Big Sur - No Lock Icon on 1Password CLI Installer

techotaku
techotaku
Community Member

Have done a clean install of macOS Big Sur. Downloaded the 1Password CLI installer (Darwin, build #1080001) from your official downloads page, but there's no lock icon in the top right corner of the installer window. Am wary of installing it as this document states: If you don’t see the lock icon, the package is unsigned, and you shouldn’t install it. Is this an issue with Big Sur or are you no longer signing the installer package?

Thanks in advance, Steve.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 11.0.1
Sync Type: Not Provided

Comments

  • artem1P
    edited December 2020

    Hi @techotaku, Thank you for bringing this to our attention!

    We have had similar reports regarding the signature verification process from other customers using Big Sur. We have started looking at this to see if a change in our signing process is necessary to fix the signature verification for users on Big Sur. We have not stopped signing the packages.

    I will get back to you with any additional information once we have something.

    -Artem

  • timfall
    timfall
    Community Member

    I have come across the same problem. Using the codesign utility to verify signing information indicates the CLI .pkg is not signed.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @timfall ,

    We are aware of the issue and are still working on fixing the signatures problem. Thanks for bringing it up!

  • timfall
    timfall
    Community Member

    Are there any updates on progress here? Thanks!

  • techotaku
    techotaku
    Community Member
    edited February 2021

    I second the comment from @timfall. I understand if it's not high on your agenda, but it's been 3 months since my initial post. At least an idea of when this is likely to be resolved – if at all – would be helpful.

    Thanks, Steve.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey guys,
    Thanks for checking in on this.

    I sent a query to the team about this to check where it is standing and if there's an estimated timeline for it. Hopefully we'll have some news for you soon.

  • @timfall,

    The correct command for checking pkg signatures is pkgutil --check-signature ~/Downloads/op_darwin_amd64_v1.8.0.pkg

  • timfall
    timfall
    Community Member
    edited February 2021

    That is another method yes. The first way also checks to make sure it was not simply signed incorrectly, as opposed to not at all. Are there any updates on when the release packages will be signed @rudy ?

  • ag_yaron
    ag_yaron
    1Password Alumni

    Yes, we already have some possible fixes on an internal build. The next version update of the CLI should contain a full fix!

  • techotaku
    techotaku
    Community Member

    @rudy

    The correct command for checking pkg signatures is pkgutil --check-signature ~/Downloads/op_darwin_amd64_v1.8.0.pkg

    This confirms the SHA-256 fingerprint for the package matches the fingerprint from the current AgileBits certificate. Providing this continues to be the case, can you confirm the package is safe to use and the issue lies with the installer and not the package itself?

    Thanks, Steve.

  • ag_yaron
    ag_yaron
    1Password Alumni

    That is correct @techotaku .
    You can use the package safely if you've downloaded it from links in our website.

  • techotaku
    techotaku
    Community Member

    @ag_yaron

    Great. Thank you.

  • @techotaku,

    The package had to be converted from a raw package to a distribution package, the next update should resolve that issue. It will be signed with the same signing certificate as previous CLI installer packages. Note that this certificate differs from the one used for 1Password for Mac.

This discussion has been closed.