CLI v2 not connecting to Desktop App (Sandbox issue?)
CLI v2 always returns:
●» op account list --debug [ERROR] 2022/03/22 15:29:28 connecting to desktop app: connecting to desktop app timed out, make sure it is installed, running and CLI integration is enabled
Looking in console, it appears to be a sandbox issue:
Sandbox: 1Password Browse(43514) deny(1) file-read-data /usr/local/bin
Violation: deny(1) file-read-data /usr/local/bin
Process: 1Password Browse [43514]
Path: /Applications/1Password.app/Contents/Library/LoginItems/1Password Browser Helper.app/Contents/MacOS/1Password Browser Helper
Load Address: 0x102f00000
Identifier: 2BUA8C4S2C.com.1password.browser-helper
Version: 80700012 (8.7.0)
Code Type: arm64 (Native)
Parent Process: launchd [1]
Responsible: /Applications/1Password.app/Contents/Library/LoginItems/1Password Browser Helper.app/Contents/MacOS/1Password Browser Helper
User ID: 501
Date/Time: 2022-03-22 15:29:27.043 MDT
OS Version: macOS 12.2.1 (21D62)
Release Type: User
Report Version: 8
MetaData: {"vnode-type":"DIRECTORY","platform-binary":false,"target":"\/usr\/local\/bin","pid":43514,"build":"macOS 12.2.1 (21D62)","primary-filter-value":"\/usr\/local\/bin","platform-policy":false,"matched-extension":false,"profile-in-collection":false,"apple-internal":false,"platform_binary":"no","signing-id":"2BUA8C4S2C.com.1password.browser-helper","path":"\/usr\/local\/bin","hardware":"J316c","binary-in-trust-cache":false,"normalized_target":["usr","local","bin"],"primary-filter":"path","flags":5,"uid":501,"errno":1,"summary":"deny(1) file-read-data \/usr\/local\/bin","matched-user-intent-extension":false,"hardlinked":false,"operation":"file-read-data","file-flags":0,"action":"deny","team-id":"2BUA8C4S2C","process-path":"\/Applications\/1Password.app\/Contents\/Library\/LoginItems\/1Password Browser Helper.app\/Contents\/MacOS\/1Password Browser Helper","file-mode":493,"policy-description":"Sandbox","profile-flags":0,"mount-flags":76583040,"container":"\/Users\/tresni\/Library\/Containers\/2BUA8C4S2C.com.1password.browser-helper\/Data","responsible-process-path":"\/Applications\/1Password.app\/Contents\/Library\/LoginItems\/1Password Browser Helper.app\/Contents\/MacOS\/1Password Browser Helper","rdev":0,"process":"1Password Browse","release-type":"User"}
Thread 0 (id: 4853433):
0 libsystem_kernel.dylib 0x00000001850a1954 mach_msg_trap + 8
1 CoreFoundation 0x00000001851a8ed8 __CFRunLoopServiceMachPort + 372
2 CoreFoundation 0x00000001851a7390 __CFRunLoopRun + 1212
3 CoreFoundation 0x00000001851a6734 CFRunLoopRunSpecific + 600
4 HIToolbox 0x000000018dd3ef68 RunCurrentEventLoopInMode + 292
5 HIToolbox 0x000000018dd3ecdc ReceiveNextEventCommon + 552
6 HIToolbox 0x000000018dd3ea9c _BlockUntilNextEventMatchingListInModeWithFilter + 72
7 AppKit 0x0000000187cfd000 _DPSNextEvent + 844
8 AppKit 0x0000000187cfb8a4 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1332
9 AppKit 0x0000000187ced9b4 -[NSApplication run] + 596
10 AppKit 0x0000000187cbf088 NSApplicationMain + 1064
11 1Password Browser Helper 0x00000001030abff8
12 dyld 0x00000001039f50f4 start + 520
Thread 1 (id: 4853502, com.apple.NSEventThread):
0 libsystem_kernel.dylib 0x00000001850a1954 mach_msg_trap + 8
1 CoreFoundation 0x00000001851a8ed8 __CFRunLoopServiceMachPort + 372
2 CoreFoundation 0x00000001851a7390 __CFRunLoopRun + 1212
3 CoreFoundation 0x00000001851a6734 CFRunLoopRunSpecific + 600
4 AppKit 0x0000000187e69fb0 _NSEventThread + 196
5 libsystem_pthread.dylib 0x00000001850dd240 _pthread_start + 148
6 libsystem_pthread.dylib 0x00000001850d8024 thread_start + 8
Thread 2 (id: 4856950):
0 libsystem_kernel.dylib 0x00000001850a2564 __open_nocancel + 8
1 libsystem_c.dylib 0x0000000184ff2dfc __opendir2 + 56
