I'm working on a Go program and I want to call op
, using the PolKit/app integration so a dialog appears prompting the user to type in their password. This works when I run op
directly from my shell, but it does not work when I exec op
from my Go program. So far what I have is effectively exec.Command("/usr/local/bin/op", ...).Output()
. However, that is failing with [ERROR] 2022/12/05 14:23:19 error initializing client: connecting to desktop app: read: connection reset, make sure the CLI is correctly installed and Connect with 1Password CLI is enabled in the 1Password app
. All --debug
does is add DEBUG | NM request: NmRequestAccounts
.
1Password Version: CLI 2.7.3, desktop 8.9
Extension Version: 2.3.8
OS Version: Gentoo Linux
Browser:_ Firefox
Comments
I figured it out. Both the executable that calls
op
and the directory that executable is in must be owned by root.Team Member
Hi @firelizzard:
Thanks for reaching out about this. This is something we're aware of, and I've added you as affected to our internal tracking issue.
Jack
ref: dev/core/core#18349
@Jack.P_1P, thanks for the update. I have a workaround (chmod root:root) but the behavior is odd and it does make it considerably harder to use a debugger on my executable. I tried to reproduce it with a test executable in place of
op
but I could not replicate the owner-dependent behavior. I tried runningop
withstrace
, but that gave me the same error. I read that ptrace no longer respects setuid/setgid bits because of potential vulnerabilities, but I expected to see a failed setgid syscall, which I did not see. So I guessop
is using the effective GID or doing some other magic.Team Member
You're very welcome.
Any resolution to this? I'm having the same problem trying to call
op
from a Python script.Additionally, setting the python binary and it's directory to be owned by root did not resolve my issues.
Logs. First one shows successful signin from bash CLI. Second one shows attempt from Python using it's subprocess module.
I'd add this to my past comment but it is apparently being moderated: