Arch Linux User Repository

1Password for Arch Linux - Stable

The source is signed with the GPG key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22 and can be seen on the install-linux guide.

Getting Started

Our getting started guide can be found at https://support.1password.com/install-linux/#arch-linux

Support

Our Linux support discussion is available at https://1password.community/categories/linux

Beta Releases

Our beta releases can be found at 1password-beta. Beta releases are more likely to have regressions than our stable releases.

You don't need to chmod the helper after installation via the install script; you can just do this when packaging and install the file with the right mode bits.

Here's a patch:

diff --git a/1password.install b/1password.install
index e752514..156badc 100755
--- a/1password.install
+++ b/1password.install
@@ -9,12 +9,6 @@ app_group_exists() {
     fi
 }

-set_chromesandbox_permissions() {
-    # chrome-sandbox requires the setuid bit to be specifically set.
-    # See https://github.com/electron/electron/issues/17972
-    chmod 4755 /opt/1Password/chrome-sandbox
-}
-
 setup_browser_helper() {
     # Setup the Core App Integration helper binary with the correct permissions and group
     HELPER_PATH="/opt/1Password/1Password-KeyringHelper"
@@ -46,12 +40,10 @@ pre_upgrade() {
 }

 post_install() {
-    set_chromesandbox_permissions
     setup_browser_helper
 }

 post_upgrade() {
-    set_chromesandbox_permissions
     setup_browser_helper
 }

diff --git a/PKGBUILD b/PKGBUILD
index 2e5a93e..680429f 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -46,4 +46,8 @@ package() {
     # Symlink /usr/bin executable to opt
     install -dm0755 "${pkgdir}"/usr/bin
     ln -s /opt/1Password/1password "${pkgdir}"/usr/bin/1password
+
+    # chrome-sandbox requires the setuid bit to be specifically set.
+    # See https://github.com/electron/electron/issues/17972
+    chmod 4755 "${pkgdir}"/opt/1Password/chrome-sandbox
 }

@1Password why did you remove the ability to use Polkit authentication on first startup?

Hi, what version of electron is this using? I would like to enable Wayland support for Electron-based apps (such as 1Password 8) and to do so, I need to know the version to name the config file (see: https://wiki.archlinux.org/title/wayland#Electron). Does 1Password pick up config files from the $USER/.config/ directory, or will I have to do something else to get Wayland working with it?

You don't need to chmod the helper via the install script (e.g.: at install time), you can just do this when packaging.

Here's a diff:

diff --git a/1password.install b/1password.install
index e752514..156badc 100755
--- a/1password.install
+++ b/1password.install
@@ -9,12 +9,6 @@ app_group_exists() {
     fi
 }

-set_chromesandbox_permissions() {
-    # chrome-sandbox requires the setuid bit to be specifically set.
-    # See https://github.com/electron/electron/issues/17972
-    chmod 4755 /opt/1Password/chrome-sandbox
-}
-
 setup_browser_helper() {
     # Setup the Core App Integration helper binary with the correct permissions and group
     HELPER_PATH="/opt/1Password/1Password-KeyringHelper"
@@ -46,12 +40,10 @@ pre_upgrade() {
 }

 post_install() {
-    set_chromesandbox_permissions
     setup_browser_helper
 }

 post_upgrade() {
-    set_chromesandbox_permissions
     setup_browser_helper
 }

diff --git a/PKGBUILD b/PKGBUILD
index 2e5a93e..680429f 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -46,4 +46,8 @@ package() {
     # Symlink /usr/bin executable to opt
     install -dm0755 "${pkgdir}"/usr/bin
     ln -s /opt/1Password/1password "${pkgdir}"/usr/bin/1password
+
+    # chrome-sandbox requires the setuid bit to be specifically set.
+    # See https://github.com/electron/electron/issues/17972
+    chmod 4755 "${pkgdir}"/opt/1Password/chrome-sandbox
 }

I noticed there's some gitlab CI set up in the repo. Is there somewhere better to send an MR instead of a patch here?

Please stop flagging this package as out-of-date for beta releases. If you want the beta versions go to 1password-beta

It would be great to get an arm Linux build for rPi and Pinebook users. Thank you for all the great work!

1Password for Arch Linux - Stable

The source is signed with the GPG key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22 and can be seen on the install-linux guide.

Getting Started

Our getting started guide can be found at https://support.1password.com/install-linux/#arch-linux

Support

Our Linux support discussion is available at https://1password.community/categories/linux

Beta Releases

Our beta releases can be found at 1password-beta. Beta releases are more likely to have regressions than our stable releases.

I'm seeing a .gitlab-ci.yml file in this package, which I'm guessing isn't supposed to make it in? It contains an include statement that references dev/core/1password-archlinux-aur-ci…

1password support page with signature now lives here: https://support.1password.com/command-line-getting-started/

I think this is flagged out-of-date incorrectly. The link provided in the flag comment refers to a beta release, while this package probably tracks the stable releases.