2 CoreFoundation 0x000000018513d008 _CFIterateDirectory + 88
3 CoreFoundation 0x000000018513c7ec _CFBundleGetBundleVersionForURL + 416
4 CoreFoundation 0x000000018524bd24 _CFBundleCreate + 508
5 CoreFoundation 0x0000000185214074 _CFBundleCreateWithExecutableURLIfLooksLikeBundle + 100
6 CoreFoundation 0x0000000185213fc4 _CFBundleCreateWithExecutableURLIfMightBeBundle + 20
7 Security 0x00000001873ae7f4 Security::CodeSigning::KernelCode::identifyGuest(Security::CodeSigning::SecCode*, __CFData const**) + 544
8 Security 0x0000000187385b1c Security::CodeSigning::SecCode::identify() + 96
9 Security 0x000000018738639c Security::CodeSigning::SecCode::autoLocateGuest(__CFDictionary const*, unsigned int) + 188
10 Security 0x000000018738cdf4 SecCodeCopyGuestWithAttributes + 144
11 1Password Browser Helper 0x00000001033c4278
12 1Password Browser Helper 0x00000001033c3f70
13 1Password Browser Helper 0x00000001033ca524
14 1Password Browser Helper 0x00000001033c66bc
15 Foundation 0x00000001860fee18 service_connection_handler_make_connection + 180
16 libxpc.dylib 0x0000000184e301d8 _xpc_connection_call_event_handler + 176
17 libxpc.dylib 0x0000000184e2eef8 _xpc_connection_mach_event + 2136
18 libdispatch.dylib 0x0000000184f1ec6c _dispatch_client_callout4 + 20
19 libdispatch.dylib 0x0000000184f3af68 _dispatch_mach_msg_invoke + 476
20 libdispatch.dylib 0x0000000184f26208 _dispatch_lane_serial_drain + 376
21 libdispatch.dylib 0x0000000184f3bcb8 _dispatch_mach_invoke + 456
22 libdispatch.dylib 0x0000000184f26208 _dispatch_lane_serial_drain + 376
23 libdispatch.dylib 0x0000000184f26ed8 _dispatch_lane_invoke + 444
24 libdispatch.dylib 0x0000000184f31708 _dispatch_workloop_worker_thread + 656
25 libsystem_pthread.dylib 0x00000001850d9304 _pthread_wqthread + 288
26 libsystem_pthread.dylib 0x00000001850d8018 start_wqthread + 8
Binary Images:
0x102f00000 - 0x103617ffb 2BUA8C4S2C.com.1password.browser-helper (8.7.0 - 80700012) <5cf64946-8ef9-3774-96f6-6fb785ecf9ed> /Applications/1Password.app/Contents/Library/LoginItems/1Password Browser Helper.app/Contents/MacOS/1Password Browser Helper
0x1039f0000 - 0x103a4cbb7 dyld (941.5) <d21a73ea-79cd-36eb-8ac9-2c5cf5181a27> /usr/lib/dyld
0x184e22000 - 0x184e5bff7 libxpc.dylib (2235.80.3) <fd3e0e8d-4618-3ce5-a24a-5639be86b979> /usr/lib/system/libxpc.dylib
0x184f1b000 - 0x184f61ff7 libdispatch.dylib (1324.60.3) <93e1dcfc-ef56-3113-8e7c-1ba85266a93b> /usr/lib/system/libdispatch.dylib
0x184fa1000 - 0x185021fff libsystem_c.dylib (1506.40.4) <0dbc8b95-0037-3725-a769-0c772c293488> /usr/lib/system/libsystem_c.dylib
0x1850a0000 - 0x1850d5fef libsystem_kernel.dylib (8019.80.24) <384945e6-dd71-37e5-9a3d-84fff14a1e60> /usr/lib/system/libsystem_kernel.dylib
0x1850d6000 - 0x1850e2ff3 libsystem_pthread.dylib (485.60.2) <f7b2eccf-e6f1-3109-ae81-9028c0b8332a> /usr/lib/system/libsystem_pthread.dylib
0x185124000 - 0x185667ff4 com.apple.CoreFoundation (6.9 - 1856.107) <35473de6-c433-332c-aee0-013fd5f6d4fd> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x186018000 - 0x186405ff5 com.apple.Foundation (6.9 - 1856.107) <f3ab29ba-726d-3d0b-8125-ceb1a79cd832> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x1871d9000 - 0x18755bff7 com.apple.security (7.0 - 60157.80.4) <4b44458a-c9ec-3d80-afc4-6e6e2c1a8da4> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x187cbb000 - 0x188b71ffa com.apple.AppKit (6.9 - 2113.30.116) <8701760d-31b6-37eb-be77-ffb39921dd22> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x18dd0c000 - 0x18e03bff0 com.apple.HIToolbox (2.1.1) <b5a3fe9a-833b-3697-ac9c-1e9e8eb11bac> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
I've tried granting full disk access to 1Password Browser Helper and 1Password itself, no dice.
