Move xdg-native-messaging-proxy under Flatpak project

Thu Apr 24 05:59:52 UTC 2025

Hi,

to keep the ball rolling.

CC: @rob at robwu.nl <rob at robwu.nl>

po 14. 4. 2025 v 19:03 odesílatel Jan Grulich <jgrulich at redhat.com> napsal:

>
>
> st 9. 4. 2025 v 20:10 odesílatel Georges Basile Stavracas Neto <
> georges.stavracas at gmail.com> napsal:
>
>> Thanks for the email
>>
>> Concretely, moving the project to under https://github.com/flatpak/ is
>> not any sort
>> of technical challenge - just needs someone with elevated permissions to
>> do it.
>>
>> The interesting question is if there's enough consensus on the whole
>> approach.
>> Personally, I agree that something like xdg-native-messaging-proxy is
>> better off
>> living in a separate service, given we have extensive knowledge on the
>> issues
>> and design mishaps of the whole thing.
>>
>> What I'd like to know is if Firefox folks would be open to changing their
>> patches
>> slightly to it.
>>
>
Rob said on https://bugzilla.mozilla.org/show_bug.cgi?id=1955255#c4:

Even now, that implementation is disabled by default (
https://searchfox.org/mozilla-central/rev/dd8b5213e4e7760b5fe5743fbc313398b85f8a14/modules/libpref/init/StaticPrefList.yaml#18350-18357)
with a custom patch to toggle the preference on Snap builds for Ubuntu:
https://github.com/canonical/firefox-snap/blob/032405220c879daa9454a7e7aff821ec3009533c/patches/native-messaging-portal.patch

The feature was intentionally off by default in Firefox to allow
stabilization of the feature, including potentially changing parts of the
protocol.

So my understanding is there can be changes to the Firefox implementation,
but there is a concern about Ubuntu, which already ships this and would
break with the changes from @Jan Horak <jhorak at redhat.com>, unless we
figure out how to support both versions, which I guess can share some parts
of the code.
Jan Grulich

There is discussion about this topic in this Firefox upstream ticket:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1955255
>
>
>> Does anybody else have thoughts on this?
>>
>> With respect,
>> Georges
>>
>> Em ter., 8 de abr. de 2025 às 12:48, Jan Grulich <jgrulich at redhat.com>
>> escreveu:
>>
>>> Hi,
>>>
>>> It’s been three years since the first pull request was made to add a
>>> portal for WebExtensions
>>> <https://github.com/flatpak/xdg-desktop-portal/pull/705> to
>>> xdg-desktop-portal. This version of the portal has been added to Ubuntu
>>> packages, but it has never been part of any xdg-desktop-portal release.
>>> Recently, there were attempts to push this portal forward, so a new
>>> pull request was opened
>>> <https://github.com/flatpak/xdg-desktop-portal/pull/1537>, keeping the
>>> same portal API, just the code was rebased and updated with some additional
>>> fixes, but ended up in the same situation → not being MERGED. This sparked
>>> some discussion about whether such a portal should be part of
>>> xdg-desktop-portal at all. Sebastian Wick <sewick at redhat.com> had the
>>> idea to create a separate small service and called it
>>> xdg-native-messaging-proxy
>>> <https://github.com/swick/xdg-native-messaging-proxy>. This service
>>> takes the core of the original portal for WebExtensions, but exposes it on
>>> a bus address which only is accessible to sandboxed apps if they declare
>>> talk permission via their manifest and thus get marked as potentially
>>> unsafe. This addresses the concerns that the xdg-desktop-portal APIs are
>>> supposed to be secure for sandboxed applications.
>>>
>>> It seems the consensus is to go with the separate
>>> xdg-native-messaging-proxy service, and the original portal will never
>>> officially be part of xdg-desktop-portal, so I would like to propose moving
>>> xdg-native-messaging-proxy under the flatpak project. The reason for this
>>> is that I would like to make this the "official" solution, and having it as
>>> someone else's project won't get applications to start adopting it. Also an
>>> official Flatpak project will likely get more contributors, reviews and
>>> bugs. We're also stuck with the adoption of the xdg-native-messaging-proxy
>>> on the Firefox side, where unfortunately the original portal support
>>> was merged in <https://phabricator.services.mozilla.com/D140803>,
>>> although it was never anything official and is unlikely to be changed and
>>> reviewed until we get a clear upstream decision.
>>>
>>> What are your thoughts on this proposal? What would be the necessary
>>> steps if we decide to move forward with integrating xdg-native-messaging
>>> into the Flatpak project?
>>>
>>> Regards,
>>>
>>> Jan Grulich
>>>
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20250424/f18de5cc/attachment.htm>