Big Sur - No Lock Icon on 1Password CLI Installer

Have done a clean install of macOS Big Sur. Downloaded the 1Password CLI installer (Darwin, build #1080001) from your official downloads page, but there's no lock icon in the top right corner of the installer window. Am wary of installing it as this document states: If you don’t see the lock icon, the package is unsigned, and you shouldn’t install it. Is this an issue with Big Sur or are you no longer signing the installer package?

Thanks in advance, Steve.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 11.0.1
Sync Type: Not Provided

Comments

  • artem1Partem1P

    Team Member
    edited December 2020

    Hi @techotaku, Thank you for bringing this to our attention!

    We have had similar reports regarding the signature verification process from other customers using Big Sur. We have started looking at this to see if a change in our signing process is necessary to fix the signature verification for users on Big Sur. We have not stopped signing the packages.

    I will get back to you with any additional information once we have something.

    -Artem

  • I have come across the same problem. Using the codesign utility to verify signing information indicates the CLI .pkg is not signed.

  • ag_yaronag_yaron

    Team Member

    Hey @timfall ,

    We are aware of the issue and are still working on fixing the signatures problem. Thanks for bringing it up!

  • Are there any updates on progress here? Thanks!

  • techotakutechotaku
    edited February 5

    I second the comment from @timfall. I understand if it's not high on your agenda, but it's been 3 months since my initial post. At least an idea of when this is likely to be resolved – if at all – would be helpful.

    Thanks, Steve.

  • ag_yaronag_yaron

    Team Member

    Hey guys,
    Thanks for checking in on this.

    I sent a query to the team about this to check where it is standing and if there's an estimated timeline for it. Hopefully we'll have some news for you soon.

  • rudyrudy

    Team Member

    @timfall,

    The correct command for checking pkg signatures is pkgutil --check-signature ~/Downloads/op_darwin_amd64_v1.8.0.pkg

  • timfalltimfall
    edited February 10

    That is another method yes. The first way also checks to make sure it was not simply signed incorrectly, as opposed to not at all. Are there any updates on when the release packages will be signed @rudy ?

  • ag_yaronag_yaron

    Team Member

    Yes, we already have some possible fixes on an internal build. The next version update of the CLI should contain a full fix!

  • @rudy

    The correct command for checking pkg signatures is pkgutil --check-signature ~/Downloads/op_darwin_amd64_v1.8.0.pkg

    This confirms the SHA-256 fingerprint for the package matches the fingerprint from the current AgileBits certificate. Providing this continues to be the case, can you confirm the package is safe to use and the issue lies with the installer and not the package itself?

    Thanks, Steve.

  • ag_yaronag_yaron

    Team Member

    That is correct @techotaku .
    You can use the package safely if you've downloaded it from links in our website.

  • @ag_yaron

    Great. Thank you.

  • rudyrudy

    Team Member

    @techotaku,

    The package had to be converted from a raw package to a distribution package, the next update should resolve that issue. It will be signed with the same signing certificate as previous CLI installer packages. Note that this certificate differs from the one used for 1Password for Mac.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file