work here.

I need to have everything uncomment and the .mozilla folder manually created like I mentioned above. Which makes sense to me. Librewolf and keepassxc shouldn't have access to the .mozilla folder out of the box.

@vnepogodin
Where is the file org.keepassxc.keepassxc_browser.json stored on your computer and how get librewolf access to it?

Edit:
I use Arch Linux and used the AUR librewolf bin package.
Keepassxc just from the official repo.

Why messing with firefox if you are using librewolf ?
Firefox has .mozilla folder and librewolf has .librewolf

I think you also malfunctioned the keepassxc browser extension. Uninstall keepassxc browser extension and
rm -rf $(find ~/.librewolf | grep keepass)

then reinstall again. Mine works perfectly. Just auto keyboard completion and internet connection not works, which is not a privacy but a shit. KeePassXC and be build without those flags but no need to implement that for all users by default :D

[ghost]

Did you enabled browser integration in keepass? If yes, which browser? Or custom browser config?

I have seen you're using Arch as well. I tried that on a fresh install arch vm and on my computer arch. So I can't get any connection between those without the setup above.
But maybe I block something else here and there.,

[rusty-snake]

I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.

[float3]

keepassxreboot/keepassxc#6907 (comment)