Stuart Henderson wrote:
On 2026/06/29 17:05, Chris Billington wrote:
browserpass-native provides a Native Messaging host for the 'pass' password
manager (security/password-store)
It uses the 'browserpass' add-on for Firefox, Chromium and variants,
available via the usual add-on stores.
pkg-readme file gives details on how to configure unveil.main for common
browsers.
Version attached is 3.1.2 (9/2025, latest)
Minor patch was necessary to work with the latest pledge on 7.9
Tested on 7.9-current Build date: 1782425853 - Thu Jun 25 22:17:33 UTC
Testers and comments welcome. Happy to be Maintainer.
Regards
Chris Billington
: 1. In order to use browser integration you need to add the following unveil
: rules:
:
: # for using the browserpass addon with the password-store package
: ${LOCALBASE}/bin r
: ${LOCALBASE}/bin/browserpass-native rx
:
: to the corresponding configuration file:
: * Chromium -> ${SYSCONFDIR}/chromium/unveil.main
: * Firefox -> ${SYSCONFDIR}/firefox/unveil.main
: * Iridium -> ${SYSCONFDIR}/iridium/unveil.main
: * Ungoogled-chromium -> ${SYSCONFDIR}/ungoogled-chromium/unveil.main
this is a total pain because now the user will have to manage the
unveil files themselves and merge in any changes after updates to the
browser ports. the pkg-readme would at least need to inform the user
about this, but it would be better if these could be included in the
relevant files directly in the browser ports (though 'r' for all of
/usr/local/bin might be a bit much)...
Agreed it is not ideal, though in practice not as difficult as it looks.
I will try to reword the README to make things more clear.
The first part of the instructions were taken from the existing README
for security/keepassxc, a heavyish Qt password manager which I used
previously. ${LOCALBASE}/bin r was needed for that, and also seems to be
for browserpass-native, before the following 'rx' rule works. Unless
there is a better way?
When browser updates are installed, there is a message about checking
unveil.content/unveil.main "which was modified" though I found this
actually refers to the package copy, not the local version, so any extra
lines in the local copy are preserved. Then use 'sysmerge -p' to bring
in any updates to the package version.
Maybe I can add a note about 'sysmerge -p' to this README? This could
also be added to keepassxc README as it's the same situation.
Chris