Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Keyring isn't suid on nixos
Hi, I'm running nixos and my 1password-keyringhelper isn't suid.
so i get this error
[1P:foundation/op-linux/src/bin/keyring_helper.rs:150]
keyring helper detected it was not running as root. This could lead to credentials being compromised, aborting!
Permissions found: EUID: 1000, EGID: 100
I tried security.wrappers
security.wrappers = {
"1Password-KeyringHelper" = {
source = "${pkgs._1password-gui.out}/share/1password/1Password-KeyringHelper";
setuid = true;
group = "onepassword";
};
};
neither worked
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Nixos master
Sync Type: Not Provided
52 Replies
- 1P_Blake
Community Manager
Hey again @SebTM 👋
Generally-speaking, we play our cards pretty close to the vest until we know we follow-through on something we've said we can do. Savanni is definitely interested in looking into what we can do for NixOS, but there isn't any additional news to share at this point in time.
Thanks for helping out Dayton_ag :) I can also report the issue is still present with latest beta 8.2.0-56.BETA, there is also a new bug introduced compared to the beta-builds before - the tray-icon is still visible in i3wm but not responding on either left or right clicks :(
Dayton_ag1Password Team
Thanks for sharing, @SebTM! I'll make sure this gets passed along to @Savanni :smile:
FYI: Updated PR to latest beta release, error still occurs, removed the seems unneeded wrapper for BrowserSupport but unsure if it's somehow connected with KeyringHelper as it is not unlocking browser-extension even there is no error in the logs...
I also did a cleanup and, rebase and applied feedback.
- Dayton_ag
Not a problem, thanks for your help @SebTM! :smile:
Hi, @SebTM. Thank you for building that module, as it got me over a significant hurdle in just approaching this problem. I've pulled your branch and am able to reproduce this on my machine, too.
Nothing is wrong with your module or the derivation (that I can see, so far, if we make progress we may find more problems...). Our executable verification process figures out the exact file path of the running process and checks the permissions on the file itself. I can see now where and why we're failing, and it looks like we didn't consider the possibility that write permission would be globally disabled.
I'm getting a new build and will try it out.
Hey, I also tried to get 1Password with Keyring-Helper/System Authentication (have working fingerprinter with sudo/i3lock/i3lock-color) and Browser-Support working. I have another issue now where I don't know what to do:
Running just the Keyring-Helper e.g.:
INFO 2021-07-19T20:36:34.911 main(ThreadId(1)) [1P:foundation/op-linux/src/bin/keyring_helper.rs:144] initalizing keyring helper
WARN 2021-07-19T20:36:35.180 main(ThreadId(1)) [1P:foundation/op-sys-info/src/process_verification.rs:124] binary permission verification failed for /nix/store/6krkl5ka31qd8ll1801w5z32cbm6k838-1password-8.1.2-10.BETA/share/1password/1Password-KeyringHelper2
ERROR 2021-07-19T20:36:35.182 main(ThreadId(1)) [1P:foundation/op-linux/src/bin/keyring_helper.rs:174] failed to verify keyring helper process permissions, aborting: BinaryPermissionsMore infos, nix-code and full log of 1Password-start in PR: https://github.com/NixOS/nixpkgs/pull/130652
Hope you can help me/us to solve this and bring full-featured 1password to one more distribution :+1:
Best Regards
