Problems with Keyring for 1Password Extension

Had problems with both the 1.24.1 and 1.25.4 versions of the 1Password extension.

I double checked that the native messaging JSON was in place and tried running Firefox:

Initializing 1Password...
crypto tests: 76ms - timer ended
WASM: Initializing.  Log Level: Info
💫 Looking for desktop app com.1password.1password
📤 Sending <NmRequestAccounts> message to native core <3289858260>
Received <AppQuit> from the native core
💫 Looking for desktop app com.1password.1password7
📤 Sending <NmRequestAccounts> message to native core <864904298>
Desktop app port disconnected. Error: None
Finished initializing beta 1Password 1.25.4 in firefox (20151)

Also observed these errors in 1Password:

WARN  --- tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-linux/src/kernel_keyring.rs:684] failed to initialize keyring helper, its functionality will be unavailable: Io(Io { kind: UnexpectedEof, inner: "<redacted>" })
ERROR --- tokio-runtime-worker(ThreadId(8)) [1P:native-messaging/op-native-core-integration/src/connection_handler.rs:47] <redacted>: Linux(KeyNotFound)

Checking journalctl didn't mention any other errors.

People mentioned issues with permissions but these seem okay:

-rwsr-sr-x 1 root onepassword   3502128 Apr 19 20:55 1Password-KeyringHelper
-rwxr-xr-x 1 root root          9339016 Apr 19 20:55 1Password-BrowserSupport
-rwxr-xr-x 1 root root        136619144 Apr 19 20:57 1password

Running a fairly minimal install of Ubuntu Mate with ZFS-on-root.

1Password: 8.0.33-39.BETA
Extension: 1.25.4 BETA & 1.24.1
OS: Ubuntu Mate, 21.04


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Dayton_agDayton_ag

    Team Member
    edited April 26

    Hi @jarrodsfarrell, thanks for writing in, and including the logs!

    I'd like to grab one more from you - KeyringHelper logs, which are found at .config/1password/logs/BrowserSupport/KeyringHelper/. Could you zip up the contents of that folder and send it in an email to [email protected]? Please include my name in the Subject line in your email.

    After you write in, you should receive a Conversation ID that looks like this: [#ABC-12345-678]. Please paste that here, and I'll use it to track your email down from my end.

    Thanks, I'm looking forward to getting this sorted for you! :smile:

  • Additional information lost in submission:

    The weird part is that it works sometimes and without reason. For a moment the communication worked when I first installed 1Password and got the extension up, but after that it's seemingly random when it suddenly wants to work. Recently I haven't seen it work for a good while.

    It does seem to work in regular Ubuntu with Gnome but due to me accidenting my install, I'm on Mate.

  • Dayton_agDayton_ag

    Team Member

    @jarrodsfarrell Ah, thanks for that additional information! When working on Ubuntu with Gnome the problem does not exist, but now on Mate the problem surfaces spontaneously?

    due to me accidenting my install, I'm on Mate.

    To confirm my understanding, were you running Gnome on this device, but experienced a device error and have now moved to Mate?

  • @Dayton_ag

    Guh. I just remembered a crucial detail and you're gonna hate me for it because I just now tested it.

    Because having three different computers to set up 1Password, two accounts for personal and work, and occasional system failures are part of my life, I went with the very cheeky approach of just copying configs around which makes 1Password happy enough to work with it, however it does seem like it causes some unexpected behavior with the extension-1Password communication and breaks the whole thing which I failed to find the link to.

    So moving the configs to a different directory and starting 1Password as if it was fresh gets it to communicate with the browser now. So that explains so much.

    Perhaps copying didn't set the permissions correctly and 1Password wasn't expecting the user to do what I did and failed.

    Oh and the keyring helper logs, the old configs had the same line in all 19 files

    ERROR 2021-04-25T01:51:26.793 main(ThreadId(1)) [1P:foundation/op-linux/src/bin/keyring_helper.rs:178] error running helper: Keyring(KeyringError(Os { code: 13, kind: PermissionDenied, message: "Permission denied" }))
    

    So this whole thing is self-inflicted because I expected copied configs to Just Work™ and I now know what I need to do for my other machines for them to work properly.

  • By the way, if you want to recreate it, the approach I do is obtain a copy of my 1Password somewhere and this is typically inside a tar file or directly from the filesystem itself before I either install 1Password or start it for the first time.

  • Bluh. A copy of my 1Password config.

    I'm tired in both mind and soul at the moment.

  • Dayton_agDayton_ag

    Team Member

    Hey @jarrodsfarrel, AH! That's excellent, I'm so glad that we've sorted out what's going on here. :smile: It's no problem at all - I'm just glad to know that browser integration is running smoothly for you now.

    I can definitely sympathize with the intent here - signing in on multiple devices does take some time, especially with the Secret Key - it's random and lengthy for the sake of security, but it does add to the complexity of signing in on new devices. We're always on the lookout for ways to make the sign-in process easier without sacrificing security.

    One suggestion I would make is to keep a copy of your Emergency Kit accessible - this would allow you to quickly reference it, and even copy/paste the sign-in credentials into the manual sign-in fields of 1Password for Linux. We suggest keeping a copy of the Emergency Kit in your cloud storage service of choice, which can make it easy to grab the Emergency Kit on a new device.

    Thanks again for bringing this to our attention! :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file