Trying Opera's 'Reborn' build but 1P extension won't verify/enable

I'm trying out Opera's new 'Reborn' build: https://blogs.opera.com/desktop/2017/02/opera-44-developer-with-reborn/
Even though the 1Password extension installs it won't enable ("can't verify the identity of your web browser").


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @melvynadam: Unfortunately without some basic information you've left out of your post it's hard to say what might be going wrong and how we might right it! Please tell me the OS, 1Password, browser, and extension versions you're using, the exact steps you're taking, and what is (or is not) happening the way you expect so we can figure out the best plan of action:

    Find your version

    The more information you can give, the better. This could be a problem with the browser's signature or something we're testing recently in 1Password, but I'd just be guessing at this point. Thanks in advance! :)

  • melvynadam
    melvynadam
    Community Member

    @brenty, I doubt very much that my platform specifics actually make any difference - try installing that browser and then try installing the 1P plugin and you'll see the failure. Even though it's Opera, it's presenting with a different signature because it's a new fork of Opera.

    Regardless....

    • 1Password version: 6.8.Beta-3 (680003)
    • Extension version: The latest from the extensions page (also tried downloading the crx for a manual installation - same result)
    • OS version: macOS Sierra 10.12.4 (64-bit)
    • Sync type: Dropbox
    • Opera Version: 45.0
    • Browser identification: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.635
    • Shoe size: 9 (UK)
    • Height: 174cm
  • matthew_ag
    matthew_ag
    1Password Alumni

    Hey @melvynadam,

    Thanks for specifying all those details. Thanks for letting us know those details. The beta version of 1Password for Mac uses a new method of communication between the extension and the browser called Native Messaging which we are testing in beta at the moment. There are a number of known issues with this when used with Opera which we have solutions for in the Beta area of our Forum.

    Please check out the link to the solutions and hopefully that'll get Opera connected for you.

    We are still working out the details for how to ensure this is a smoother experience when released fully - thanks for taking part in the Beta! Let me know how that goes and if you've any questions about anything above don't hesitate to send a reply.

    Best regards,
    Matthew

  • melvynadam
    melvynadam
    Community Member

    I followed the instructions for Opera developer (at step #5 I used ~/Library/Application Support/com.operasoftware.OperaDeveloper/) but I'm sorry to report that they didn't work.

  • rudy
    edited May 2017

    @melvynadam,

    I would also double check the new section for Opera on https://discussions.agilebits.com/discussion/78553/if-you-see-a-code-signature-error-in-an-unsupported-browser-like-chrome-canary-opera-or-vivaldi#latest

    part of the install process they have corrupts the signature from the get go, and their live updates corrupt the signature even further.

    Rudy

  • melvynadam
    melvynadam
    Community Member

    @rudy Thanks for that - I had actually missed the second section of the instructions. So the problem turned out to be between the keyboard and my office chair ;)
    Happy to report that the 1P extension is now working. Hopefully the next Opera update won't kill it. I often try new browsers but usually end up back with Firefox so we'll see how long this experiment lasts.

  • beyer
    beyer
    1Password Alumni

    Hey @melvynadam,

    On behalf of @rudy, you're very welcome! I'm happy to hear everything is working. If you have any additional questions, please don't hesitate to let us know.

    Cheers,
    Andrew

  • melvynadam
    melvynadam
    Community Member

    Hi @beyer, sadly after the first reboot it no longer works and following the instructions again didn't resolve it.
    This build of Opera is perfect for me in nearly every way but I have to have a working 1Password plugin.

  • jxpx777
    jxpx777
    1Password Alumni

    @melvynadam Sorry you're still having trouble. We're working out the kinks on some code signature verification stuff in the 6.8 betas, so things may change as we move forward. What 1Password is looking at right now is that the files in the application bundle comport with the signature information that is provided alongside it. What I have seen from Opera is that the Installer creates an invalid application right away by the addition of a file called server_tracking_data. After updates, Opera also stores the previous version in a Versions subdirectory, which also invalidates the code signature.

    You can check the code signature yourself by opening Terminal and running the following command:

     codesign --verify --verbose /Applications/Opera.app
    

    (Replace /Applications/Opera.app with your particular Opera path if necessary.) My suspicion is that you'll have one or more files there that are causing the code signature not to be valid. If you remove them, it should pass. I have reported this situation to Opera but so far I haven't heard anything back. :frown:

    --
    Jamie Phelps
    Code Wrangler @ AgileBits
    Fort Worth, Texas

  • melvynadam
    melvynadam
    Community Member

    Thanks @jxpx777

    I ran the command and this is what was returned:

    /Applications/Opera.app: a sealed resource is missing or invalid
    file added:
    

    And then 206 files are listed with that "file added:" note.

    After restarting Opera I got the warning once again and the plugin still doesn't work.

  • jxpx777
    jxpx777
    1Password Alumni

    That pretty much matches what I was expecting. The system is checking the files that are in the Opera.app bundle and performing a bunch of fancy math on them and then comparing the result of that fancy math to the code signature information that is provided in Opera.app/Contents/_CodeSignature/CodeResources. When it finds any files that it doesn't expect or the result of the fancy math for some of the files doesn't match what is specified in the code signature information, then it will report that the code signature is invalid. When 1Password checks the code signature, it is trying to determine if it is safe to allow this browser claiming to be Opera to connect and communicate with 1Password. The code signature checks merely return a thumbs up or thumbs down as to whether what's on disk matches the information in the code signature data and if it's a thumbs down, then 1Password rejects the connection out of an abundance of caution. All that being said, there are some different constraints we can place on the code signature checking and we're experimenting with some options to give the best balance of security and stability. Stay tuned, but for now, you'll need to remove those added files from the Opera.app bundle to restore order.

  • melvynadam
    melvynadam
    Community Member

    @jxpx777, just to be clear: you're saying that to get the 1P extension working I need to delete 206 files from within the app bundle?

    Even in my most gung-ho, late night experimentation moments that feels like an extreme step!

  • melvynadam
    melvynadam
    Community Member
    edited May 2017

    I've deleted the 200+ files.

    This was the result now:

    codesign --verify --verbose /Applications/Opera.app
    /Applications/Opera.app: valid on disk
    /Applications/Opera.app: satisfies its Designated Requirement
    

    When I restarted Opera there were no warnings and the 1P extension worked! Hoping this time it'll last. Thanks for your help.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2017

    @jxpx777, just to be clear: you're saying that to get the 1P extension working I need to delete 206 files from within the app bundle? Even in my most gung-ho, late night experimentation moments that feels like an extreme step!

    @melvynadam: Yep. I agree, that definitely is a bit onerous. But it's really important that 1Password verifies what it's communicating with before sending our sensitive data, and unfortunately Opera including all of this cruft makes that impossible, as it invalidates their own code signature which we're trying to verify. :(

    I've deleted the 200+ files. This was the result now:
    codesign --verify --verbose /Applications/Opera.app
    /Applications/Opera.app: valid on disk
    /Applications/Opera.app: satisfies its Designated Requirement
    When I restarted Opera there were no warnings and the 1P extension worked! Hoping this time it'll last. Thanks for your help.

    Awesome! Glad to hear that did the trick for you. We'll continue to work to see what can be done to make things easier here. Thanks so much for your feedback on this! :)

This discussion has been closed.