BUG: "Auto upgrade" OPVault format, now sync doesn't work
I just found out that 1Password 6.2.1 "helpfully" upgraded me to OPVault format, without asking for permission or even giving a warning.
Now Dropbox sync to Android and iOS is broken.
Even worse, Android doesn't even support OPVault, and I can't find any way to switch back.
What kind of lunacy is this?????????????????
1Password Version: 6.2.1
Extension Version: Not Provided
OS Version: OS X 10.11.4
Sync Type: Dropbox
Comments
-
Hello @sandymc,
In 1Password 6 we did change the default format from Agile Keychain to OPVault but we decided not to try and automate anything for existing vaults, basically we didn't think we could do a robust enough approach that there wouldn't be significant issues. Instead we left it to the user and if they wanted to swap from using an existing Agile Keychain to the newer OPVault we could show them how.
Any attempts to create a new sync container would, by default, be created using the newer OPVault container.
We are currently working on OPVault support in 1Password for Android and it's in the beta as we speak. Obviously we're hoping everything goes well but it is a beta.
The other option is to change the default back to the Agile Keychain and you can do this by way of the menu option Help > Tools > Enable OPVault for Dropbox and Folder sync. The option will be currently enabled and you can disable by clicking on it. Just as we didn't automate replacing Agile Keychains with OPVault containers this won't touch any existing OPVaults in use. Where a vault is being synced to an OPVault container you will need to disable sync and delete the OPVault container (there's a checkbox in the confirm window to help do this). When you set up Dropbox sync again it will offer to create an Agile Keychain instead.
Does this help at all?
0 -
Well, I have bad news for you. You might not have intended to automate a changeover to the new format, but you did. Like I said above, the format of my vault was changed WITHOUT any action on my part, or any warning. I only found out when my iPad stopped syncing.
As regards the change back procedure above, sadly, that doesn't work. (a) it puts the keychain in a different location, not the location it was in, so sync still doesn't work. (b) Even I fix the location problem, on my iPad I now get offered only the option of merging two vaults, one of which is now out of date. There is no "use the latest vault" option. Which is obviously what's required.
For an app that's supposed to be looking after important, sensitive data, this is ridiculous.
0 -
Hello @sandymc,
To revert to the Agile Keychain you will have to manually set up sync again on the iPad and yes, it will say you need to merge. Once the sync container any copy of 1Password was syncing to disappears, for any reason, syncing is disabled and must be manually re-enabled. Restoring a backup will also cause 1Password to disable sync, purposely so.
If you want to have 1Password for iOS essentially overwrite everything in the vault with what is in the new Agile Keychain then it is possible but only by following the steps in our How do I start over with an empty vault? guide and then Existing 1Password user (iOS). What I will say though is given the two copies of 1Password were in sync merging the now out of date vault on your iPad with the up to date vault in Agile Keychain should have no issues. Merging is most problematic when you are merging two completely different vaults. For example, if you have two vaults and you manually create a Login item for site X in both the two Login items might look the same but they have different Universally Unique IDs (UUIDs) and are treated as completely different items.
Now what can you expect to find in your merged vault?
We adopt a conservative approach. We will only merge items from two vaults if they have the same Universally Unique ID (UUID). If they don't we treat the as individual items. They can share the same title, username and password but unless the UUIDs match they're treated as separate items. In these instances you will see duplicates requiring you to manually remove one. When you do this I would recommend ensuring you don't have any unique information held only in one copy. If an item in each vault has the same UUID we will merge the two. Where the data is the same in both it's easy, there is nothing to do. When there is different data in each we will keep one set of the data where it normally resides and place the other set in a custom section titled Conflicts. This way we don't risk throwing anything important away and instead leave it to the user to ensure the good data is kept and the now obsolete data is removed.
What you see to be describing though is a vault where you're only changing items on your Mac given you want to throw away everything in 1Password for iOS. In this case all the updates in the Agile Keychain should simply be applied in a single block as each item will have a newer timestamp there than in 1Password for iOS.
As it stands you can decide to go down the more cautious route and start over but based on your description I would say this is likely overkill here.
Now you may decide to never believe me but 1Password does not have any code that takes an actively syncing vault and moves it from using an Agile Keychain to OPVault container. As I said before, any attempts to set up a new sync would use the OPVault format as of 1Password 6 but before this could happen sync must be disabled. We have a page on doing so which can be found at How to switch to the OPVault format from Agile Keychain and as you can see it requires disabling and deleting, none of it is automated.
