Move xdg-native-messaging-proxy under Flatpak project

Fri Jun 27 06:00:38 UTC 2025

That is great news!!

We now have official support for WebExtensions. Assuming
https://github.com/flatpak/xdg-desktop-portal/pull/1537 can be closed now.

Jan

čt 26. 6. 2025 v 17:03 odesílatel Georges Basile Stavracas Neto <
georges.stavracas at gmail.com> napsal:

> It already is :)
>
> https://github.com/flatpak/xdg-native-messaging-proxy
>
> Em qui., 26 de jun. de 2025 às 04:11, Jan Horak <jhorak at redhat.com>
> escreveu:
>
>> I can keep the current portal implementation parallel with the
>> xdg-native-messaging-proxy on the Mozilla side if that would suit
>> everybody. The native messaging portal as Ubuntu guys have implemented can
>> be removed later when it won't be needed anymore. To move forward we really
>> need to make the xdg-native-messaging-proxy part of flatpak
>> https://github.com/flatpak/. Since we all agreed on that (I hope) who
>> can do the actual job?
>>
>> On Thu, Apr 24, 2025 at 8:00 AM Jan Grulich <jgrulich at redhat.com> wrote:
>>
>>> Hi,
>>>
>>> to keep the ball rolling.
>>>
>>> CC: @rob at robwu.nl <rob at robwu.nl>
>>>
>>> po 14. 4. 2025 v 19:03 odesílatel Jan Grulich <jgrulich at redhat.com>
>>> napsal:
>>>
>>>>
>>>>
>>>> st 9. 4. 2025 v 20:10 odesílatel Georges Basile Stavracas Neto <
>>>> georges.stavracas at gmail.com> napsal:
>>>>
>>>>> Thanks for the email
>>>>>
>>>>> Concretely, moving the project to under https://github.com/flatpak/
>>>>> is not any sort
>>>>> of technical challenge - just needs someone with elevated permissions
>>>>> to do it.
>>>>>
>>>>> The interesting question is if there's enough consensus on the whole
>>>>> approach.
>>>>> Personally, I agree that something like xdg-native-messaging-proxy is
>>>>> better off
>>>>> living in a separate service, given we have extensive knowledge on the
>>>>> issues
>>>>> and design mishaps of the whole thing.
>>>>>
>>>>> What I'd like to know is if Firefox folks would be open to changing
>>>>> their patches
>>>>> slightly to it.
>>>>>
>>>>
>>> Rob said on https://bugzilla.mozilla.org/show_bug.cgi?id=1955255#c4:
>>>
>>> Even now, that implementation is disabled by default (
>>> https://searchfox.org/mozilla-central/rev/dd8b5213e4e7760b5fe5743fbc313398b85f8a14/modules/libpref/init/StaticPrefList.yaml#18350-18357)
>>> with a custom patch to toggle the preference on Snap builds for Ubuntu:
>>> https://github.com/canonical/firefox-snap/blob/032405220c879daa9454a7e7aff821ec3009533c/patches/native-messaging-portal.patch
>>>
>>> The feature was intentionally off by default in Firefox to allow
>>> stabilization of the feature, including potentially changing parts of the
>>> protocol.
>>>
>>> So my understanding is there can be changes to the Firefox
>>> implementation, but there is a concern about Ubuntu, which already ships
>>> this and would break with the changes from @Jan Horak
>>> <jhorak at redhat.com>, unless we figure out how to support both versions,
>>> which I guess can share some parts of the code.
>>> Jan Grulich
>>>
>>> There is discussion about this topic in this Firefox upstream ticket:
>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1955255
>>>>
>>>>
>>>>> Does anybody else have thoughts on this?
>>>>>
>>>>> With respect,
>>>>> Georges
>>>>>
>>>>> Em ter., 8 de abr. de 2025 às 12:48, Jan Grulich <jgrulich at redhat.com>
>>>>> escreveu:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> It’s been three years since the first pull request was made to add a
>>>>>> portal for WebExtensions
>>>>>> <https://github.com/flatpak/xdg-desktop-portal/pull/705> to
>>>>>> xdg-desktop-portal. This version of the portal has been added to Ubuntu
>>>>>> packages, but it has never been part of any xdg-desktop-portal release.
>>>>>> Recently, there were attempts to push this portal forward, so a new
>>>>>> pull reque
>>>>>> --
>>>>>> <https://github.com/flatpak/xdg-desktop-portal/pull/1537>
>>>>>>
>>>>>> Jan Grulich,
>>>>>>
>>>>>> Principal Software Engineer, Desktop Team
>>>>>>
>>>>>> Red Hat
>>>>>>
>>>>>> st was opened
>>>>>> <https://github.com/flatpak/xdg-desktop-portal/pull/1537>, keeping
>>>>>> the same portal API, just the code was rebased and updated with some
>>>>>> additional fixes, but ended up in the same situation → not being MERGED.
>>>>>> This sparked some discussion about whether such a portal should be part of
>>>>>> xdg-desktop-portal at all. Sebastian Wick <sewick at redhat.com> had
>>>>>> the idea to create a separate small service and called it
>>>>>> xdg-native-messaging-proxy
>>>>>> <https://github.com/swick/xdg-native-messaging-proxy>. This service
>>>>>> takes the core of the original portal for WebExtensions, but exposes it on
>>>>>> a bus address which only is accessible to sandboxed apps if they declare
>>>>>> talk permission via their manifest and thus get marked as potentially
>>>>>> unsafe. This addresses the concerns that the xdg-desktop-portal APIs are
>>>>>> supposed to be secure for sandboxed applications.
>>>>>>
>>>>>> It seems the consensus is to go with the separate
>>>>>> xdg-native-messaging-proxy service, and the original portal will never
>>>>>> officially be part of xdg-desktop-portal, so I would like to propose moving
>>>>>> xdg-native-messaging-proxy under the flatpak project. The reason for this
>>>>>> is that I would like to make this the "official" solution, and having it as
>>>>>> someone else's project won't get applications to start adopting it. Also an
>>>>>> official Flatpak project will likely get more contributors, reviews and
>>>>>> bugs. We're also stuck with the adoption of the xdg-native-messaging-proxy
>>>>>> on the Firefox side, where unfortunately the original portal support
>>>>>> was merged in <https://phabricator.services.mozilla.com/D140803>,
>>>>>> although it was never anything official and is unlikely to be changed and
>>>>>> reviewed until we get a clear upstream decision.
>>>>>>
>>>>>> What are your thoughts on this proposal? What would be the necessary
>>>>>> steps if we decide to move forward with integrating xdg-native-messaging
>>>>>> into the Flatpak project?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Jan Grulich
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>
>>
>> --
>> Jan Horak
>> Senior Software Engineer
>> Red Hat
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20250627/e98b938d/attachment.htm>