1password CLI doesn't work

[tunix]

Despite I've enabled 1password CLI integration, it says:

[ERROR] 2023/11/25 22:32:53 connecting to desktop app: read: connection reset, make sure 1Password CLI is installed correctly, then open the 1Password app, select 1Password > Settings > Developer and
make sure the 'Integrate with 1Password CLI' setting is turned on. If you're still having trouble connecting, restart the app.

The group ID seems to be somehow different:

$ ls -l /usr/bin/op
-rwxr-sr-x. 2 root 1600 22883536 Jan  1  1970 /usr/bin/op

$ cat /etc/group
root:x:0:
wheel:x:10:tunix
tunix:x:1000:
docker:x:968:
gluster:x:967:
libvirt:x:966:
nm-fortisslvpn:x:965:
onepassword-cli:x:964:tunix
onepassword:x:963:
plugdev:x:962:
qemu:x:107:
saslauth:x:76:saslauth
unbound:x:961:
adbusers:x:960:

[b-]

Could you please post the exact syntax you used to add 1Password? (Or link to your custom image).

~~I don’t know where the high group number comes from, but I have a feeling the systemd-sususers line might be acting up or something. ~~ lol I was reading the size field, not the GID…

[nadavspi]

Same thing here. https://github.com/nadavspi/nadavspi-ublue/blob/live/config/desktop.yml#L17

❯ /usr/bin/ls -l /usr/bin/op
-rwxr-sr-x. 4 root 1600 22883536 Dec 31  1969 /usr/bin/op

[b-]

Thanks, let me take a further look. My image that I'm building from isn't based on StartingPoint, so I'm guessing I didn't properly account for something in regards to how it handles the modules.

[b-]

Scratch what I said earlier — I think I know what's wrong.

Try this script to fix it: https://gist.github.com/b-/ed2cdc182ae5a92bdcd6b73308832a70

Don't put the script into your image, or anything — just run it on the installed/booted system that is giving you trouble.

The short is that the onepassword and onepassword-cli groups already exist on your system, most likely because you installed 1Password and its CLI via RPM or a different script at some point in the past.

There's a big of a chicken/egg problem in dynamically setting this GID (because it needs to be pre-set in the filesystem before it's actually deployed on a computer), so the GID is essentially hardcoded to a value from the script (which can be overridden easily if necessary…).

Installing 1Password from the RPM on CoreOS-based systems "the normal way" will create a group for 1Password (and the CLI RPM will create one for the CLI), but this conflicts with the declarative group creation in this script. systemd-sysusers doesn't support removing or re-numbering an existing group, so it needs to be fixed manually after installation.

The gist script I'm linking at the top of this comment will read the sysusers.d files and fix the GIDs on your system with the ones that they should be.

[xynydev]

Closing. If there's something you wish to be done to fix this issue, or a related issue, file a new issue with more details.