On 2019/12/27 07:18, Evan Tann wrote: > On Fri Dec 27, 2019 at 10:00 AM, Solène Rapenne wrote: > > Le 2019-12-26 16:53, open...@evantann.com a écrit : > > >> Synopsis: "1Password X" extension on Firefox shows 0 passwords > > >> Category: > > >> Environment: > > > System : OpenBSD 6.6 > > > Details : OpenBSD 6.6-current (GENERIC.MP) #565: Tue Dec 24 > > > 13:18:50 MST 2019 > > > > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > > > Architecture: OpenBSD.amd64 > > > Machine : amd64 > > >> Description: > > > When logging into the 1Password X extension, you'll see a brief flash > > > of your vault items (passwords), but after ~100ms they disappear and > > > are replaced with the text "No items in this vault." As a result I'm > > > unable to access any of my passwords on any OpenBSD device running > > > -current. > > > > > > After communicating with a 1Password dev, he confirmed that all > > > 1Password X storage is within Firefox's cache visible in about:cache. > > > > > > If it helps debug, Chrome also experiences this same issue, but it has > > > been a problem in Chrome for longer. > > >> How-To-Repeat: > > > Install Firefox and the 1Password X extension. Save a password (vault > > > item) into the extension. Log into the extension. You'll see the vault > > > item briefly flash onto the screen then disappear. > > >> Fix: > > > Unknown. Initially I thought this could be related to the unveil > > > changes that happened around the same time, since Chrome also has the > > > same issue. I modified the /etc/firefox/unveil.main file to have > > > `/ rwc` for testing but that did not change the behavior. I found no > > > indications of a pledge-permission problem in dmesg. > > > > > > > > > > > > you want to try disabling unveil and pledge first, but adding / rwc > > is not the correct way to do so. > > > > > > disabling unveil/pledge is explained in the pkg-readme firefox file > > installed under /usr/local/share/doc/pkg-readmes/firefox > > I don't have that directory on my machine. `man firefox` was the first > place I looked, however it doesn't mention anything about pledge/unveil > (or much of anything outside of flags), and SEE ALSO was not helpful.
Here are the contents, however something is strangely wrong with your installation if you have installed firefox from ports/packages and this doesn't exist. $ cat /usr/local/share/doc/pkg-readmes/firefox $OpenBSD: README,v 1.25 2019/12/03 17:00:46 landry Exp $ +----------------------------------------------------------------------- | Running firefox on OpenBSD +----------------------------------------------------------------------- If you encounter strange problems relating to bookmarks, downloads, window placement, toolbars, history, or other settings, it is recommended that you create a new profile and attempt to reproduce the problem before filing bugs. To create a new profile, start Firefox with the -ProfileManager switch, e.g. firefox -ProfileManager, and click "Create Profile". If Firefox doesn't start at all, try starting it with -safe-mode switch, which disables extensions and themes for your session. pledge(2) and unveil(2) Support =============================== Firefox on OpenBSD is secured with pledge(2) and unveil(2) to limit the system calls and filesystem access that each of Firefox's three process types (main, content, and GPU) is permitted. By default, only ~/Downloads and /tmp can be written to when downloading files, or when viewing local files as file:// URLs. Files containing pledge promises and unveil paths and permissions for each type of process are located in /usr/local/lib/firefox/browser/defaults/preferences/. Each file can be overridden by copying it to /etc/firefox/ and modifying it. 3rd-Party MIME Handlers ======================= Due to unveil(2) limiting filesystem access, only the default MIME handler registered for a given type can be chosen when opening a downloaded file. For example, to use the mupdf package to read PDFs, it must be registered as the default with XDG: $ xdg-mime default mupdf.desktop application/pdf The current default for a given type can be viewed with xdg-mime's query command: $ xdg-mime query default application/pdf The older mailcap-format handlers are also supported, but the path being executed must be explicitly added to the unveil.main file with "rx" permissions. For example, a ~/.mailcap file specifying: application/pdf; /usr/local/bin/xpdf %s must have "/usr/local/bin/xpdf rx" added to unveil.main for it to appear as an option in the "Open With" drop-down. Using mailto: links =================== To enable mailto: links in Firefox to open in your mail program, you may have to set a mailto protocol handler. Type "about:config" in Firefox's URL text field. Type "mailto" in the filter. If there is a string called "network.protocol-handler.app.mailto", its value names the application for mailto URLs. If present, right click, choose Modify, and enter the path to your mail program, e.g., "/usr/local/bin/thunderbird" or "/usr/local/bin/kmail" (other programs may work, but these two have been tested). If absent, right click, choose New String. Set the name to "network.protocol-handler.app.mailto" and the value to the path to your mailer. Debugging ========= If you encounter crashes, you might want to build the debug FLAVOR of this package, and run firefox inside egdb, so that you can gather debugging logs and traces (for all threads!). If this is a pledge violation, you should figure out which codepath in which process leads to calling a forbidden syscall, and which pledge is missing from the sets configured according to the section above. Setting MOZ_LOG=OpenBSDSandbox:5 should help. Bug reports without enough information will be ignored. To disable pledge and/or unveil support when troubleshooting, set the corresponding pledge or unveil file in /etc/firefox/{unveil,pledge}.{main,content,gpu} to contain just "disable". D-BUS ===== For proper integration with various desktop-oriented components, firefox needs a session bus instance running. If you're not running a desktop environment that takes care of it, refer to /usr/local/share/doc/pkg-readmes/dbus-* to configure your session startup script to start one. Without a session bus running, the port is faking one (see https://bugzilla.mozilla.org/show_bug.cgi?id=1466593), but GLIB might still try to spawn one which might lead to a 'proc' pledge violation in the content process. HTML5 audio/video support ========================= For a full multimedia experience, such as playing MP3 audio or MPEG videos, install the "ffmpeg" package. It will be used at runtime if firefox finds it. # pkg_add ffmpeg WebRTC support ============== For WebRTC to properly work, it is required to enable audio recording: # sysctl kern.audio.record=1 It is also required to change the ownership of the video(4) device so that your regular user can access the webcam device. # chown youruser /dev/video0 KerberosV support ================= To use Kerberized Firefox, first manually install the "heimdal" package and configure the Kerberos client. Firefox will load the libraries at runtime if required. On OpenBSD, they are installed in a non-standard location; to allow Firefox to find them, either set LD_LIBRARY_PATH=/usr/local/heimdal/lib in your environment (possibly via a shell alias or wrapper script if you only want to set this for Firefox), or modify 'shlib_dirs' in /etc/rc.conf.local. To instruct Firefox to use Kerberos for specific domains, open 'about:config' and modify the following key: network.negotiate-auth.trusted-uris: .example.com Graphic Acceleration ==================== By default on unices the OpenGL acceleration is disabled. One can enable it by setting MOZ_ACCELERATED=1 in the environment, or by switching the about:config layers.acceleration.force-enable knob to true. Check the 'Decision log' section in about:support to see whether HW_COMPOSITING and OPENGL_COMPOSITING are enabled. Similarly, for the rust-based WebRender compositor, it is enabled by setting MOZ_WEBRENDER=1 in the environment, or by switching the about:config gfx.webrender.enabled knob to true. Check it is enabled in the 'Features' section of about:support. For this feature, WebGL2 is necessary, so your hardware must support at least OpenGL 4. Check https://wiki.mozilla.org/Platform/GFX/Quantum_Render for more details.