This documents how to extend the Firefox apparmor policy to allow passff-host to work. These
instructions are aimed at Ubuntu (and tested on Ubuntu 24.10 with Firefox version
132.0+build1-0ubuntu0.24.10.1~mt1 installed from the mozillateam ppa), but are likely also
useful for other distrubutions.
* fixing "Error: otp is not in the password store."
On nixos, following https://github.com/tadfisher/pass-otp#nixnixos and https://github.com/passff/passff/issues/419 installs a version of passff-host without any extensions. The exact suggested configuration is:
environment.systemPackages = with pkgs; [
...
(pass.withExtensions (ext: with ext; [pass-otp]))
(firefox.override { extraNativeMessagingHosts = [ passff-host ]; })
...];
"..." is to be replaced by the list of all other packages installed by root on your NixOS.
This exact configuration does not add any extensions to passff-host, and passff keeps showing messages like [Error: otp is not in the password store.](https://github.com/tadfisher/pass-otp/issues/135).
This commit documents the working nixos configuration that fixes this issue.
* Update README.md
adding documentations
* suppressed spurious "dq"
* NixOS linux installation without install_host_app.sh
* expliciting the first version does not install extensions
* Don't filter GPG debug outputs, but send everything to PassFF
---------
Co-authored-by: Thomas Vogt <tuxor1337@users.noreply.github.com>
Co-authored-by: Thomas Vogt <acc-framagit@tovotu.de>
I've run into some difficulties setting up the passff host
application, and the existing troubleshooting tips weren't really
useful, because they don't cover my issues.
Add two more tips that would have helped me diagnose the situation:
- Recommend a `strace`-based command to check the `errno` of a
potentially failed `execve(".../passff.py", ...)` call, as it
might contain a useful clue about why the host application isn't
even executed. Use a higher-than-default `--string-limit` in the
example to prevent truncating `execve()`'s reasonably-sized path
arguments.
AFAIK this error code is not available elsewhere: the passff popup
in the browser only shows `execve()`'s return value (e.g.: "ls ->
(-1) PassFF failed to execute the host app"), while the browser
console only shows a fairly useless error message ("Attempt to
postMessage on disconnected port").
- Recommend checking the security module configurations and related
syslog entries, because their policies might deny the execution of
the host application, resulting in `execve()` failing with
`EACCES`.
Especially this second tip would have been helpful for me, because
`execve()`'s man page doesn't explicitly list security modules as a
possible cause for `EACCES`, and all listed causes (search permission
on all path components, executable bit, no `noexec` mount) were fine,
so it took a while until I stumbled upon the syslog messages from
AppArmor denying the execution of the passff host application.
