Stuart Henderson wrote:
On 2026/06/29 17:05, Chris Billington wrote:
browserpass-native provides a Native Messaging host for the 'pass' password
manager (security/password-store)

It uses the 'browserpass' add-on for Firefox, Chromium and variants,
available via the usual add-on stores.

pkg-readme file gives details on how to configure unveil.main for common
browsers.

Version attached is 3.1.2 (9/2025, latest)
Minor patch was necessary to work with the latest pledge on 7.9

Tested on 7.9-current Build date: 1782425853 - Thu Jun 25 22:17:33 UTC

Testers and comments welcome. Happy to be Maintainer.

Regards
Chris Billington


: 1. In order to use browser integration you need to add the following unveil
: rules:
:
: # for using the browserpass addon with the password-store package
: ${LOCALBASE}/bin r
: ${LOCALBASE}/bin/browserpass-native rx
:
: to the corresponding configuration file:
: * Chromium -> ${SYSCONFDIR}/chromium/unveil.main
: * Firefox -> ${SYSCONFDIR}/firefox/unveil.main
: * Iridium -> ${SYSCONFDIR}/iridium/unveil.main
: * Ungoogled-chromium -> ${SYSCONFDIR}/ungoogled-chromium/unveil.main

this is a total pain because now the user will have to manage the
unveil files themselves and merge in any changes after updates to the
browser ports. the pkg-readme would at least need to inform the user
about this, but it would be better if these could be included in the
relevant files directly in the browser ports (though 'r' for all of
/usr/local/bin might be a bit much)...

Agreed it is not ideal, though in practice not as difficult as it looks. I will try to reword the README to make things more clear.

The first part of the instructions were taken from the existing README for security/keepassxc, a heavyish Qt password manager which I used previously. ${LOCALBASE}/bin r was needed for that, and also seems to be for browserpass-native, before the following 'rx' rule works. Unless there is a better way?

When browser updates are installed, there is a message about checking unveil.content/unveil.main "which was modified" though I found this actually refers to the package copy, not the local version, so any extra lines in the local copy are preserved. Then use 'sysmerge -p' to bring in any updates to the package version.

Maybe I can add a note about 'sysmerge -p' to this README? This could also be added to keepassxc README as it's the same situation.

Chris

Reply via email to