Flatpak Browser and Native Desktop App
Thought I would share this as I've managed to get the native desktop app working with my flatpak installation of Firefox.
I'm on Arch and using the version of 1Password from the AUR and the standard flatpak version of Firefox from flathub.
- Add permissions to Firefox Flatpak via Flatseal:
- Session Bus Talks: org.freedesktop.Flatpak
- As root, create /etc/1password folder if it does not exist
- As root, create /etc/1password/custom_allowed_browsers file if it does not exist
- As root, edit /etc/1password/custom_allowed_browsers file and set content to:
flatpak-session-helper - As user, create ~/.var/app/org.mozilla.firefox/data/bin folder if it does not exist
- As user, create ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh file if it does not exist
- As user, edit ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh and set content to: ``` #!/bin/bash
flatpak-spawn --host /opt/1Password/1Password-BrowserSupport "$@"
- As user, mark ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh as executable via `chmod +x ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh`
- As user, create ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts folder if it does not eixst
- As user, create ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.1password.1password.json file if it does not exist
- As user, edit ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.1password.1password.json and set content to:
{
"name": "com.1password.1password",
"description": "1Password BrowserSupport",
"path": "/home/{USERNAME}/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh",
"type": "stdio",
"allowed_extensions": [
"{0a75d802-9aed-41e7-8daa-24c067386e82}",
"{25fc87fa-4d31-4fee-b5c1-c32a7844c063}",
"{d634138d-c276-4fc8-924b-40a0ea21d284}"
]
}
```
Where {USERNAME} is the name of your user, essentially full path to the file we created before.
- Restart Firefox and 1Password
The above can be broken down into (mostly) the following commands:
```
sudo mkdir -p /etc/1password
sudo vim /etc/1password/custom_allowed_browsers
mkdir -p ~/.var/app/org.mozilla.firefox/data/bin
vim ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh
chmod +x ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh
mkdir -p ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts
vim ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.1password.1password.json
```
I had also added xdg-run/1Password-BrowserSupport.sock, however it doesn't appear this socket file is actually needed for the extension to work from what I can tell so far.
This does somewhat break the isolation of Flatpak as it can now execute anything on the host via flatpak-spwan --host and there's no real easy way to whitelist specific host binaries that can run via Flatpak, kind of all or nothing annoyingly.
I also want to see if sometihng similar is possible for getting the Flatpak 1Password app communicating with a Flatpak browser, as KeePassXC has a kind of workaround for this that is similar.
This does somewhat break the isolation of Flatpak as it can now execute anything on the host via flatpak-spwan --host and there's no real easy way to whitelist specific host binaries that can run via Flatpak, kind of all or nothing annoyingly.
I also want to see if sometihng similar is possible for getting the Flatpak 1Password app communicating with a Flatpak browser, as KeePassXC has a kind of workaround for this that is similar.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
