Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
APT repo recreated (on update / open)
I'm not sure exactly when this happened, but when updating 1Password through apt, i received messages informing me that the target is configured multiple times.
this occurred because I swapped all external apt repos to use the new deb822 style format, excluding some explicitly automatically managed files
the 1password file was not marked as automatically managed, so it was converted to the new style and removed, but came back.
(i think it was probably on update, but i don't know exactly)
compared to the google chrome file, which i explicitly knew to not touch due to the comment, identical to the other electron based apps
(slack, vscode)
my custom deb822
```
$ cat external.sources
1Password
Types: deb
URIs: https://downloads.1password.com/linux/debian/amd64
Suites: stable
Components: main
Architectures: amd64
Signed-By: /usr/share/keyrings/1password-archive-keyring.gpg
Enabled: yes
Google Chrome
not present, automatically edited in google-chrome.list
Mono
Types: deb
URIs: https://download.mono-project.com/repo/debian
Suites: stable-buster
Components: main
Enabled: yes
[SNIP]
```
$ cat 1password.list
deb [arch=amd64 signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/amd64 stable main
```
$ cat google-chrome.list
THIS FILE IS AUTOMATICALLY CONFIGURED
You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
```
1Password Version: 1Password for Linux 8.10.4 (81004032)
Extension Version: Version 2.9.0
OS Version: Linux Debian 11
Browser:_ Firefox 91.13.0esr (64-bit)
8 Replies
Yeah, this is really annoying. Every time I `apt upgrade`, 1password recreates the `1password.list` file in `/etc/apt/sources.list.d` when I've already switched to using the `.sources` format. Please stop creating the `.list` file and breaking apt. I have to manually `rm` the file every time 1password gets an update.
Thanks roy_orbison​ for the patch, I did something similar but just commented out the `installDebChannel` function entirely.
Hopefully this can get fixed upstream properly.
FrankyO1P1Password Team
Hey RogueScholar,
Thank you for reaching out and sharing your feedback. I'll go ahead and pass this information along to the team. We also greatly appreciate your kind words 😄
Franky
Hi 1P_Gem,
Just as an aside to this, I'd like to propose something to the development team regarding the management of the APT repository file placed in
/etc/apt/sources.list.d. What if they were to switch to placing a file there in the Deb822 control data format just as the original poster (and myself) have done? With that done, it would then be a relatively trivial matter to add the ability for users to select the release channel that they want to receive updates from on APT-based Linux distributions in every bit the same way they can on Windows currently. It would only involve manipulating the value of theSuites:key in that file to match the release channel selected plus all slower-moving ones, space delimited. They could even tie into the PackageKit Session API to trigger the system to fetch and install updates on-demand from within the 1Password app in a package manager-agnostic fashion, bringing the Linux app up to feature parity with its Windows counterpart as it already is in almost every other way.The APT developers are moving fast and breaking things lately (a la the commit 2+ weeks ago to apt 1.7.0dev that borked the repository signing key management of every Chromium-based browser, without apology or reversion…) and with Debian Bookworm switching to shipping only the Deb822 format, it's virtually certain that this change to 1Password will have to happen at some point in the not-too-distant future. Going one step further, since Linux users are far more prone to working on the command line you could also tie in the ability to manipulate the release channel and pause updates/pin the currently installed version through the 1Password CLI, just as TeamViewer has offered in their own CLI for at least the last four years. Really, that last part (manipulating the release channel and pausing updates from the CLI) would be cool to see on Windows, too.
Anyhow, I know you guys have plenty of other irons in the fire so I'll stop there, I just wanted to get the idea down and into your hands while it was fresh in my mind. Thanks again for all the hard work; I can assure you that it doesn't pass unnoticed.
1P_GemHi @the456gamer! On behalf of my colleague Franky, you're very welcome. If you have any further questions or concerns, let us know 😄
- FrankyO1P
Hi @the456gamer,
Thanks for bringing this to our attention. I'd like to ask, do you need any assistance with resolving the multiple target issue?
I understand you would also like to see a comment included in the sources. I'll go ahead and pass along your feedback and this request to the team.
Looking forward to hearing from you.
--- a/after-install.sh +++ b/after-install.sh @@ -20,11 +20,25 @@ curl -fsSo "$TEMPDIR/1password.pol" https://downloads.1password.com/linux/debian/debsig/1password.pol # Setup apt repository - cp "$TEMPDIR/1password.gpg" /usr/share/keyrings/1password-archive-keyring.gpg - cat > /etc/apt/sources.list.d/1password.list <<-EOM + KEYRING=/usr/share/keyrings/1password-archive-keyring.gpg + cp "$TEMPDIR/1password.gpg" "$KEYRING" + LIST=/etc/apt/sources.list.d/1password.list + if [ -e "$LIST" ]; then + cat > "$LIST" <<- EOM # This file is automatically added and configured by the 1Password package. Modifications may be overwritten. -deb [arch=amd64 signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/amd64 ${CHANNEL} main +deb [arch=amd64 signed-by=${KEYRING}] https://downloads.1password.com/linux/debian/amd64 ${CHANNEL} main EOM + else + cat > "${LIST%.*}.sources" <<- EOM +Types: deb +URIs: https://downloads.1password.com/linux/debian/amd64 +Suites: ${CHANNEL} +Components: main +Architectures: amd64 +Signed-By: ${KEYRING} +EOM + fi + # Setup debsig verification mkdir -p /etc/debsig/policies/AC2D62742012EA22/ mv "$TEMPDIR/1password.pol" /etc/debsig/policies/AC2D62742012EA22/1password.polHere's a backwards-compatible patch for the devs. New installs and systems that already migrated to the .sources format would then get updates without creating conflicts. If the system has both files (the current situation after an update, which causes apt errors), the user need only delete the .list version. If they don't have the .sources version, they can elect to do so using this:
sudo apt modernize-sourcesIn the extremely unlikely event that someone installs on a Debian-based OS that can run 1Password but doesn't yet accept DEB822 format, they could run this first to force the old format:
sudo touch /etc/apt/sources.list.d/1password.listPerhaps 1P_Dave​ or someone else active on the Linux tag could look at this. OS upgrades automatically convert .list format files to .sources, so 1P reinstalling the former virtually guarantees it'll break apt updates for the whole machine, including automatic security updates, for every single user of the deb package. Updates cannot run again until one of these files is manually deleted using root privileges, and this whole cycle will likely repeat again. It would be good to see this get higher priority given it's trivial to fix and has a relatively high impact.
