Today, we bring you a quick report on the Maui Project’s progress after our previous 2.2.2 release; here you will find some detailed information on the new features, bug fixes, and improvements that have been made to the Maui set of apps and frameworks.

To follow the Maui Project’s development or say hi, you can join us on Telegram: https://t.me/mauiproject.

We are present on Twitter and Mastodon:

• https://twitter.com/maui_project.
• https://mastodon.technology/@mauiproject.

What’s new?

Besides the common bug fixes, some of the highlights include a refactor and cleanup of some of the MauiKit Frameworks, and new and improved Maui Apps, with support for true black color style, improved startup times, faster GPS scanning, more options in the settings app, and a brand new QPA Theme plugin for Cask to make Qt apps look and feel better under Maui Shell, among many other tweaks and refinements.

On the road to Maui 3. Focused on the framework and the apps. working on the new apps to bring them up paired with the most stable ones.

Porting to Qt6

MauiMan and MauiKit will be the two first projects to be ported, the progress so far has not been very active but now that all Plasma and KDE Libraries are now Qt6 in master, work on this area will be resumed.

https://invent.kde.org/maui/mauikit/-/issues/35

Maui Shell

For this new development cycle, the focus is on the MauiKit Frameworks and Maui Apps, however, a few fixes will land in the stack of the Maui Shell. Here are a few of the highlights so far.

Cask

• Fix bugs on dragging around CSD surfaces.
• Now uses the new MauiMan InputDevices keymap properties.
• Now uses the new QPA Theme and set the right env var to make use of it.
• Other Qt applications now look better with the new Maui QPA Theme.
• Tweaked the padding of the Chrome title bars.

Maui Settings

• The Theme module view has been refactored and split into subpages for better readability.
• Added a new sub-page to support picking custom color schemes.
• New QPA Theme plugin.
• Added a new Fonts subpage in Theme.
• Added entry to pick a custom wallpaper source directory in the Background module view.
• Organize the sidebar modules by categories.
• Can now filter the sidebar categories with keywords.
• Display an error message when a module could not be loaded correctly.
• Added the new InputDevices modules view with initial support for keyboard keymap options.
• Tweaked the About module view.
• Added a filter field for the Icons subpage.

MauiMan

• The Theme module gained new props for the fonts: DefaultFont, SmallFont, and MonospaceFont.
• Initial work has been started for the InputDevices module, starting with the keyboard keymaps options.

MauiKit Frameworks

MauiKit Core components have seen many fixes and improvements, from consistency in the UI and UX department, fixes in binding loops bugs, implementation cleanups, and new features or existing ones being exposed.

Overall you will notice an even more cohesive usage of padding, margins, and spacing in elements and content views. More work towards making it perfectly suitable for desktop and mobile use.

Gained support for two new styles: Inverted and TrueBlack, among many other fixes listed down below:

