Can not connect to desktop app

vadviktor

Hey, I can't find anyone having this issue reported so sorry if there is already one, please point me to it.

So I installed the v2 CLI on Linux Mint and it works perfectly. However, I'm installing it on Manjaro with https://aur.archlinux.org/packages/1password-cli and it does not work out of the box.

$ op vault ls --debug
[ERROR] 2022/03/18 19:42:04 connecting to desktop app: read: connection reset, make sure the CLI iscorrectly installed and CLI Biometric Unlock is enabled in the 1Password app

In the error logs:

ERROR 2022-03-18T19:42:04.651 tokio-runtime-worker(ThreadId(3)) [1P:op-ipc/src/ipc/unix.rs:379] peer was not in the correct application group, rejecting remote
INFO  2022-03-18T19:42:04.651 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:305] Extension connecting.
ERROR 2022-03-18T19:42:04.651 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:477] Failed to accept new connection.: PipeAuthError(NoCreds)

I have tried to add the cli, gui executables and my user to the onepassword-cli group as per https://developer.1password.com/docs/cli/get-started/#sign-in, no luck. The biometric unlock works (my user's password can unlock it).

Could you help me debug what else either that AUR package is missing to setup or me missing to change in my system, please? Thanks!

---

1Password Version: 8.6.0
Extension Version: Not Provided
OS Version: Manjaro
Referrer: forum-search:arch

Joris_1P

Edit: I was just able to reproduce the problem. I'll do some testing to see what is going on.

Hi!

Thank you for reaching out. It does indeed look like something is going wrong. We can try a few things to see what is going on here.

First of all, could you update the AUR package? I just checked the latest version, and it seems to work all right, but some of the earlier releases for 2.0.0 were missing some install steps.

If that does not solve it, could you share the output of the following command?

ls -l $(which op)

That should give us an idea of whether the CLI is correctly installed.

Also, I would recommend to remove any users that were added to the onepassword-cli group. The security of biometric unlock relies on no users belonging to that group.

Joris

slurpee

Hey @vadviktor! I'm the packager for the 1password-cli package on the AUR. This issue should be resolved with the 2.0.0-4 package version pushed a few minutes ago. Please give it a shot!

For your reference @Joris_1P, I used systemd-sysusers initially to create the required onepassword-cli group. Group creation along with the setgid bit were taken care of in the post-install. When run, op did not inherit the gid of the onepassword-cli group (systemd used a gid under 1000, ~950), but instead ran as my user, 1001. As a test, I manually edited /etc/group to bump the gid above 1000 to 1003 and ran a op item get - no errors and Polkit popped up a dialog to unlock 1password with my system password, exactly as expected.

I was also able to reproduce this by changing the gid of onepassword-cli back below 1000, the gid did not inherit and the same error was emitted.

I hope this helps you all!

Joris_1P

This is amazing! I was just debugging the issue and also found the GID being lower than 1000 as the problem. Only to be somewhat confused that I could not reproduce the problem after reinstalling. The following line in the AUR commit history made me smile:

Thanks for fixing this so quickly, @slurpee!

@vadviktor, as @slurpee suggested, you can manually edit /etc/group and change the ID of the onepassword-cli group. Or you can remove and reinstall the AUR package. That should also work.

vadviktor

Many thanks @slurpee and @Joris_1P for your efforts. I can confirm that the package is fixed and the CLI app works correctly. You can close this thread :)

Horia.Culea_1P

Glad this got sorted out! Let us know if we can help with anything else!