Package Details: 1password-cli 2.5.1-1

Git Clone URL: https://aur.archlinux.org/1password-cli.git (read-only, click to copy)
Package Base: 1password-cli
Description: 1Password command line tool
Upstream URL: https://app-updates.agilebits.com/product_history/CLI2
Keywords: 1password
Licenses: custom
Submitter: Sh4rk
Maintainer: slurpee
Last Packager: slurpee
Votes: 34
Popularity: 1.12
First Submitted: 2017-09-07 18:54 (UTC)
Last Updated: 2022-06-25 06:01 (UTC)

Pinned Comments

slurpee commented on 2022-03-22 11:18 (UTC) (edited on 2022-04-20 06:55 (UTC) by slurpee)

Due to a file conflict in the bash-completion package bash completion is not installed automatically; the upstream op completion has been deprecated in favor of the completion generated by op, but a new release has not been cut containing the fix. In the meantime, bash users seeking command completion should add the following to their .bashrc:

source <(op completion bash)

It is recommended to verify the authenticity of the binary by using Agilebits's PGP code signing key. Their public key ID is published in the install documentation.

gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

Latest Comments

nicoulaj commented on 2022-04-17 18:37 (UTC) (edited on 2022-04-17 18:38 (UTC) by nicoulaj)

Could you please include shell completion files in the package ? eg: op completion zsh > ${pkgdir}/usr/share/zsh/site-functions/_op

See https://developer.1password.com/docs/cli/reference/commands/completion

Auerhuhn commented on 2022-03-22 11:39 (UTC)

Hi slurpee,

Thanks for the quick fix and the description. The 2.0.0-4 update is working fine for me.

I had the 9xx onepassword-cli group from 2.0.0-3. I deleted it before updating as you suggested. During the Pacman update, it said: groupadd: group 'onepassword-cli' already exists. But I’m not worrying about that because everything seems to work now.

Now my system has both the 1password and 1password-cli groups with proper gids > 1000. Thanks again for the heads up.

slurpee commented on 2022-03-22 11:18 (UTC) (edited on 2022-04-20 06:55 (UTC) by slurpee)

Due to a file conflict in the bash-completion package bash completion is not installed automatically; the upstream op completion has been deprecated in favor of the completion generated by op, but a new release has not been cut containing the fix. In the meantime, bash users seeking command completion should add the following to their .bashrc:

source <(op completion bash)

It is recommended to verify the authenticity of the binary by using Agilebits's PGP code signing key. Their public key ID is published in the install documentation.

gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

slurpee commented on 2022-03-22 10:59 (UTC)

Hello all, apologies for the issues. I've narrowed down a fix and will be pushing momentarily. The 1password-cli group was being created via systemd-sysusers which probably automatically gave it a gid below 1000; the op binary was also given the setgid bit, as detailed in the Getting Started doc.

After some tests, I found that the binary was not executing as the 1password-cli group, but as my user's group. I then bumped the gid of 1password-cli over 1000 and I see the op binary running as the 1password-cli group and I'm now getting Polkit prompts as expected.

I'm not sure why this happened, but as a fix, I've swapped out 1password-cli.sysusers for a groupadd in the .install, which will create a group with a gid over 1000

Please see the new pinned comments which will detail upgrade instructions if you were affected.

vanhtuan0409 commented on 2022-03-22 02:11 (UTC)

Hi @slurpee, thank for your work here

I got this error whenever I tried to use cli v2 with desktop integration

connecting to desktop app: read: connection reset, make sure the CLI is correctly installed and CLI Biometric Unlock is enabled in the 1Password app

Do you happen to know how to fix this?

slurpee commented on 2022-03-21 04:38 (UTC)

Hey @chrishoage - now handled via the PKGBUILD, thanks!

chrishoage commented on 2022-03-19 17:08 (UTC)

@slurpee it appears the new CLI requires a group if it is to talk to the 1Password desktop app.

Please see https://developer.1password.com/docs/cli/get-started#requirements under "Linux"

Specifically the op binary must be owned by the onepassword-cli group along with chmod g+s run on the binary.

I've manually done this in order to get the op cli to talk to 1Password desktop, however it would be nice if this was handled in the pkgbuild!

Thank you!

slurpee commented on 2022-03-16 22:15 (UTC)

@chrishoage, updated - appreciate it!

chrishoage commented on 2022-03-15 22:57 (UTC)

1password has released version 2 of the CLI, now tracked here: https://app-updates.agilebits.com/product_history/CLI2

stimut commented on 2021-09-06 05:23 (UTC)

1.11.4 was released a few days ago (https://app-updates.agilebits.com/product_history/CLI#v1110401). Any chance of an update?

Thanks.

Feakster commented on 2020-12-15 11:25 (UTC)

The GPG signing key is also referenced here: https://support.1password.com/command-line-getting-started/

Might be a better page to reference. Looks more official than a forum post.

architect0 commented on 2019-12-31 00:05 (UTC)

This can be built for aarch64 as well using the same source for arm.

just1602 commented on 2019-08-28 00:26 (UTC)

The 0.6.1 version has been release yesterday. Is there any chance to update the package ?

