Ubuntu: New interface for locked Firefox

0
110
1659350607 ubuntu new interface for locked firefox.png
1659350607 ubuntu new interface for locked firefox.png

Firefox as a snap package causes problems. Ubuntu developers are now presenting a first solution that Flatpak and other browsers can also benefit from.

Since Ubuntu 22.04 LTS (Jammy), Firefox has only been available as a snap package. Since the browser runs shielded in a Sanbox, extensions fail to communicate with other programs installed on the system, such as the password manager KeepassXC. As a solution, the Ubuntu team is working on a new interface that allows targeted exchange.

Canonical employee Olivier Tilloy has presented a first version of this and is asking users for feedback. With a few commands, you can try out this interface yourself under Ubuntu 22.04 LTS with a beta version of Firefox, even if it’s not yet running smoothly.

Browser extensions in Firefox and Chrome browsers use the Native Messaging API to communicate with a program on the host system. An application like the KeepassXC password manager uses a JSON file to define how the provided service (Native Messaging Server) is addressed and which extensions are allowed to access it. But the sandbox of Snap or Flatpak clamps off this interface.

To solve the problem, Olivier Tilloy and his colleague James Henstridge have extended the desktop portal (“xdg-desktop-portal”) with the new “WebExtensions” interface. This now allows browsers to request permission for a specific native messaging server. If this is approved, the browser extension can communicate with desired programs on the host system via the Native Messaging API. The approach does not give carte blanche, rather access must be granted separately for each browser extension.

The desktop portal is a collection of interfaces and was originally developed for Flatpak, but can also be used by Snap. The system or the user grants individual applications specific approvals for files, devices or actions such as printing or screenshots via portals. The releases are implemented on the basis of the D-Bus protocol.

 

The Ubuntu developers submitted the changes to the desktop portal upstream to the Flatpak project, but it has not yet been integrated. The new interface is now included in the “xdg-desktop-portal” package for Ubuntu 22.04. In addition, the Firefox 104 beta available in the Snap Store has been adjusted accordingly.

Tilloy says it has successfully used the new interface with KeepassXC and the Gnome Shell integration to install extensions. We were able to reproduce that too, even if it didn’t work right away. KeepassXC would not pair with the browser extension when we ran it as an AppImage. With the version from the APT package management (Debian package) we could use KeepassXC as usual.

If you want to test the function on systems with Ubuntu 22.04 yourself, you have to observe a few requirements. First, quit Firefox. Then check whether the “xdg-desktop-portal” package is installed in version “v1.14.4-1ubuntu2~22.04.1”. Because this is the only one that already contains the new WebExtensions interface. Check the version with apt policy xdg-desktop-portal and if necessary, force the installation with the following command:

sudo apt install xdg-desktop-portal=1.14.4-1ubuntu2~22.04.1

 

Firefox 104 from the Snap Store beta track is also required, because the browser must also be adapted to the new interface. To do this, change the source in Firefox to “latest/beta” in “Ubuntu Software”. From the command line, use the following command:

sudo snap refresh firefox --beta

Also, restart the desktop portal. It should be enough to end the xdg-desktop-portal process with `kill -9`. For us it was more reliable to restart the service with systemd:

systemctl --user restart xdg-desktop-portal

How to ensure that the portal service loads the new extension. Then start Firefox with the profile manager (/snap/bin/firefox -P) so as not to destroy your existing Firefox profile with the beta version.

Create a new profile and start Firefox with it. Then install a browser extension that uses the Native Messaging API. If everything is set up correctly, a system popup should ask if Firefox is allowed to start WebExtensions.

 

You can try this with the Gnome Extensions website. Open webpage extensions.gnome.org and install “Extension GNOME Shell Integration” and allow access for WebExtension. Then install the associated host program with “sudo apt install chrome-gnome-shell”. You should then be able to manage the extensions installed on your system under “Installed Extensions”. (Ignore the error message that host connector does not support API v6.)

If Firefox doesn’t ask for permission for WebExtensions, there is a curious solution: Check the permissions for the Firefox snap package with the Flatpak command line command.

sudo apt install flatpak
flatpak permission-show snap.firefox

 

The command should show a table of permissions, with an entry for each native messaging service set up on a separate line. If necessary, adjust the authorization. Use the entries in the table as a template. With the following commands you allow the extensions for the Gnome Shell integration and KeepassXC access to the native messaging services.

flatpak permission-set webextensions org.gnome.chrome_gnome_shell    snap.firefox yes
flatpak permission-set webextensions org.keepassxc.keepassxc_browser snap.firefox yes

With Canonical’s otherwise frequent special paths, it’s commendable that the Ubuntu developers have chosen an approach that solves the problem in general. In principle, the portal for WebExtension works with Chrome browsers (Google Chrome, Chromium, Vivaldi, …) as well as with Flatpak. These only have to be expanded to include the new interface.

The PKCS#11 interface for smart cards is also affected by the sandbox problem. Oliver Tilloy is optimistic that he will soon be able to implement a portal for this as well. First of all, however, the WebExtension portal should prove itself in practice.

Previous articleAndroid 13: Google reveals that the stable version will arrive in September 2022
Next articleChrome shows Google Photos memories in your new tab
Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.