could a Flatpak contain one of the backdoored builds of xz
or liblzma
? Is there a way to check? Would such a thing be exploitable, or does this backdoor only affect ssh servers?
If you're talking about running web-apps in the browser, I found that using environment variable MOZ_USE_XINPUT2=1
solves some of my virtual keyboard issues in Firefox (update I just tried disabling the variable and it works the same...maybe it was just placebo...). For example, if you wanted to run the Librewolf flatpak you can do flatpak run --env=MOZ_USE_XINPUT2=1 io.gitlab.librewolf-community
or to set the variable permanently you can do flatpak override --user --env=MOZ_USE_XINPUT2=1 io.gitlab.librewolf-community
and then Librewolf will always launch with that option.
As for Chromium forks, they don't use Wayland yet so that just goes back to the X11 / XWayland issues. Same goes for Electron apps. At least from what I understand from https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6238. Maybe there's a way to force Chromium/Electron to use Wayland, I haven't tried it yet
And I'll try Onboard, thanks for the tip
Update: I tried onboard, and it also didn't work for X11 apps :(
@Excigma I can swipe up to force the keyboard to appear, but pressing the keys does nothing in X11 apps (which use XWayland under Wayland), like Chromium browsers or KeepassXC