Auerhuhn commented on 2019-05-29 09:59 (UTC)

@kurtmc Done. Thanks for the heads up.

kurtmc commented on 2019-05-22 03:26 (UTC)

@Auerhuhn any chance of updating the version (to 0.5.6-003) and checksums?

Auerhuhn commented on 2019-05-01 09:10 (UTC) (edited on 2019-05-01 09:11 (UTC) by Auerhuhn)

Thanks @myveo for the heads up. I’ve reached out to Connor from AgileBits [1]. I will update the package once they confirm that the change is legit.

[1] https://discussions.agilebits.com/discussion/comment/503735/#Comment_503735

myveo commented on 2019-05-01 08:18 (UTC) (edited on 2019-05-01 08:18 (UTC) by myveo)

Looks like cheksums are outdated. At least the checksum for the amd64 archive (i.e. op_linux_amd64_v0.5.5.zip) should be 5ddc73a573f008758d1765169cc4f28371742231cb6aadad6ebd9620f229ccb4.

Auerhuhn commented on 2018-07-01 15:54 (UTC)

Thanks @ddnomad for your suggestion.

You can configure GnuPG to auto-import public keys if that’s what you want. To do that, add a line to ~/.gnupg/gpg.conf that says: keyserver-options auto-key-retrieve. I wouldn’t recommend this though.

As a more secure alternative, I’d encourage everyone to import 1Password’s public key. I have added a pinned comment to explain how. Thanks again for the pointer!

Auerhuhn commented on 2018-07-01 15:53 (UTC)

You may want to first import 1Password’s PGP code signing key:

gpg --recv-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

To confirm the key is legit, see this comment by 1Password’s Jeffrey Goldberg:

https://discussions.agilebits.com/discussion/comment/420654/#Comment_420654

ddnomad commented on 2018-07-01 13:59 (UTC) (edited on 2018-07-01 13:59 (UTC) by ddnomad)

gpg: Can't check signature: No public key

Not sure I should import the key manually. IMO the pkgbuild should handle this.

mprom commented on 2018-06-15 11:13 (UTC)

The check() step of the PKGBUILD gives an error if you haven't set GPG up. Removing it from PKGBUILD seems to have worked.

Auerhuhn commented on 2018-06-04 15:27 (UTC) (edited on 2018-06-04 15:28 (UTC) by Auerhuhn)

According to AgileBits [1] the modification is legit. I have now updated the signatures and bumped the package to v0.4.1, pkgrel 2. See commit message for full details.

Thanks again @chopps for reporting!

[1] https://discussions.agilebits.com/discussion/comment/438011/#Comment_438011

Auerhuhn commented on 2018-06-03 14:34 (UTC) (edited on 2018-06-03 14:35 (UTC) by Auerhuhn)

@chopps Thanks for giving notice. I can confirm the SHAs of all three editions have changed ( not only amd64), and this definitely was not the case two weeks ago. This means someone may have changed the binaries on AgileBit’s server without bumping either of version number, build number, and release date.

Generally, this can be indicative of a compromised download. I recommend to always keep that in mind before you install anything that shows a checksum error. In this particular case though, the changed binaries are still signed by AgileBits, and my GPG says the signature is 100 % OK. Therefore I feel the package to be probably safe to use.

With all that said, I have reached out [1] to AgileBits and will wait for their response before I update the signatures in the PKGBUILD.

[1] https://discussions.agilebits.com/discussion/91299/cli-binaries-changed-without-notice-signature-still-ok-though

chopps commented on 2018-06-03 13:50 (UTC)

I'm getting a validation failure on the amd64 zip. I downloaded and checked the signature (and did a bit more work to actually trust the signature by finding a picture of the business card of the signer showing the fingerprint), and my zip file appears valid. My sha256sum for it is different from this PKGBUILD.

Auerhuhn commented on 2018-05-15 15:51 (UTC)

Bumped to v0.4.1. Thanks @dmeijboom for the heads up!

Auerhuhn commented on 2018-04-11 18:59 (UTC)

Thanks @betsu and @mattikus! Updated.

betsu commented on 2018-04-11 13:44 (UTC) (edited on 2018-04-11 13:57 (UTC) by betsu)

@Sh4rk I just update the package to v0.4.

--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Felix Seidel <felix@seidel.me>

 pkgname=1password-cli
-pkgver=0.3
+pkgver=0.4
 pkgrel=1
 pkgdesc="1Password command line tool"
 arch=('x86_64' 'i686' 'arm')
@@ -13,11 +13,12 @@ source_x86_64=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_amd
 source_i686=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_386_v$pkgver.zip")
 source_arm=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_arm_v$pkgver.zip")

-sha256sums_x86_64=('0e2416b56b00fdd7f970365ed8a7e2b6e38f5c5d2c94c1fd68a980bcfee1529a')
-sha256sums_i686=('598f767b3e914f137cb0e8a0acac1ad72625ad011aa9d6a2d1bf45216a6e8c97')
-sha256sums_arm=('c0f2e59e536685bd5c8b8ca70a4fd8bd4becef7eee93b8d733276066e37b8cb2')
+sha256sums_x86_64=('421ca41fa376a6a6bc8e314c83959872e4658c5fbd3a20c0bf83a50922326b0b')
+sha256sums_i686=('e0ac90259ec0e49b517ca2afd3122523553c98f186af2f1fa0dfa18a989f3d43')
+sha256sums_arm=('0c32633587325e3874c19ba5e6e658eb1ba8b3354c15c3c9da3f9d9ef849d8ca')

 check() {
+  gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
   gpg --verify-files ${srcdir}/op.sig
 }

Auerhuhn commented on 2018-01-26 09:17 (UTC)

@Sh4rk You’re welcome, and thanks for applying the patch!

