Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
User Profile
Sn0wCrack
New Contributor
Joined 4 years ago
User Widgets
Contributions
Re: Flatpak Browser and Native Desktop App
This is probably the best I've seen the script is fully automated and works on both Firefox and Chrome browsers under Flatpak. The extension whitelist is a requirement essentially of a custom native messaging file, and there's not really a need to modify that list unless 1Passwors publishes a new extension. Hopefully this shouldn't be needed in the near future anyways as a major focus of the next xdg-desktop-portal release does appear to be native messaging and there's a lot of movement around a new PR for it's implementation.142Views1like0CommentsRe: Flatpak Browser and Native Desktop App
I've attempted with the Flatpak version of 1Password and unfortunately seems like a no-go due to 1Password's security. The further I got was adaptting the KeePassXC script: ``` !/bin/bash Adapted from: https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766 APP_REF="com.onepassword.OnePassword/x86_64/stable" for inst in "${HOME}/.local/share/flatpak" "/var/lib/flatpak"; do if [ -d "${inst}/app/${APP_REF}" ]; then FLATPAK_INST="${inst}" break fi done [ -z "${FLATPAK_INST}" ] && exit 1 APP_PATH="${FLATPAK_INST}/app/${APP_REF}/active" RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "${APP_PATH}/metadata") RUNTIME_PATH="${FLATPAK_INST}/runtime/${RUNTIME_REF}/active" exec flatpak-spawn \ --env=LD_LIBRARY_PATH="/app/lib:${APP_PATH}" \ --app-path="${APP_PATH}/files" \ --usr-path="${RUNTIME_PATH}/files" \ -- /app/1Password/1Password-BrowserSupport "$@" ``` This will execute the Browser Support application, but it bails out due to not running under the correct libc, I imagine it detects the fact the load path has changed and nopes out. Error for reference is: process detected it was running without libc's security, aborting10Views2likes0CommentsFlatpak Browser and Native Desktop App
Thought I would share this as I've managed to get the native desktop app working with my flatpak installation of Firefox. I'm on Arch and using the version of 1Password from the AUR and the standard flatpak version of Firefox from flathub. Add permissions to Firefox Flatpak via Flatseal: Session Bus Talks: org.freedesktop.Flatpak As root, create /etc/1password folder if it does not exist As root, create /etc/1password/custom_allowed_browsers file if it does not exist As root, edit /etc/1password/custom_allowed_browsers file and set content to: flatpak-session-helper As user, create ~/.var/app/org.mozilla.firefox/data/bin folder if it does not exist As user, create ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh file if it does not exist As user, edit ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh and set content to: ``` #!/bin/bash flatpak-spawn --host /opt/1Password/1Password-BrowserSupport "$@" - As user, mark ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh as executable via `chmod +x ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh` - As user, create ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts folder if it does not eixst - As user, create ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.1password.1password.json file if it does not exist - As user, edit ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.1password.1password.json and set content to: { "name": "com.1password.1password", "description": "1Password BrowserSupport", "path": "/home/{USERNAME}/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh", "type": "stdio", "allowed_extensions": [ "{0a75d802-9aed-41e7-8daa-24c067386e82}", "{25fc87fa-4d31-4fee-b5c1-c32a7844c063}", "{d634138d-c276-4fc8-924b-40a0ea21d284}" ] } ``` Where {USERNAME} is the name of your user, essentially full path to the file we created before. - Restart Firefox and 1Password The above can be broken down into (mostly) the following commands: ``` sudo mkdir -p /etc/1password sudo vim /etc/1password/custom_allowed_browsers mkdir -p ~/.var/app/org.mozilla.firefox/data/bin vim ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh chmod +x ~/.var/app/org.mozilla.firefox/data/bin/1password-wrapper.sh mkdir -p ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts vim ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/com.1password.1password.json ``` I had also added xdg-run/1Password-BrowserSupport.sock , however it doesn't appear this socket file is actually needed for the extension to work from what I can tell so far. This does somewhat break the isolation of Flatpak as it can now execute anything on the host via flatpak-spwan --host and there's no real easy way to whitelist specific host binaries that can run via Flatpak, kind of all or nothing annoyingly. I also want to see if sometihng similar is possible for getting the Flatpak 1Password app communicating with a Flatpak browser, as KeePassXC has a kind of workaround for this that is similar. This does somewhat break the isolation of Flatpak as it can now execute anything on the host via flatpak-spwan --host and there's no real easy way to whitelist specific host binaries that can run via Flatpak, kind of all or nothing annoyingly. I also want to see if sometihng similar is possible for getting the Flatpak 1Password app communicating with a Flatpak browser, as KeePassXC has a kind of workaround for this that is similar. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided1.9KViews1like8Comments