Core

• The FlexLisItem control is now based on a Grid allowing finer control over the layout. The property columns is exposed to determine the initial layout, and child items can now be positioned using the attached properties from Layout. By default, the FlexListItem has 2 columns in wide mode and goes to 1 column on constrained widths, but if you need to position more items you can increment the number of columns.
• Fixed the Android Gradle build files referencing the manifest.
• The Style font properties were refined and no longer use bad point sizes. Now the font properties rely on the wide system preferences for the default font, small font, and monospaced font, this is done via the QPA Theme plugin. As a result of the refactoring now all Maui Apps will correctly redraw the fonts when they’re changed from the system settings.
• Correct the size and style of the Switch control for consistency.
• React to icon theme changes from the system settings.
• Use the QPA style hints and expose some of them in the Style object, such as whether to show icons in menus: Maui.Style.menusHaveIcons.
• Fixed the ComboBox popup implicit height.
• New controls added: FontPicker and FontPickerDialog, which allow picking font family, best-fitted sizes, style, and filters for only monospaced fonts; and display a preview.
• Now the rendering of the buttons and menu items contents no longer uses the QQC2 hidden implementation and instead uses the new IconLabel control.
• Fixes to the color styles: dark, light, and custom. The custom style uses the Plasma custom color scheme definitions from files.
• Fixed the masking area of the image in the IconItem control.
• Removed the BasicToolButton, now that all buttons use the new Iconlabel implementation.
• Chip control now is checkable and no longer displays tooltips unless needed.
• The TabView control has been refactored and now using it is much easy, besides adding new tabs dynamically via the functions, tabs can now also be declared as children and it will work. Also, there is no longer the need to set the child tab sizes, the TabView will resize the children to fit. In the refactoring process, there were also fixes for the DnD reordering of tabs and focusing. The TabViewInfo attached properties gained new props: TabViewInfo.tabIcon and TabViewInfo.tabColor.
• The MauiKit-based apps now have a new true black color scheme alternative, that can be activated from the app itself using the Maui.Style.trueBlack option, or globally from MauiMan.
• Maintain a uniform height for the ToolActions control.
• A few new CSD styles have been added, and the Dynamic one, which relied on applet-window-buttons, has been removed.
• New ToastArea for in-app notifications, which allows having multiple notifications stacked. This is better than the previous implementation based on a Dialog. The ToastArea can be easily dismissed and individual notifications can be swiped off via touch or closed via mouse clicks.
• Added notification sounds taken from the free Material resources.
• Fixes the FloatingButton control sizing.

FileBrowsing

• Fixes to the Tagging DB thread-safe implementation.
• Tweak the TagDelegates and TagBar controls.
• Fixed the FileBrowser focus issues.
• Nicer FileBrowser dialogs.

ImageTools

• Make Tesseract and Leptonica required dependencies.
• Refactored the messy pointers implementation of the Geolocation classes and make it thread-safe.

Terminal – New!

• Fixed the issue with double pasting text
• Updated the custom adaptive color scheme, from picking it from a file to being declared in QML.
• The Adaptive color scheme now works better, by checking the brightness and other factors.
• The property hasActiveProcess now has a notify signal.
• Added new property: readOnly for cases when the terminal should not receive any user inputs, but still can use methods such as sendText or sendKeyPress, etc…
• Support highlighting search results in the history.
• Tweaked the search bar, with a dedicated button to jump through finds and more options.
• Added a virtual keyboard toggle floating button for mobile devices.

Maui Apps

Although in this new release cycle the focus was on Maui Shell projects, many of the Maui Apps received some love: new features, improvements, and updates.

Index

• Browser items focus issues have been fixed.
• A bug from the selection bar causing a failure to perform actions has been fixed.
• The PathBar arrow delegates are now better renderer antialias.
• Updated to use the new MauiKit ToastArea notifications.

Pix

• New layout with a global sidebar for navigation.
• Faster lookup of the GPS locations using concurrency.
• The new sidebar now lists tags, sources, and known categories.
• Split the viewer from the collection browser for faster startup time when only opening an image in the viewer.
• Escape keyboard shortcuts to go back from the browser.
• Fixes the navigation patterns, from the browser to the viewer.

Nota

• Fix crashing issues with the places sidebar under Android when external SD cards are present.
• Tweak the settings dialog entries order.
• Check the existence of a directory before opening the file dialog in such path.
• Escape keyboard shortcuts for exiting the recent documents view.
• Updated to the latest MauiKit changes.
• Collection views now display location tags if any are found.

Station

• Support for finding text and highlighting the results.
• Display warnings when trying to close a view with a running process.
• Display warning when trying to close the app but a process in some views is still running.
• Extend the translucency effect to the tab bar.
• Use the new MauiKit FontPicker control to pick a new font.
• Use the new MauiMan style property MonospacedFont as a default font.
• Fixes issues when focusing the terminal and opening the virtual keyboard on mobile devices.
• Make MauiKit-Terminal a required package.
• Added a placeholder message when there are no tabs opened.
• Added alerts when a process has been finished making use of the new Mauikit ToastArea notifications.
• Fixes the virtual keyboard not being opened when the terminal gets focused.
• Refactored the translucency entry to use a switch instead of a slider.

Paleta

• Updated to latest MauiKit changes.
• Notify using the new ToastArea.
• Display colors WCAG contrast ratio.