You know what this seems to have been only an issue with Brave-beta. Everything else is just working without my manifests. Also, I may have been using the non-beta extension in Chromium at first, which doesn't work with the native app, so I may have mistakenly believed it wasn't working too.

It appears that the 1Password app creates the manifests in the browser config directories it finds on startup. I didn't have Brave installed, but had a config directory lying around from a previous install, and it had the manifest created in the users config directory.

I mainly use Chromium and Brave-beta. I only today realized that native app integration was supposed to be enabled on Linux, and got about finding why it wasn't working for me.

The integration started working after I added these manifests, in Chromium and Brave. I only checked Chrome afterwards, and assumed it wouldn't have been working before.

That's weird, I didn't have to do anything for 1password to integrate with the google-chrome-stable package.

Manifests can be written in user directory, which the app should do (haven't checked myself: did you enable browser integration in the settings?)

I have a patch to this PKGBUILD to create native-messaging-host configs for Chrome and Chromium, which allows the browser extensions for reliably communicate with the app.

I'm not sure what is the right way to provide submit this change to this AUR repo, but my patch can be found at https://github.com/kshlm/pkgbuilds/commit/159aed38500c055111dc838d6ddbd644e17c4298.patch

This can be applied directly onto this repo with,git am -p2 159aed38500c055111dc838d6ddbd644e17c4298.patch

I've tested this with Chrome, Chromium and Brave/Brave-beta, and this enables the extensions in these browsers to be unlocked by the desktop app.

I suggess adding "libappindicator-gtk3" as an optional dependency.

Without it, the 1password statusbar icon will not show on GNOME even with the AppIndicator extension. It wasn't super fun to figure that out.

@Feakster Thanks for the suggestion. We will keep it in mind as our Linux support continues to grow.

Would you be able to make this a multi-arch package once you start using the tar instead of the AppImage? The arm architectures have a growing user base on Arch & Manjaro.

@Orangutan We actually have some plans to base the install on a tar instead of the AppImage. While we get that ready we plan on keeping this based on the AppImage.

Wouldn’t using the .deb be nicer and simpler? It’s what packages usually do in this situation

It looks like helpers that cache the AppImage (like yay) are using a previously downloaded version (before the signature change introduced in 1936c4e). I've appended the pkgrel to the name of the binary to bust this cache.

1password-0.8.7.26947.AppImage sha256sum looks incorrect.

==> 获取源代码...
  -> 找到 1password-0.8.7.26947.AppImage
  -> 正在下载 1password-0.8.7.26947.AppImage.sig...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   566  100   566    0     0   1489      0 --:--:-- --:--:-- --:--:--  1485
==> 正在验证 source 文件，使用sha256sums...
    1password-0.8.7.26947.AppImage ... 失败
    1password-0.8.7.26947.AppImage.sig ... 已跳过
==> 错误： 一个或多个文件没有通过有效性检查！

1Password now signs releases, so signature checking has been added back into the PKGBUILD. If you encounter an error importing their GPG key or an error because of a missing GPG key, you may import it manually:

gpg --keyserver keyserver.ubuntu.com --recv-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

They've published their key on their support page, here: https://support.1password.com/cs/getting-started-linux/

@foxfromabyss Yes, I've recently discovered that AppImage only seems to work with fuse2. Of course, they don't list it anywhere in their documentation, just: "AppImage requires FUSE to run".

Dependency version has been lowered to fuse2.

Had

dlopen(): error loading libfuse.so.2AppImages require FUSE to run.
You might still be able to extract the contents of this AppImage
if you run it with the --appimage-extract option.
See https://github.com/AppImage/AppImageKit/wiki/FUSE
for more information

Resolved by installing fuse2. Probably should be added to dependencies as well.

It is not necessary to include sed in makedepends since it's included in the base-devel group which is expected to be installed for AUR packages.

I've removed the GPG signature from the pkgbuild for now since there is not yet anything (signature) to verify with it.

The extra step of importing the key does not seem relevant without a signature.

I’m getting this error: ERROR: One or more files did not pass the validity check! Failed to build 1password

For people having an issue to install due to gpg key, the simply import 1password gpg key.

$ gpg --keyserver keyserver.ubuntu.com --recv-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

$ yays 1password
....
:: PGP keys need importing:
 -> 3FEF9748469ADBE15DA7CA80AC2D62742012EA22, required by: 1password
:: Importing keys with gpg...
gpg: keyserver receive failed: General error
problem importing keys

$ gpg --keyserver keyserver.ubuntu.com --recv-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg: key AC2D62742012EA22: public key "Code signing for 1Password <codesign@1password.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1