- Disabling and re-enabling sync would cause 1Password to create an OPVault unless pointed directly at an existing Agile Keychain when it would instead try to merge.
- Restoring a backup would disable sync as a precaution. If whatever caused you to restore a backup had made its way to the sync container the last thing you want as a user is a vicious cycle where you restore the backup and then 1Password syncs and returns you to the state that caused you to restore a backup.
- Deletion of the sync container from the file system. When 1Password sees that it is missing it disables sync. Creating a new sync container of the same format won't cause 1Password to start using it, it knows it is a different container and won't proceed without specific authorisation from the user.
0 -
I think the problem here is that you seem to be having trouble believing that 1Password has a serious bug.
In detail, what occurred was the following:
- I noticed that 1Password was no longer syncing. I don't have any way of knowing when that started.
- When I went into 1Password for Mac, syncing had, for some reason, switched itself off. I had not made any changes to 1Password's configuration.
- I re-enabled sync. Based on what you say in your response, it was probably at this point that 1Password converted my file format.
- Sync then failed, as described above.
The issue here is that (and I think this is obvious) if 1Password is configured to sync using the old format, 1Password should respect that setting until told otherwise. AKA, if there is an existing "old format" sync setup, 1Password should at least be smart enough to DISABLE "Enable OPVault for Dropbox and Folder sync". In my view, that's serious bug.
0 -
Greetings @sandymc,
It is unlikely we will ever learn why 1Password for Mac stopped syncing in your case. Reasons I know of I detailed above which include:
- Sync being manually disabled.
- The sync container referenced by sync being deleted or moved.
Could there be a bug where sync is spontaneously disconnected? It's possible because you can almost guarantee that nobody would notice when it happened, it could easily be days, weeks or maybe even months before it was realised. What I will say is we don't see a steady stream of people reporting that sync mysteriously disabled itself, most sync issues are when sync isn't happening but is enabled and may require replacing the sync container.
What happened afterwards is exactly how AgileBits wanted 1Password to work. There was a user action to create a new sync container and it used the default format which was changed to OPVault in 1Password 6 for Mac. You can view it as a serious bug but it isn't, it's 1Password working as intended. I understand that you're not happy but it won't be classified as a bug. The whole purpose behind changing the default is to move people away from the older format but if needed 1Password can be instructed to use the old one.
When sync is disabled, regardless of the reason, any information about how it was syncing is purposely thrown away so that amy further attempt is treated as a brand new sync attempt. It's for reasons of data safety as there is no way to know what 1Password is being linked to. It may be another sync container for the very same vault, the user may be wanting to merge two very different vaults or circumstances in between.
As a user of 1Password for Android I apologise for the confusion caused by changing the default container format. I can see how that is an inconvenience in terms of the period of time before realising 1Password for Android can't read and write to an OPVault container (yet) and then having to jump through the hoops of setting everything up again. We won't be changing the default back to Agile Keychain though and I honesty don't see us altering any of the current sync behaviour as it's all about being conservative. If the sync container disappears we disable sync and we won't just attempt to connect to a new sync container if present, it's far safer (even if frustrating) to ensure the user explicitly sets up sync again so they know.
0 -
I can understand setting the default for new files to the new format.
But as I said, it seems obvious to me that if there is an existing sync set up, then the default should be to preserve the existing format. This not hard - < if existing_sync && format == old then Enable_OPVault_for_Dropbox_and_Folder_sync = NO >
If that's not obvious to AgileBits, then I guess we'll just have to agree to differ about how software should be written.
0 -
Hi @sandymc ,
I am one of the developers of 1Password for Mac. The software is designed to leave existing sync setups alone. As littlebobbytables mentioned, it should only happen if the the vault file on Dropbox is moved, or if the customer manually turns off sync and sets it back up again.
But it certainly doesn't sound like either of those two things happened, so it sounds like there could be bug. I'm truly sorry for that. I would like to look into this. If you wish to assist us, I'd like to ask you to create some Diagnostics Reports, one from each of your devices:
Attach the Diagnostics Report(s) to an email message addressed to support+forum@agilebits.com. Also, please let us know (as accurately as you can remember) the date/time that you noticed sync stopped working on your iPad.
Please do not post your Diagnostics Report(s) in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report(s) in our inbox.
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can track down the report(s) quickly. :)
Once we see the report, I'm hoping it can tell us what went wrong. Thanks very much!
Regards,
Kevin0 -
Thank you for taking a look at this.
I have done as you asked; the Support ID number is: #XJD-71583-665
0