Bonsai

• Added support for more action commands, such as pull, stash, and status.
• Refactor the Project object to allow quick cloning of new projects.
• Now uses libkommit library instead of previous libgit2-based wrappers.

Fiery

• Now uses sidebar navigation for browsing the collection sources.

Arca

• Initial support for creating new archives from within the app.

And the rest of the fixes to the rest of the applications…

That’s it for now. Until the next blog post, that will be a bit closer to the 3.0.0 stable release.

To follow the Maui Project’s development or say hi, you can join us on Telegram: https://t.me/mauiproject.

We are present on Twitter and Mastodon:

• https://twitter.com/maui_project.
• https://mastodon.technology/@mauiproject.

New release schedule

The post Maui Report 22 appeared first on MauiKit — #UIFramework.

My second release of the day: Kirigami Addons 0.8.0. This release contains a few new components.

AbstractMaximizeComponent

This is part of the org.kde.kirigamiaddons.labs.components module and is a popup that covers the entire window to show some items. This is already used in NeoChat and Tokodon to magnify image and videos.

Thanks James Graham for developing the initial version and upstreaming it to Kirigami-addons.

Convergent SpinBox

Another new component is the convergent SpinBox from the org.kde.kirigamiaddons.labs.mobileform module.

This is just a normal spinbox on desktop.

But on Plasma Mobile/Android the touch target becomes bigger.

Others

Aside from this two components this release contains some small bugfixes and other minor API improvememts.

Get Involved

If you are interested in helping, don’t hesitate to reach out in the Plasma Mobile matrix channel (#plasmamobile:kde.org) and I will be happy to guide you.

And in case, you missed it, as a member of KDE’s fundraising working group, I need to remind you that KDE e.V., the non-profit behind the KDE community accepts donations.

Packager section

You can find the package on download.kde.org and it has been signed with my GPG key.

I’m happy to announce the initial release of Arianna. Arianna is a small ePub reader application I started with Niccolo a few months ago. Like most of my open source applications, it is built on top of Qt and Kirigami.

Arianna is both an ePub viewer and a library management app. Internally, Arianna uses Baloo to find your existing ePub files in your device and categorize them.

The library view will keep track of your reading progress and find new books as soon as you download them.

If your book library is particularly big, you can either use the internal search functionality, or look through the various categories and find books grouped by genre, publisher or author.

The actual reader is quite basic as its only function is to show the content of the book. That said, it does have features like a progress bar to keep track of your reading progress and also lets you navigate within the book.

It is also fully navigable with the keyboard.

Another feature allows you to search within a book for a specific word.

Get it

Arianna will soon be available in Flathub (once the submittion is accepted). Please also ask your distribution to package Arianna.

Credits

This application would have not been possible without the previous work carried out by Foliate, from whom I copied and adapted the epub.js integration, and Peruse from whom I copied and adapted the library management code. Finally I would like to thank Šimon Rataj who made numerous contribution and fixed multiple bugs.

Arianna is also translated in multiple languages, thanks to some wonderful translators. Here is the alphabethically sorted list: Basque, British English, Catalan, Czech, Dutsch, Finish, French, German, Georgian, Hungarian, Interlingua, Mandarin, Portuguese, Slovak, Spanish, Turkish, Ukrainian and Valencian.

Get Involved

If you are interested in helping, don’t hesitate to reach out in the Arianna matrix channel (#arianna:kde.org) and I will be happy to guide you.

I also regularly post about my progress on Arianna (and other KDE apps) on my Mastodon account, so don’t hesitate to follow me there ;)

And in case, you missed it, as a member of KDE’s fundraising working group, I need to remind you that KDE e.V., the non-profit behind the KDE community accepts donations.

Packager section

You can find the package on download.kde.org and it has been signed with my GPG key.

After a very long pause, I am happy to announce the release of Nanonote 1.4.0.

Nanonote is a minimalist note-taking application. It consists of a text area, a context menu and... that's about it!

It's handy to jot down short term notes, as a temporary place to collect copy'n'paste blocks, to draft a long response for an instant messaging app without having to fear pressing Enter too soon or any other use you can come up with!