1Password Version: 8.7.0
Extension Version: 2.0.0
OS Version: macOS 12.2.1
0
Comments
-
Hey!
I am sorry for the late reply. That looks really a curious problem. I agree with your assessment that this is caused by the sandbox. The reason why this can happen, is because the 1Password Browser Helper reads the CLI's executable when it verifies its code-signing signature. However, it is not immediately clear why this fails on your system.
In case you are still having this issue, could you maybe share the output of the following commands to get an idea of the origin of this problem?
which op codesign -dvv --entitlements - /Applications/1Password.app/Contents/Library/LoginItems/1Password\ Browser\ Helper.app ls -dl /usr/local/bin/ ls -l /usr/local/bin/op
Looking forward to the results of those commands.
Joris
0 -
Hi, I just experienced the same thing.
% which op /usr/local/bin/op % codesign -dvv --entitlements - /Applications/1Password.app/Contents/Library/LoginItems/1Password\ Browser\ Helper.app Executable=/Applications/1Password.app/Contents/Library/LoginItems/1Password Browser Helper.app/Contents/MacOS/1Password Browser Helper Identifier=2BUA8C4S2C.com.1password.browser-helper Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=69747 flags=0x10000(runtime) hashes=2168+7 location=embedded Signature size=8978 Authority=Developer ID Application: AgileBits Inc. (2BUA8C4S2C) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Mar 21, 2022 at 1:00:45 PM Info.plist entries=24 TeamIdentifier=2BUA8C4S2C Runtime Version=12.1.0 Sealed Resources version=2 rules=13 files=3 Internal requirements count=1 size=200 [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 2BUA8C4S2C.com.1password [Key] com.apple.security.temporary-exception.files.absolute-path.read-only [Value] [Array] [String] /usr/local/bin/op % ls -dl /usr/local/bin/ 0 drwxrwxr-x 1308 gnachman admin 41856 Apr 4 15:05 /usr/local/bin// % ls -l /usr/local/bin/op 53992 -rwxr-xr-x 1 root wheel 27642448 Mar 10 14:20 /usr/local/bin/op*Console message (too big to paste her):
0 -
Thank you for sharing that. That all looks like what I'd expect.
From the logs you both seem to be running arm64 macOS. So I've asked a colleague with an M1, but unfortunately, he cannot reproduce the issue.
There are a few other things we can try:
- Try restarting your system
- Try updating macOS to version 12.3 (if you're still on 12.2.1)
- Could you share the diagnostics file of the 1Password app by following the steps below?
Sending 1Password diagnostics file
1. Open and unlock 1Password.
2. Press CMD + Comma, then click Advanced.
3. Click Send Diagnostics.
4. Click Reveal.
5. Attach the .1pdiagnostics file to your reply to your reply.Joris
0 -
I was having the same problem, and then realised that my homebrew bin dir was in the (new default) location of
/opt/homebrew/binand that/usr/local/binwas symlinked to it (not sure currently if that was done by me or by homebrew on its original installation).Having already got my default path to look at
/opt/homebrew/binas well, I uninstalled the 1Password CLI, removed the/usr/local/binsymlink and then reinstalled 1Password CLI (using homebrew as per docs).That got
opworking.0
This discussion has been closed.