Main Site Discussion > Posts
Installing KeePassXC with a Flatpak sandboxed browser
(1/1)
Dakusan:
Original post for Installing KeePassXC & a Flatpak sandboxed browser can be found at https://www.castledragmire.com/Posts/Installing_KeePassXC_&_a_Flatpak_sandboxed_browser.
Originally posted on: 07/13/24
Since I have been moving my primary workstation to Linux, I have been in need of finding a new password manager after Roboform failed me. I decided to try out KeePassXC but was having trouble since my Ungoogled Chromium browser was sandboxed in Flatpak. The instructions for this on Unix Stack Exchange were no longer working so I had to dig into it myself.
The 2 primary problems were that:
1) The browsers’ sandboxes did not have the QT libs.
2) The interprocess communication pipe socket had been renamed from kpxc_server to org.keepassxc.KeePassXC.BrowserServer.
The following are the instructions to get KeePassXC running in Flatpak versions of both Chrome and Firefox. This was tested on Linux Mint 21.3 with both Ungoogled Chromium and Firefox. You will need to change the KP_FLATPAK_PACKAGE if you use other versions of Chrome.
* Run the relevant below environment variables in your command shell before running the commands in the following steps:
#Shared environment variables:
KP_CUSTOM=/home/$USER/keepass-browser
KP_JSON_NAME=org.keepassxc.keepassxc_browser.json
#Chrome environment variables:
KP_FLATPAK_PACKAGE=io.github.ungoogled_software.ungoogled_chromium
KP_JSON_START=~/.config/chromium/NativeMessagingHosts
KP_JSON_END=~/.var/app/$KP_FLATPAK_PACKAGE/config/chromium/NativeMessagingHosts
#Firefox environment variables:
KP_FLATPAK_PACKAGE=org.mozilla.firefox
KP_JSON_START=~/.mozilla/native-messaging-hosts
KP_JSON_END=~/.var/app/$KP_FLATPAK_PACKAGE/.mozilla/native-messaging-hosts
* Install and enable the browser extension:
KeePassXD > Tools > Settings > Browser Integration:
* Check “Enable Browser Integration”
* Check “Chromium” and/or “Firefox”
* Download the plugin listed on this screen in your browser
* Click "OK"Note: This creates $KP_JSON_START/$KP_JSON_NAME
* Set up the needed files in the sandbox:
#Put KeePass proxy and needed library files in user directory
mkdir -p $KP_CUSTOM/lib
mkdir -p $KP_JSON_END #Needed for firefox
cp /usr/bin/keepassxc-proxy $KP_CUSTOM/
rsync -a /usr/lib/x86_64-linux-gnu/libicudata* /usr/lib/x86_64-linux-gnu/libicuuc* /usr/lib/x86_64-linux-gnu/libicui* /usr/lib/x86_64-linux-gnu/libdouble* /usr/lib/x86_64-linux-gnu/libsodium* /usr/lib/x86_64-linux-gnu/libQt5* $KP_CUSTOM/lib
#Copy the JSON file to the Flatpak app directory and change the executable path in the file
cp $KP_JSON_START/$KP_JSON_NAME $KP_JSON_END/
sed -i "s/\/usr\/bin\//"$(echo $KP_CUSTOM | sed 's_/_\\/_g')"\//" $KP_JSON_END/$KP_JSON_NAME
* Add permissions to the Flatpak:
flatpak override --user --filesystem=$KP_CUSTOM:ro $KP_FLATPAK_PACKAGE #Only required if home directory is not shared to the Flatpak
flatpak override --user --filesystem=xdg-run/org.keepassxc.KeePassXC.BrowserServer:ro $KP_FLATPAK_PACKAGE
flatpak override --user --env=LD_LIBRARY_PATH=$(flatpak info --show-permissions $KP_FLATPAK_PACKAGE | grep -oP '(?<=LD_LIBRARY_PATH=).*')";$KP_CUSTOM/lib" $KP_FLATPAK_PACKAGE
Rauru:
Hello Dakusan!
I have installed Firefox as a flatpak and KeepassXC as a regular .deb package. I followed your instructions to set it up but it looks like it's still not working.
Maybe I'm missing additional steps here? Could it be possible I need to change something on KeepassXC's side for the browser integration? Like a custom proxy location or custom browser config location?
Rauru
Dakusan:
It's impossible to say without going through a lot of complex debugging steps with you, unfortunately. It's a very complex process with little fiddly bits. If you can find any error messages it would help.
Navigation
[0] Message Index
Go to full version