Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
1password dpkg package should stop creating 1password.list
When installing the 1password .deb file, the post-install script automatically creates a file at /etc/apt/sources.list.d/1password.list. This is irritating and is bad behaviour.
Point one: the user did not ask for this file to be created. If you're going to create it, at least ask users if they want it.
Point two: I create and manage my sources files centrally; I do this for my personal systems, and I've always done this when I'm managing a fleet of computers. I create names that make sense to me and have the correct details. Unfortunately, every time I update 1password it re-creates `1password.list` and then apt breaks because I now have two files pointing at the same apt repository - yours and mine.
Point three: I use the new deb822 .sources file format, because this allows me to keep the Apt configuration and the GPG key in the same file, meaning I only have one file to manage. This makes it easier to manage things centrally, and helps keep from scattering GPG keys all over the servers.
1password needs to either:
- Just stop doing it (give people instructions like every other website does)
- Make it optional via e.g. a debconf setting (which the application could theoretically have a UI for, even, if you wanted to get crazy with it)
- Make the file part of the actual package contents so that admins can dpkg-divert it
In the meantime, I created a symlink pointing 1password.list to /dev/null; apt still complains about it but at least nothing breaks.
3 Replies
Yes, they need to stop forcing the creation of this file through Linux anti-patterns. Let users opt into it. Or maybe create a separate package for the GPG key and an apt sources file. Or not recreate it on every package install, just the first install and not upgrades.
They also need to consolidate their repositories so that they're multi-arch and multi-distribution with a single URL. Ridiculous that I need to have logic to put https://downloads.1password.com/linux/debian/amd64 on some systems and https://downloads.1password.com/linux/debian/arm64 on others when apt repositories have supported multi-arch forever.
Also, it would be helpful if they just provided the GPG key in the correct format in the first place instead of needing to run --dearmor on it. Even better, they can provide both .asc and .gpg formats side by side so that you can download whichever format is relevant for your use case.
I agree that they should stop using `1password.list` and switch to DEB822 format `1password.sources`. This has been suggested more than once in the past few years (and, like with improving `1password.desktop`, folks have already done the work for free).
The practice of creating or including the repo file(s) in the application package is more controversial, but creating it with a post install script is wrong™. If creating a separate "release" package is too much work, then your third suggestion is a good one.
For point one, I meant 'give people instructions like every other website does and leave it at that instead of overcomplicating things'.
