Allow read-only native message files (#12236)

* Allow read-only native message files It's possible[^1] for a native message file to be both correct and read-only. When current versions of `keepassxc` encounter this, it fails, because it can't write to the file. In this situation it should only fail if the read-only file's contents are different to those it's trying to write. [^1]: e.g. when using an immutable OS management system like NixOS or home-manager. --------- Co-authored-by: Jonathan White <support@dmapps.us>
2025-11-07 01:12:57 -05:00 · 2025-11-03 01:17:06 +10:00 · 2025-11-03 01:17:06 +10:00 · 9031cb530e
commit 9031cb530e
parent ebf0676661
1 changed files with 23 additions and 9 deletions
--- a/src/browser/NativeMessageInstaller.cpp
+++ b/src/browser/NativeMessageInstaller.cpp
@ -372,16 +372,30 @@ bool NativeMessageInstaller::createNativeMessageFile(SupportedBrowsers browser)

    QFile scriptFile(path);
    if (!scriptFile.open(QIODevice::WriteOnly)) {
-        qWarning() << "Browser Plugin: Failed to open native message file for writing at " << scriptFile.fileName();
-        qWarning() << scriptFile.errorString();
-        return false;
+        if (!scriptFile.open(QIODevice::ReadOnly)) {
+            qWarning() << "Browser Plugin: Failed to open native message file at " << scriptFile.fileName();
+            qWarning() << scriptFile.errorString();
+            return false;
+        }
+
+        // We failed to write to `scriptFile`, but we can read it, so we assume that it's a read-only file.
+        // Consider success if the read-only file already contains the content we would have written.
+        QJsonDocument expectedDoc(constructFile(browser));
+        QJsonDocument actualDoc = QJsonDocument::fromJson(scriptFile.readAll());
+
+        if (expectedDoc != actualDoc) {
+            qWarning() << "Browser Plugin: Unexpected (read-only) native message file at " << scriptFile.fileName();
+            qWarning() << "Expected contents: " << expectedDoc;
+            return false;
+        }
+    } else {
+        QJsonDocument doc(constructFile(browser));
+        if (scriptFile.write(doc.toJson()) < 0) {
+            qWarning() << "Browser Plugin: Failed to write native message file at " << scriptFile.fileName();
+            qWarning() << scriptFile.errorString();
+            return false;
+        }
    }

-    QJsonDocument doc(constructFile(browser));
-    if (scriptFile.write(doc.toJson()) < 0) {
-        qWarning() << "Browser Plugin: Failed to write native message file at " << scriptFile.fileName();
-        qWarning() << scriptFile.errorString();
-        return false;
-    }
    return true;
 }