Running 1Password GUI on Alpine Linux with Docker
Hello all, I was finally able to get 1Password GUI running on Alpine Linux.
Unfortunately the 1Password binary ships as a dynamically linked executable, and there are too many glibc-linked shared libraries to be able to run it on Alpine even with the glibc compatibility layer installed. Getting it running as a collection of binaries or as a chroot application - while not impossible - will be quite time-consuming.
As a compromise, I was able to build a Docker container from Ubuntu 18.04, and from there figured out the right incantation to get the app to run on my local desktop.
The current problem is that so far I can only get everything to work if I use --privileged and --network=host mode for Docker. Otherwise it complains that it can't authenticate to my X server, even if I allow all connections with xhost +. I mean... it's working, that's not nothing. But it would be nice if I could not rely on whatever weird host-level networking is going on here. Also, if -v /tmp:/tmp isn't passed, Clipboard does not work. (Developers? Any ideas?)
Anyway!
First, copy the following to a file called Dockerfile.
FROM ubuntu:18.04 as build-stg1
ENV CHANNEL="stable"
ENV ONEPASSWORD_KEY_URL="https://downloads.1password.com/linux/keys/1password.asc"
ENV GROUP_NAME="onepassword"
ENV HELPER_PATH="./1Password-KeyringHelper"
ENV BROWSER_SUPPORT_PATH="./1Password-BrowserSupport"
ENV DEBIAN_FRONTEND=noninteractive
RUN set -e; \
apt-get update && apt-get install -y --no-install-recommends \
curl gpg ca-certificates libx11-xcb1 ; \
curl -sS "$ONEPASSWORD_KEY_URL" | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg ; \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/amd64 ${CHANNEL} main" > /etc/apt/sources.list.d/1password.list ; \
mkdir -p /etc/debsig/policies/AC2D62742012EA22/ ; \
curl -sSo /etc/debsig/policies/AC2D62742012EA22/1password.pol https://downloads.1password.com/linux/debian/debsig/1password.pol ; \
mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22/ ; \
rm -f /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg ; \
curl -sS "$ONEPASSWORD_KEY_URL" | gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg ; \
apt-get update && apt-get install -y 1password ; \
cd /opt/1Password/ ; \
install -Dm0644 ./com.1password.1Password.policy -t /usr/share/polkit-1/actions/ ; \
install -Dm0644 ./resources/custom_allowed_browsers -t /usr/share/doc/1password/examples/ ; \
chmod 4755 ./chrome-sandbox ; \
if [ ! "$(getent group "${GROUP_NAME}")" ]; then \
groupadd "${GROUP_NAME}" ; \
fi ; \
chgrp "${GROUP_NAME}" $HELPER_PATH ; \
chmod u+s $HELPER_PATH ; \
chmod g+s $HELPER_PATH ; \
chgrp "${GROUP_NAME}" $BROWSER_SUPPORT_PATH ; \
chmod g+s $BROWSER_SUPPORT_PATH ; \
ln -sf /opt/1Password/1password /usr/bin/1password ; \
rm -rf /var/lib/apt/lists/*
RUN apt update && apt install -y --no-install-recommends openssh-server xauth && rm -rf /var/lib/apt/lists/*
RUN sed -i -e 's/^#AddressFamily.*/AddressFamily inet/g' /etc/ssh/sshd_config ; mkdir -p /run/sshd
Next, run the following command:
docker build -t my-1password:latest - < Dockerfile
Finally, copy the following 2 lines into a new file called "1password":
#!/bin/sh
docker run --privileged --network=host --rm -it -v /tmp:/tmp -v /etc/passwd:/etc/passwd:ro -v /etc/shadow:/etc/shadow:ro -v /etc/group:/etc/group:ro -v $HOME:$HOME -e DISPLAY -u `id -u`:`id -g` my-1password 1password --disable-gpu --log debug
Run:
chmod +x 1password
And that should be it! Now just run ./1password and you should see a ton of error messages, but eventually 1Password should pop up on your screen.
You can also install more X apps in that container and run them through Docker. But they'll be pretty slow!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Alpine Linux 3.15.0
