Calling the CLI from a Go program

Quick update on this: we've now also released https://releases.1password.com/linux/8.10/. That means the fix is now available on all release channels.

Hey all!

Thanks for your patience. I'm checking back in to let you know that we released a new beta version of 1Password for Linux (https://releases.1password.com/linux/beta/#1password-for-linux-8.10.8-24) yesterday that should allow you to use the CLI from a program that itself is not owned by root. You can follow the instructions https://support.1password.com/betas/?linux to install a beta release of the app. The fix will also be included in the next minor stable release, which will be out in a few weeks.

Let me know if that fixes the problem for you.

Joris

Thank you everyone for digging into this and bringing this to our attention. Unfortunately we've got no updates to share at this point, but this is on our radar we'll make sure to let y'all know once this gets prioritised and eventually resolved. Thank you for your understanding!

Best,
Horia

Jack_P_1P This restriction causes problems for any integrations with 1Password when the use has GUI integration enabled. This has broken some of my integration, as well as community tooling such as kubectl-passman.

@smgt Your findings echo mine, I also found that unless the directory tree from the binary to the root directory is all owned by root it will fail. If any of the parent, grandparent etc directories are not root owned it will fail. I did my testing in /opt, /media and /home (below user specific directories).

After playing around a little more it seems to be certain criteria that needs to be fulfilled to make it work. You can not just run your Go program using go run main.go for example. The executable needs to be in some system executable dir like /usr/bin or /usr/local/bin. The executable needs to be owned by root, chown root:root exe and the permissions needs to be 755, chmod 755 exe. I haven't played around extensively with different users and permissions.
I've tried to run the exe from a path in my home dir (/home/$USER/bin) that's in the path $PATH but I don't seem to be able to run the exe in that dir and make it work even if the owner is root and permissions are 755 (rwxr-xr-x).

I'm planning to do the following to continue to develop the Go.

1. Disable "Connect with 1Password CLI"
2. Add a function to handle op signin session tokens
3. Develop
4. Test
5. During release move the compiled binary to /usr/bin and change user to root and permissions to 755
6. Enable "Connect with 1Password CLI"

I'm trying to build a CLI tool using go. Running into the same problems as mentioned above when "Connect with 1Password CLI" is enabled. I can get it to work if I use the regular session token.

Hi folks,

Sorry for the delay here. I don't have anything else to share just yet, but we are looking into solutions at this time.

Jack

@gunzy83 thanks so much for the details in your Feb 14th post. The op script workaround is a great find. Also, I agree with your sentiments that the binary permissions check seems more annoying than helpful and should be documented.

Jack_P_1P I don't suppose you have an update yet on this?

@asdfasdfasdfasdf the lookup plugin still does not support op v2: https://github.com/ansible-collections/community.general/issues/5303 so I think that is unrelated for now but once support is merged it will also be affected by this binary check issue if you are not using system python (owned by root).