Sh4rk commented on 2018-01-26 05:45 (UTC)

@Auerhuhn thanks for the patch and sorry for the delay! You're a co-maintainer now. :)

Auerhuhn commented on 2018-01-25 21:55 (UTC)

@Sh4rk Would you mind updating the package, or perhaps adding me as a co-maintainer?

This package really needs updating; v0.1.1 doesn’t even work anymore against the current API. I’ve prepared a patch; feel free to use it:

--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Felix Seidel <felix@seidel.me>

 pkgname=1password-cli
-pkgver=0.1.1
+pkgver=0.2.1
 pkgrel=1
 pkgdesc="1Password command line tool"
 arch=('x86_64' 'i686' 'arm')
@@ -13,9 +13,9 @@ source_x86_64=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_amd
 source_i686=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_386_v$pkgver.zip")
 source_arm=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_arm_v$pkgver.zip")

-sha256sums_x86_64=('6dc01dce5138f5ec8c6d6853fb22d02cfe1c0b0178f02754278d4dcac11f038b')
-sha256sums_i686=('b0edd3b2125e9bab79c7371b00f3356b37a073c65a9ca72c7b7984700e20a881')
-sha256sums_arm=('83aee44c19db20404d18bf2f1ce466294865b1f7a4f0e48bc0f925dc3dd3499d')
+sha256sums_x86_64=('3ba640545e32c94775534dfc8bf036398ad573d0f001492e7f1818e77d183b73')
+sha256sums_i686=('71fd9885d28346384dd7833552d7e0f149da0cbe774ad927ffceea8985a7dff0')
+sha256sums_arm=('b7cd9c03638ac2369db3b8f95cb2959642b219ed7938f6583561a6c5fc697c3d')

 check() {
   gpg --verify-files ${srcdir}/op.sig

Auerhuhn commented on 2017-10-30 14:31 (UTC)

I suggest this patch in order to pin the signature validation to the known fingerprint: ``` --- a/PKGBUILD +++ b/PKGBUILD @@ -8,6 +8,7 @@ arch=('x86_64' 'i686' 'arm') url="https://app-updates.agilebits.com/product_history/CLI" license=('custom') options=('!strip' '!emptydirs') +validpgpkeys=('3FEF9748469ADBE15DA7CA80AC2D62742012EA22') # 1Password <codesign@1password.com> source_x86_64=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_amd64_v$pkgver.zip") source_i686=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_386_v$pkgver.zip") ```

sfusco commented on 2017-10-22 19:22 (UTC)

for the security minded, you will probably want to verify the pgp signature of the binary. # manually keybase pgp verify -d op.sig -S 1password -i op # using gpg integration keybase follow 1password keybase pgp pull 1password # now pacaur should find the public key in your local gpg ring pacaur -S 1password-cli

Auerhuhn commented on 2017-09-18 12:40 (UTC)

Thanks @micaelbergeron! (I’m fairly new to AUR but it strikes me how super friendly people are around here! You people are a pleasure to work with!)

micaelbergeron commented on 2017-09-18 12:24 (UTC)

Feel free to use my PKGBUILD, this is an oversight on my end. Then you may ask for op-bin deletion.

Auerhuhn commented on 2017-09-17 11:44 (UTC)

Thanks @Sh4rk for integrating this! I have found that the GPG verification breaks for me. This is what I get: ``` gpg: Signature made Do 07 Sep 2017 22:52:10 CEST gpg: using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22 gpg: Can't check signature: No public key ==> ERROR: A failure occurred in check(). Aborting... ``` Maybe we can figure out a way to use `validpgpkeys` to get it work? Other packages seem to do just that. [1] [2] I’ll look into the details as soon as I find the time. [1]: https://aur.archlinux.org/packages/openssl-zlib [2]: https://aur.archlinux.org/packages/openssl098

Sh4rk commented on 2017-09-17 07:49 (UTC)

@Auerhuhn: thanks for your feedback. I added support for both architectures and the gpg check.

Auerhuhn commented on 2017-09-16 21:24 (UTC)

A few days ago, a duplicate of this package has popped up: https://aur.archlinux.org/packages/op-bin I think it should be deleted but it also features a few things that are missing in this one. Do you feel it would be a good thing to integrate the good parts of op-bin into your package? (I’m thinking of the i686 and arm architectures, and maybe the GPG verification, too.)