TODO lists

Nanonote can also be used to write TODO lists. This is even better now in 1.4.0 thanks to the new task feature from Daniel Laidig, which lets you quickly create and toggle checkable tasks with Ctrl+Enter.

tasks.webm

Markdown-like headings

Nanonote is not a Markdown editor, but I often found myself separating notes with Markdown-like headings. Issue #43, convinced me to add some light styling for headings:

More changes

For a complete list of changes, have a look at the CHANGELOG.

Get it!

You can find .deb, .rpm, macOS dmg and Windows installers on the release page.

For Linux users, Nanonote is now also available on Flathub.

KDE Connect was designed 10 years ago (!) with Android smartphones as one of our first supported platforms. Because of that, when designing the KDE Connect protocol we had to work around many technical limitations that Android had back in its infancy.

This year I will be working on a project named “KDE Connect discovery and transport protocol improvements” that received a grant from the NLnet foundation as part of the NGI Assure fund. This grant will allow me to work full time in KDE Connect, with the goal of updating the protocol and apps to modern standards.

Below are the 3 main areas that will improve thanks to this and become KDE Connect 2.0 (even though some changes will show up sooner, because we release early, release often).

Reliability

The strength of KDE Connect (compared to some of the non-free alternatives that popped up in these last 10 years) is that KDE Connect only uses your local network for communication and doesn’t need intermediary servers in “the cloud“. This adds a challenge: devices running KDE Connect have to discover each other in the network before they can talk to each other.

Discovery is possible in the current protocol using UDP broadcasts, but the state of the art nowadays is to use multicast DNS (mDNS) instead, which is more reliable and less often blocked by the network configuration. We wanted (and tried) to adopt mDNS for a while, but it was a a bigger endeavour than what we could tackle.

By focussing full time on this, my goal is to implement an mDNS backend for KDE Connect on all supported platforms (Linux, Windows, MacOS, Android and iOS) before fall this year. Wish me luck!

Security

Before Android 5, only TLSv1 and a limited set of cipher suites could be used. We always try to stay compatible with old devices and to fight the programmed obsolescence that plagues modern technology, but that meant keeping the KDE Connect protocol compatible with insecure encryption protocols.

Starting with KDE Connect v1.22 for Android, we now require Android 5 or later so we can drop compatibility with insecure encryption in all the KDE Connect implementations (and not only Android). In addition to that, we are reviewing and updating the dependencies we bundle as part of the app to make sure we have the latest security patches.

Later this year, and also thanks to NLnet, we will get a security audit by Radically Open Security. This will be the second time KDE Connect is audited, after the openSUSE security team did so in 2020.

Accessibility

We recently adopted Material 3 in the Android app (thanks Dmitry Yudin for doing most of the work!) and KDE as a whole is getting ready to migrate our desktop apps to Qt6. These times are a perfect opportunity to review the accessibility of our user interfaces, and for that NLnet is helping us get an accessibility audit by the HAN University also later this year.

All in all, exciting times for the KDE Connect project! Stay tuned for future updates :)

This is a call for people out there to help us test the major version upgrades on Fedora KDE via Discover.

In short: no more Dnf System Upgrade for us!

A bit of context/history: for those of you who follow Nate’s blog you might already know what I am talking about. Thanks to the awesome work done by aleasto on this MR, we closed this bug.

There are, of course, a few quirks to solve but essentially it works.

The @kdesig team has enabled a COPR repository for those who want to help us test the upgrades from F37 to F38.

BIG FAT WARNING: Fedora 38 is still in BETA

I will now explain shorty what are the steps you need to follow to perform the upgrade via Discover:

First enable our COPR:

Now open Discover, go to the Update tab, click on Refresh and eventually on Update All:

Click on Restart Now to trigger the installation of our patched discover

Once you reboot, open Discover again and after a few seconds click on Upgrade to Fedora Linux 38:

Switch to the Update tab and wait until the progress bar finishes. Finally click on Update All:

Now be patient as many packages will need to be downloaded. When it finishes, you will be asked for your password:

Important note: there is a known bug which might trigger an error message at this point. If you see it, don’t panic, just close the message and click on Update All again. This time everything should work.

