jim60105 · October 13, 2025 16:14
diff --git a/setup-brave-keepassxc.sh b/setup-brave-keepassxc.sh
 #!/bin/bash
 # Copyright (C) 2025 Jim Chen, licensed under GPL-3.0-or-later
 #
 # This script is rewritten from the solutions provided in the following comments, credited to Sergei von Alis(gasinvein) and Zihad(tazihad):
 # - https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766
 # - https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1170629567
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 # ==================================================================

 # Setup Brave Browser (Flatpak) integration with KeePassXC (Flatpak)
 #
 # Designed to work with Brave Browser (Flatpak) + KeePassXC (Flatpak) on Fedora Kinoite.
 # This script automates the process of configuring Brave Browser to work with KeePassXC.
 #
 # IMPORTANT: Execute this script as a regular user (non-root). Do NOT use sudo.
 # Usage: ./setup-brave-keepassxc.sh

 set -e  # Exit on any error

 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color

 # Function to print colored output
 print_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
 }

 print_warning() {
    echo -e "${YELLOW}[WARN]${NC} $1"
 }

 print_error() {
    echo -e "${RED}[ERROR]${NC} $1"
 }

 # Function to check if command exists
 command_exists() {
    command -v "$1" >/dev/null 2>&1
 }

 # Check if flatpak is installed
 if ! command_exists flatpak; then
    print_error "Flatpak is not installed. Please install flatpak first."
    exit 1
 fi

 # Check if Brave Browser flatpak is installed
 if ! flatpak list | grep -q "com.brave.Browser"; then
    print_error "Brave Browser (Flatpak) is not installed. Please install it first:"
    print_error "flatpak install flathub com.brave.Browser"
    exit 1
 fi

 # Check if KeePassXC flatpak is installed
 if ! flatpak list | grep -q "org.keepassxc.KeePassXC"; then
    print_error "KeePassXC (Flatpak) is not installed. Please install it first:"
    print_error "flatpak install flathub org.keepassxc.KeePassXC"
    exit 1
 fi

 print_info "Starting Brave Browser and KeePassXC integration setup..."

 # Step 1: Grant filesystem permissions to Brave Browser
 print_info "Granting filesystem permissions to Brave Browser..."
 flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.brave.Browser

 if [ $? -eq 0 ]; then
    print_info "Filesystem permissions granted successfully."
 else
    print_error "Failed to grant filesystem permissions."
    exit 1
 fi

 # Step 2: Create the target directory if it doesn't exist
 TARGET_DIR="$HOME/.var/app/com.brave.Browser/config/BraveSoftware/Brave-Browser"
 NATIVE_MESSAGING_DIR="$TARGET_DIR/NativeMessagingHosts"

 print_info "Creating target directories..."
 mkdir -p "$TARGET_DIR"
 mkdir -p "$NATIVE_MESSAGING_DIR"

 # Step 3: Create keepassxc-proxy-wrapper.sh
 WRAPPER_SCRIPT="$TARGET_DIR/keepassxc-proxy-wrapper.sh"
 print_info "Creating keepassxc-proxy-wrapper.sh..."

 # Check if the wrapper script file is locked by another process
 if [ -f "$WRAPPER_SCRIPT" ]; then
    # Try to check if file is locked by attempting to open it for writing
    if ! touch "$WRAPPER_SCRIPT" 2>/dev/null; then
        print_error "The wrapper script file appears to be locked by another process."
        print_error "This usually happens when Brave Browser is running."
        print_error "Please close Brave Browser completely and try again."
        print_error "File: $WRAPPER_SCRIPT"
        exit 1
    fi
    
    # Additional check: try to write to the file to ensure it's not locked
    if ! echo "" > "$WRAPPER_SCRIPT" 2>/dev/null; then
        print_error "Cannot write to the wrapper script file. It may be locked by another process."
        print_error "Please close Brave Browser completely and try again."
        print_error "File: $WRAPPER_SCRIPT"
        exit 1
    fi
 fi

 cat > "$WRAPPER_SCRIPT" << 'EOF'
 #!/bin/bash

 APP_REF="org.keepassxc.KeePassXC/x86_64/stable"

 for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
    if [ -d "$inst/app/$APP_REF" ]; then
        FLATPAK_INST="$inst"
        break
    fi
 done
 [ -z "$FLATPAK_INST" ] && exit 1

 APP_PATH="$FLATPAK_INST/app/$APP_REF/active"

 RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
 RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"

 exec flatpak-spawn \
    --env=LD_LIBRARY_PATH=/app/lib \
    --app-path="$APP_PATH/files" \
    --usr-path="$RUNTIME_PATH/files" \
    -- keepassxc-proxy "$@"
 EOF

 # Step 4: Make the wrapper script executable
 print_info "Making keepassxc-proxy-wrapper.sh executable..."
 chmod +x "$WRAPPER_SCRIPT"

 if [ -f "$WRAPPER_SCRIPT" ] && [ -x "$WRAPPER_SCRIPT" ]; then
    print_info "Wrapper script created and made executable successfully."
 else
    print_error "Failed to create or make wrapper script executable."
    exit 1
 fi

 # Resolve the real path for the wrapper script (following symlinks) after creation
 # Needed for Silverblue systems.
 REAL_WRAPPER_SCRIPT=$(realpath "$WRAPPER_SCRIPT")
 print_info "Wrapper script real path: $REAL_WRAPPER_SCRIPT"

 # Step 5: Copy native messaging host configuration
 SOURCE_NATIVE_MESSAGING="$HOME/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts"
 print_info "Copying native messaging host configuration..."

 if [ -d "$SOURCE_NATIVE_MESSAGING" ] && [ -f "$SOURCE_NATIVE_MESSAGING/org.keepassxc.keepassxc_browser.json" ]; then
    cp "$SOURCE_NATIVE_MESSAGING"/* "$NATIVE_MESSAGING_DIR/"
    print_info "Native messaging host configuration copied successfully."
 else
    print_warning "Source native messaging host configuration not found at $SOURCE_NATIVE_MESSAGING"
    print_warning "Creating a default configuration..."
    
    # Create default configuration
    cat > "$NATIVE_MESSAGING_DIR/org.keepassxc.keepassxc_browser.json" << EOF
 {
    "allowed_origins": [
        "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/",
        "chrome-extension://oboonakemofpalcgghocfoadofidjkkk/"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "$REAL_WRAPPER_SCRIPT",
    "type": "stdio"
 }
 EOF
 fi

 # Step 6: Update the path in the native messaging host configuration
 JSON_FILE="$NATIVE_MESSAGING_DIR/org.keepassxc.keepassxc_browser.json"
 print_info "Updating path in native messaging host configuration..."

 # Use sed to replace the path with the correct wrapper script path
 # This handles both the case where the file was copied and where it was created new
 if [ -f "$JSON_FILE" ]; then
    # Create a backup
    cp "$JSON_FILE" "$JSON_FILE.backup"
    
    # Replace the path field with the correct wrapper script path
    sed -i "s|\"path\": \".*\"|\"path\": \"$REAL_WRAPPER_SCRIPT\"|g" "$JSON_FILE"
    
    print_info "Native messaging host configuration updated successfully."
    print_info "Backup saved as: $JSON_FILE.backup"
 else
    print_error "Failed to find or create native messaging host configuration file."
    exit 1
 fi

 # Step 7: Verify the setup
 print_info "Verifying setup..."

 # Check if all files exist and have correct permissions
 if [ -f "$WRAPPER_SCRIPT" ] && [ -x "$WRAPPER_SCRIPT" ]; then
    print_info "✓ Wrapper script exists and is executable"
 else
    print_error "✗ Wrapper script missing or not executable"
 fi

 if [ -f "$JSON_FILE" ]; then
    print_info "✓ Native messaging host configuration exists"
    # Verify the path in JSON is correct
    if grep -q "$REAL_WRAPPER_SCRIPT" "$JSON_FILE"; then
        print_info "✓ Native messaging host path is correctly configured"
    else
        print_warning "⚠ Native messaging host path might not be correctly configured"
    fi
 else
    print_error "✗ Native messaging host configuration missing"
 fi

 print_info "Setup completed successfully!"
 print_info ""
 print_info "Next steps:"
 print_info "1. Enable Browser integration in KeePassXC settings"
 print_info "2. Install the KeePassXC Browser extension"
 print_warning "3. RESTART Brave Browser"
 print_info "4. Configure the extension to connect to KeePassXC"
 print_info ""
 print_info "Files created/modified:"
 print_info "- $WRAPPER_SCRIPT"
 print_info "- $JSON_FILE"
 print_info ""
 if [ -f "$JSON_FILE.backup" ]; then
 print_info "If you encounter any issues, check the backup file: $JSON_FILE.backup"
 fi
	#!/bin/bash
	# Copyright (C) 2025 Jim Chen, licensed under GPL-3.0-or-later
	#
	# This script is rewritten from the solutions provided in the following comments, credited to Sergei von Alis(gasinvein) and Zihad(tazihad):
	# - https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766
	# - https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1170629567
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program. If not, see <https://www.gnu.org/licenses/>.
	# ==================================================================

