1password.install


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

# Do not add your user, or any others, to this group.
GROUP_NAME="onepassword"

app_group_exists() {
    if [ $(getent group "${GROUP_NAME}") ]; then
        true
    else
        false
    fi
}

set_chromesandbox_permissions() {
    # chrome-sandbox requires the setuid bit to be specifically set.
    # See https://github.com/electron/electron/issues/17972
    chmod 4755 /opt/1Password/chrome-sandbox
}

setup_browser_helper() {
    # Setup the Core App Integration helper binary with the correct permissions and group
    HELPER_PATH="/opt/1Password/1Password-KeyringHelper"
    BROWSER_SUPPORT_PATH="/opt/1Password/1Password-BrowserSupport"

    chgrp "${GROUP_NAME}" $BROWSER_SUPPORT_PATH
    chmod g+s $BROWSER_SUPPORT_PATH

    chgrp "${GROUP_NAME}" $HELPER_PATH
    # The binary requires setuid so it may interact with the Kernel keyring facilities
    chmod u+s $HELPER_PATH
    chmod g+s $HELPER_PATH
}

pre_install() {
    if app_group_exists; then
        : # Do nothing
    else
        groupadd "${GROUP_NAME}"
    fi
}

pre_upgrade() {
    if app_group_exists; then
        : # Do nothing
    else
        groupadd "${GROUP_NAME}"
    fi
}

post_install() {
    set_chromesandbox_permissions
    setup_browser_helper
}

post_upgrade() {
    set_chromesandbox_permissions
    setup_browser_helper
}

post_remove() {
    if app_group_exists; then
        groupdel "${GROUP_NAME}"
    fi
}