Time to Reboot, grab a coffee and after a few minutes… you shall boot into Fedora 38!!!

Please try it out and give us feedback on our Matrix room

Looking forward to your feedback!

It’s been a month since my first post about my work as KDE Software Platform Engineer, so let’s have a look at what I have been doing since then.

The scope of what falls under “Software Platform” work is arguably quite wide. I like to describe it as “Taking care of everything needed so that people can build and enjoy awesome software”. Of course that often means hacking on source code, but that is by no means the only thing I do. A significant part of what I do is talking to other people, discussing ideas, reviewing code, making architecture decisions, documenting things, triaging bugreports, and just generally being useful to others. A lot of this work is strategic in nature and the benefits will only show in the long term, but some short-term improvements happend this month also.

My main area of focus was working on polishing the Plasma 6 and Frameworks 6 stability. This means staying on top of things that happen throughout the stack as well as squashing remaining issues. As a result several more projects now have CI builds against the latest development branches of frameworks. Furthermore, I fixed several places where coexistence of Qt5/KF5-based and Qt6/KF6-based software was causing issues.

Qt is an vital part of our software stack, so an important part of being KDE Software Platform Engineer is being involved in its development. Last month I submitted a patch to Qt, fixing a build issues affecting our code. Besides that I have also reported some bugs that were affecting KDE and participated in code review. Another important piece of our stack is our Qt5 Patch Collection that collects bugfix patches for Qt5. I contributed two such patches by backporting them from upstream.

In terms of documentation I have published two blog posts recently. The first explains how to build the development version of Plasma using kdesrc-build. While doing that I have also fixed some related issues in kdesrc-build to make sure building things is as smooth as possible. The second one is explaining some technical details about how theming and platform integration works in Qt/KDE apps. I hope this helps with some of the discussions around this topic that are coming up once in a while.

Besides these “Bigger Picture” topics I have also worked on some concrete enhancements for KDE software. With a series of changes various system windows no longer display an internal and technical application name like “Portal” or “KDE Daemon” in their window title. I have also restored the ability to configure the time interval for determining whether two mouse clicks should be interpreted as a double click. This was present in the legacy mouse settings, but got lost in the transition to libinput. Another thing that got improved was the VPN support in our network settings. When importing a VPN configuration fails Plasma now shows the relevant error message, giving you at least some indication about what’s wrong. Futhermore I fixed a crash when importing VPN configurations when the relevant NetworkManager plugin is missing.

Another area I was working on is our powermanagement settings. Currently they are quite complex, both in terms of UX and implementation. We are working on improving this, which involves quite a bit of technical ground work.

A month from now the Plasma team will meet in Augsburg, Germany for the first in-person Plasma Sprint since 2019. I have been planning and organizing this event. This will be an important opportunity to plan for an awesome Plasma future. However, such meetings are not cheap, so please consider donating to KDE e.V. to support it.

Commit: https://invent.kde.org/qt/qt/qt5/-/commit/4c0d35b0991216766ca301de205599d1daa72057

Commercial release announcement: https://www.qt.io/blog/commercial-lts-qt-5.15.9-released

OpenSource release announcement: https://lists.qt-project.org/pipermail/announce/2023-April/000406.html

As usual I want to personally extend my gratitude to the Commercial users of Qt for beta testing Qt 5.15.9 for the rest of us.

The Commercial Qt 5.15.9 release introduced one bug that have later been fixed. Thanks to that, our Patchset Collection has been able to incorporate the fix for the issue [1] and the Free Software users will never be affected by it! 

Let’s go for my web review for the week 2023-14.

