Move xdg-native-messaging-proxy under Flatpak project
Georges Basile Stavracas Neto
georges.stavracas at gmail.com
Thu Jun 26 15:03:27 UTC 2025
It already is :)
https://github.com/flatpak/xdg-native-messaging-proxy
Em qui., 26 de jun. de 2025 às 04:11, Jan Horak <jhorak at redhat.com>
escreveu:
> I can keep the current portal implementation parallel with the
> xdg-native-messaging-proxy on the Mozilla side if that would suit
> everybody. The native messaging portal as Ubuntu guys have implemented can
> be removed later when it won't be needed anymore. To move forward we really
> need to make the xdg-native-messaging-proxy part of flatpak
> https://github.com/flatpak/. Since we all agreed on that (I hope) who can
> do the actual job?
>
> On Thu, Apr 24, 2025 at 8:00 AM Jan Grulich <jgrulich at redhat.com> wrote:
>
>> Hi,
>>
>> to keep the ball rolling.
>>
>> CC: @rob at robwu.nl <rob at robwu.nl>
>>
>> po 14. 4. 2025 v 19:03 odesílatel Jan Grulich <jgrulich at redhat.com>
>> napsal:
>>
>>>
>>>
>>> st 9. 4. 2025 v 20:10 odesílatel Georges Basile Stavracas Neto <
>>> georges.stavracas at gmail.com> napsal:
>>>
>>>> Thanks for the email
>>>>
>>>> Concretely, moving the project to under https://github.com/flatpak/ is
>>>> not any sort
>>>> of technical challenge - just needs someone with elevated permissions
>>>> to do it.
>>>>
>>>> The interesting question is if there's enough consensus on the whole
>>>> approach.
>>>> Personally, I agree that something like xdg-native-messaging-proxy is
>>>> better off
>>>> living in a separate service, given we have extensive knowledge on the
>>>> issues
>>>> and design mishaps of the whole thing.
>>>>
>>>> What I'd like to know is if Firefox folks would be open to changing
>>>> their patches
>>>> slightly to it.
>>>>
>>>
>> Rob said on https://bugzilla.mozilla.org/show_bug.cgi?id=1955255#c4:
>>
>> Even now, that implementation is disabled by default (
>> https://searchfox.org/mozilla-central/rev/dd8b5213e4e7760b5fe5743fbc313398b85f8a14/modules/libpref/init/StaticPrefList.yaml#18350-18357)
>> with a custom patch to toggle the preference on Snap builds for Ubuntu:
>> https://github.com/canonical/firefox-snap/blob/032405220c879daa9454a7e7aff821ec3009533c/patches/native-messaging-portal.patch
>>
>> The feature was intentionally off by default in Firefox to allow
>> stabilization of the feature, including potentially changing parts of the
>> protocol.
>>
>> So my understanding is there can be changes to the Firefox
>> implementation, but there is a concern about Ubuntu, which already ships
>> this and would break with the changes from @Jan Horak <jhorak at redhat.com>,
>> unless we figure out how to support both versions, which I guess can share
>> some parts of the code.
>> Jan Grulich
>>
>> There is discussion about this topic in this Firefox upstream ticket:
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1955255
>>>
>>>
>>>> Does anybody else have thoughts on this?
>>>>
>>>> With respect,
>>>> Georges
>>>>
>>>> Em ter., 8 de abr. de 2025 às 12:48, Jan Grulich <jgrulich at redhat.com>
>>>> escreveu:
>>>>
>>>>> Hi,
>>>>>
>>>>> It’s been three years since the first pull request was made to add a
>>>>> portal for WebExtensions
>>>>> <https://github.com/flatpak/xdg-desktop-portal/pull/705> to
>>>>> xdg-desktop-portal. This version of the portal has been added to Ubuntu
>>>>> packages, but it has never been part of any xdg-desktop-portal release.
>>>>> Recently, there were attempts to push this portal forward, so a new
>>>>> pull request was opened
>>>>> <https://github.com/flatpak/xdg-desktop-portal/pull/1537>, keeping
>>>>> the same portal API, just the code was rebased and updated with some
>>>>> additional fixes, but ended up in the same situation → not being MERGED.
>>>>> This sparked some discussion about whether such a portal should be part of
>>>>> xdg-desktop-portal at all. Sebastian Wick <sewick at redhat.com> had the
>>>>> idea to create a separate small service and called it
>>>>> xdg-native-messaging-proxy
>>>>> <https://github.com/swick/xdg-native-messaging-proxy>. This service
>>>>> takes the core of the original portal for WebExtensions, but exposes it on
>>>>> a bus address which only is accessible to sandboxed apps if they declare
>>>>> talk permission via their manifest and thus get marked as potentially
>>>>> unsafe. This addresses the concerns that the xdg-desktop-portal APIs are
>>>>> supposed to be secure for sandboxed applications.
>>>>>
>>>>> It seems the consensus is to go with the separate
>>>>> xdg-native-messaging-proxy service, and the original portal will never
>>>>> officially be part of xdg-desktop-portal, so I would like to propose moving
>>>>> xdg-native-messaging-proxy under the flatpak project. The reason for this
>>>>> is that I would like to make this the "official" solution, and having it as
>>>>> someone else's project won't get applications to start adopting it. Also an
>>>>> official Flatpak project will likely get more contributors, reviews and
>>>>> bugs. We're also stuck with the adoption of the xdg-native-messaging-proxy
>>>>> on the Firefox side, where unfortunately the original portal support
>>>>> was merged in <https://phabricator.services.mozilla.com/D140803>,
>>>>> although it was never anything official and is unlikely to be changed and
>>>>> reviewed until we get a clear upstream decision.
>>>>>
>>>>> What are your thoughts on this proposal? What would be the necessary
>>>>> steps if we decide to move forward with integrating xdg-native-messaging
>>>>> into the Flatpak project?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Jan Grulich
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>
>
> --
> Jan Horak
> Senior Software Engineer
> Red Hat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20250626/037ad4bf/attachment.htm>
More information about the Flatpak
mailing list