	# Setup Brave Browser (Flatpak) integration with KeePassXC (Flatpak)
	#
	# Designed to work with Brave Browser (Flatpak) + KeePassXC (Flatpak) on Fedora Kinoite.
	# This script automates the process of configuring Brave Browser to work with KeePassXC.
	#
	# IMPORTANT: Execute this script as a regular user (non-root). Do NOT use sudo.
	# Usage: ./setup-brave-keepassxc.sh

	set -e # Exit on any error

	# Colors for output
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	NC='\033[0m' # No Color

	# Function to print colored output
	print_info() {
	echo -e "${GREEN}[INFO]${NC} $1"
	}

	print_warning() {
	echo -e "${YELLOW}[WARN]${NC} $1"
	}

	print_error() {
	echo -e "${RED}[ERROR]${NC} $1"
	}

	# Function to check if command exists
	command_exists() {
	command -v "$1" >/dev/null 2>&1
	}

	# Check if flatpak is installed
	if ! command_exists flatpak; then
	print_error "Flatpak is not installed. Please install flatpak first."
	exit 1
	fi

	# Check if Brave Browser flatpak is installed
	if ! flatpak list \| grep -q "com.brave.Browser"; then
	print_error "Brave Browser (Flatpak) is not installed. Please install it first:"
	print_error "flatpak install flathub com.brave.Browser"
	exit 1
	fi

	# Check if KeePassXC flatpak is installed
	if ! flatpak list \| grep -q "org.keepassxc.KeePassXC"; then
	print_error "KeePassXC (Flatpak) is not installed. Please install it first:"
	print_error "flatpak install flathub org.keepassxc.KeePassXC"
	exit 1
	fi

	print_info "Starting Brave Browser and KeePassXC integration setup..."

	# Step 1: Grant filesystem permissions to Brave Browser
	print_info "Granting filesystem permissions to Brave Browser..."
	flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.brave.Browser

	if [ $? -eq 0 ]; then
	print_info "Filesystem permissions granted successfully."
	else
	print_error "Failed to grant filesystem permissions."
	exit 1
	fi

	# Step 2: Create the target directory if it doesn't exist
	TARGET_DIR="$HOME/.var/app/com.brave.Browser/config/BraveSoftware/Brave-Browser"
	NATIVE_MESSAGING_DIR="$TARGET_DIR/NativeMessagingHosts"

	print_info "Creating target directories..."
	mkdir -p "$TARGET_DIR"
	mkdir -p "$NATIVE_MESSAGING_DIR"

	# Step 3: Create keepassxc-proxy-wrapper.sh
	WRAPPER_SCRIPT="$TARGET_DIR/keepassxc-proxy-wrapper.sh"
	print_info "Creating keepassxc-proxy-wrapper.sh..."

	# Check if the wrapper script file is locked by another process
	if [ -f "$WRAPPER_SCRIPT" ]; then
	# Try to check if file is locked by attempting to open it for writing
	if ! touch "$WRAPPER_SCRIPT" 2>/dev/null; then
	print_error "The wrapper script file appears to be locked by another process."
	print_error "This usually happens when Brave Browser is running."
	print_error "Please close Brave Browser completely and try again."
	print_error "File: $WRAPPER_SCRIPT"
	exit 1
	fi

	# Additional check: try to write to the file to ensure it's not locked
	if ! echo "" > "$WRAPPER_SCRIPT" 2>/dev/null; then
	print_error "Cannot write to the wrapper script file. It may be locked by another process."
	print_error "Please close Brave Browser completely and try again."
	print_error "File: $WRAPPER_SCRIPT"
	exit 1
	fi
	fi

	cat > "$WRAPPER_SCRIPT" << 'EOF'
	#!/bin/bash

	APP_REF="org.keepassxc.KeePassXC/x86_64/stable"

	for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
	if [ -d "$inst/app/$APP_REF" ]; then
	FLATPAK_INST="$inst"
	break
	fi
	done
	[ -z "$FLATPAK_INST" ] && exit 1

	APP_PATH="$FLATPAK_INST/app/$APP_REF/active"

	RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
	RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"

	exec flatpak-spawn \
	--env=LD_LIBRARY_PATH=/app/lib \
	--app-path="$APP_PATH/files" \
	--usr-path="$RUNTIME_PATH/files" \
	-- keepassxc-proxy "$@"
	EOF

	# Step 4: Make the wrapper script executable
	print_info "Making keepassxc-proxy-wrapper.sh executable..."
	chmod +x "$WRAPPER_SCRIPT"

	if [ -f "$WRAPPER_SCRIPT" ] && [ -x "$WRAPPER_SCRIPT" ]; then
	print_info "Wrapper script created and made executable successfully."
	else
	print_error "Failed to create or make wrapper script executable."
	exit 1
	fi

	# Resolve the real path for the wrapper script (following symlinks) after creation
	# Needed for Silverblue systems.
	REAL_WRAPPER_SCRIPT=$(realpath "$WRAPPER_SCRIPT")
	print_info "Wrapper script real path: $REAL_WRAPPER_SCRIPT"

	# Step 5: Copy native messaging host configuration
	SOURCE_NATIVE_MESSAGING="$HOME/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts"
	print_info "Copying native messaging host configuration..."

	if [ -d "$SOURCE_NATIVE_MESSAGING" ] && [ -f "$SOURCE_NATIVE_MESSAGING/org.keepassxc.keepassxc_browser.json" ]; then
	cp "$SOURCE_NATIVE_MESSAGING"/* "$NATIVE_MESSAGING_DIR/"
	print_info "Native messaging host configuration copied successfully."
	else
	print_warning "Source native messaging host configuration not found at $SOURCE_NATIVE_MESSAGING"
	print_warning "Creating a default configuration..."

	# Create default configuration
	cat > "$NATIVE_MESSAGING_DIR/org.keepassxc.keepassxc_browser.json" << EOF
	{
	"allowed_origins": [
	"chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/",
	"chrome-extension://oboonakemofpalcgghocfoadofidjkkk/"
	],
	"description": "KeePassXC integration with native messaging support",
	"name": "org.keepassxc.keepassxc_browser",
	"path": "$REAL_WRAPPER_SCRIPT",
	"type": "stdio"
	}
	EOF
	fi

	# Step 6: Update the path in the native messaging host configuration
	JSON_FILE="$NATIVE_MESSAGING_DIR/org.keepassxc.keepassxc_browser.json"
	print_info "Updating path in native messaging host configuration..."

	# Use sed to replace the path with the correct wrapper script path
	# This handles both the case where the file was copied and where it was created new
	if [ -f "$JSON_FILE" ]; then
	# Create a backup
	cp "$JSON_FILE" "$JSON_FILE.backup"

	# Replace the path field with the correct wrapper script path
	sed -i "s\|\"path\": \".*\"\|\"path\": \"$REAL_WRAPPER_SCRIPT\"\|g" "$JSON_FILE"

	print_info "Native messaging host configuration updated successfully."
	print_info "Backup saved as: $JSON_FILE.backup"
	else
	print_error "Failed to find or create native messaging host configuration file."
	exit 1
	fi

	# Step 7: Verify the setup
	print_info "Verifying setup..."

	# Check if all files exist and have correct permissions
	if [ -f "$WRAPPER_SCRIPT" ] && [ -x "$WRAPPER_SCRIPT" ]; then
	print_info "✓ Wrapper script exists and is executable"
	else
	print_error "✗ Wrapper script missing or not executable"
	fi

	if [ -f "$JSON_FILE" ]; then
	print_info "✓ Native messaging host configuration exists"
	# Verify the path in JSON is correct
	if grep -q "$REAL_WRAPPER_SCRIPT" "$JSON_FILE"; then
	print_info "✓ Native messaging host path is correctly configured"
	else
	print_warning "⚠ Native messaging host path might not be correctly configured"
	fi
	else
	print_error "✗ Native messaging host configuration missing"
	fi

	print_info "Setup completed successfully!"
	print_info ""
	print_info "Next steps:"
	print_info "1. Enable Browser integration in KeePassXC settings"
	print_info "2. Install the KeePassXC Browser extension"
	print_warning "3. RESTART Brave Browser"
	print_info "4. Configure the extension to connect to KeePassXC"
	print_info ""
	print_info "Files created/modified:"
	print_info "- $WRAPPER_SCRIPT"
	print_info "- $JSON_FILE"
	print_info ""
	if [ -f "$JSON_FILE.backup" ]; then
	print_info "If you encounter any issues, check the backup file: $JSON_FILE.backup"
	fi
No results found