If we lose the Internet Archive, we’re screwed – The Statesman

Tags: tech, copyright, law, history

This lawsuit and the first ruling are indeed very concerning. Let’s hope we keep the Internet Archive alive, their work is invaluable.

https://www.sbstatesman.com/2023/04/04/if-we-lose-the-internet-archive-were-screwed/

Chrome ships WebGPU - Chrome Developers

Tags: tech, gpu, 3d, browser, web

This is a big milestone for 3D and computation on GPUs from the browser. I suspect it will have interesting security implications though, we’ll see.

https://developer.chrome.com/blog/webgpu-release/

Safari releases are development hell - Ashley’s blog

Tags: tech, apple, web, criticism

This ecosystem suffers from the same warts and doesn’t seem to make any progress… lack of transparency, “we know better” mentality, tight coupling, lack of communication. This is especially problematic for something like a browser.

https://www.construct.net/en/blogs/ashleys-blog-2/safari-releases-development-1616

Saying Goodbye to GitHub | Ersei ‘n Stuff

Tags: tech, github, ethics, gpt

Good reasons to leave indeed. Better host your projects somewhere else.

https://ersei.net/en/blog/bye-bye-github

Own Your Work | Jose M.

Tags: tech, self-hosting

Indeed, it’s important. You should own your content, you can eventually syndicate on trendy platforms but keep your own base for your own content.

https://josem.co/own-your-work/

Catch-23: The New C Standard Sets the World on Fire - ACM Queue

Tags: tech, c, c++, standard, criticism

This is a very concerning for C… and it drifts apart from C++ further. The old “C as a subset of C++” position is less and less valid. Very unfortunate.

https://queue.acm.org/detail.cfm?id=3588242

C++17 creates a practical use of the backward array index operator - The Old New Thing

Tags: tech, c++, programming, funny

Well, this is a bit obscure but we have to know it’s there somehow. Better not rely on it too much though.

https://devblogs.microsoft.com/oldnewthing/20230403-00/?p=108005

mockneat home - mockneat

Tags: tech, java, tests

Looks like a nice Faker alternative for Java projects. Turns out I was looking for something like that.

https://www.mockneat.com/

Writing a Fast C# Code-Search Tool in Rust — John Austin

Tags: tech, parsing, static-analyzer, rust

Really nice little tool, this is indeed surprising how little code is needed for something like this. Treesitter is definitely a huge help there.

https://johnaustin.io/articles/2022/blazing-fast-structural-search-for-c-sharp-in-rust

Slint 1.0: The Next-Generation Native GUI Toolkit Matures — Slint Blog

Tags: tech, rust, gui

Very nice milestone and interesting tech for sure. Congrats to them!

https://slint-ui.com/blog/announcing-slint-1.0.html

GraphQL: From Excitement to Deception | by Raphael Moutard | Mar, 2023 | Better Programming

Tags: tech, graphql, api, web

Nice balanced post on the pros and cons of GraphQL.

https://betterprogramming.pub/graphql-from-excitement-to-deception-f81f7c95b7cf

Is your Postgres ready for production?

Tags: tech, production, databases, postgresql

A sound list of advises, applicable to most database systems of course.

https://www.crunchydata.com/blog/is-your-postgres-ready-for-production

Pipes-and-Filters - ModernesCpp.com

Tags: tech, design, architecture, pattern, c++

A nice pattern to know and master in my opinion. At least I turn to it on a regular basis.

https://www.modernescpp.com/index.php/pipes-and-filters

Polars for initial data analysis, Polars for production

Tags: tech, data-science, pandas, polars, performance

Polars really looks like a nice alternative to Pandas with a nice upgrade path from data exploration to production.

https://pythonspeed.com/articles/polars-exploratory-data-analysis-vs-production/

Datapane - Build data products in 100% Python

Tags: tech, python, data-visualization

Looks like an interesting new building block to publish data visualizations.

https://datapane.com/

An On-Ramp to Flow

Tags: tech, programming, productivity

I definitely used this trick from time to time. In the right context it definitely work. Leaving some easy mess on purpose is a good way to get back into a task the next day.

https://census.dev/blog/an-on-ramp-to-flow

Follow-ups to “Incompetent but Nice” - Jacob Kaplan-Moss

Tags: management

Lots of nice advices in the followups. The previous article clearly lead to a good conversation around it.

https://jacobian.org/2023/mar/31/incompetent-but-nice-follow-ups/

Bye for now!

Flatpaks are amazing and all that. But application sandboxing, so an application cannot do anything it wants, is a challenge - even more so when you have two applications that need to talk to each other. Perhaps it shouldn’t come as a surprise that native-messaging sandboxing support for Flatpak has been in development for over a year. To celebrate its anniversary I thought I’d write down how to drill a native-messaging sized hole into the sandbox. This enables the use of native messaging even without portal integration, albeit also without sane degrees of sandboxing.

First off, please understand that this undermines the sandbox on a fairly fundamental level. So, don’t do this if you don’t keep your Firefox updated or visit particularly dodgy websites.

For the purposes of this post I’m assuming Firefox and KeePassXC are installed as Flatpaks in user scope.

First order of business is setting up KeePassXC so it writes its definition file in a place where Firefox can read it. Fortunately it has a setting for this:

~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/ is the path inside Firefox’ home where the defintion file will be written. Naturally we’ll also need to adjust the Flatpak permissions so KeePassXC can write to this path.

flatpak override --user --filesystem=~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts org.keepassxc.KeePassXC

At this point Firefox knows about the native messaging host but it won’t be able to run it. Alas. We need some rigging here. The problem is that Firefox can’t simply flatpak run the native messaging host, it needs to spawn a host process (i.e. a process outside its sandbox) to then run the KeePassXC Flatpak and that then runs the NMH.

Fortunately the NMH definition files are fairly straight forward:

{"allowed_extensions":["keepassxc-browser@keepassxc.org"],
"description":"KeePassXC integration with native messaging support",
"name":"org.keepassxc.keepassxc_browser",
"path":"/home/me/.local/share/flatpak/exports/bin/org.keepassxc.KeePassXC",
"type":"stdio"}

The problem of course is that we cannot directly use that Flatpak bin but need the extra spawn step in between. What we need is a way to manipulate the definition file such that we can switch in a different path. systemd to the rescue!

systemctl edit --user --full --force keepassxc-native-messaging-mangler.path

# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>

[Path]
PathChanged=/home/me/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

[Install]
WantedBy=default.target

and the associated service file…

systemctl edit --user --full --force keepassxc-native-messaging-mangler.service

# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>

[Unit]
Description=keepassxc mangler

[Service]
ExecStart=/home/me/keepassxc-native-messaging-mangler

lastly, enable the path unit.

systemctl --user enable --now keepassxc-native-messaging-mangler.path

Alright, there’s some stuff to unpack here. KeePassXC on startup writes the aforementioned definition file into Firefox’ NMH path. What we do with the help of systemd is monitor the file for changes and whenever it changes we’ll trigger our service, the service runs a mangler to modify the file so we can run another command instead. It’s basically an inotify watch.

Here’s the mangler (~/keepassxc-native-messaging-mangler):

#!/usr/bin/env ruby
# frozen_string_literal: true

# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>

require 'json'

file = "#{Dir.home}/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json"
blob = JSON.parse(File.read(file))
blob['path'] = "#{Dir.home}/Downloads/keepassxc"
File.write(file, JSON.generate(blob))

It simply replaces the path of the executable with a wrapper script. Here’s the wrapper script (~/Downloads/keepassxc):

#!/bin/sh

# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
# SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>

exec /usr/bin/flatpak-spawn --host --watch-bus "$HOME/.local/share/flatpak/exports/bin/org.keepassxc.KeePassXC" "$@"

flatpak-spawn is a special command that allows us to spawn processes outside the sandbox. To gain access we’ll have to allow Firefox to talk with the org.freedesktop.Flatpak DBus session service.

flatpak override --user --talk-name=org.freedesktop.Flatpak org.mozilla.firefox

And that’s it!

➡️ KeePassXC writes its NMH definition to Flatpak specific path ➡️ systemd acts on changes and starts mangler ➡️ mangler changes the path inside the definition to our wrapper ➡️ Firefox reads the definition and calls our wrapper ➡️ wrapper flatpak-spawns KeePassXC flatpak ➡️ Firefox (flatpak) talks to KeePassXC (flatpak)