Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Biometric not working when executing the CLI from java
Hello
I'm building a java CLI that wraps op for some operations.
The issue was first observed when running a native binary compiled with Graalvm, but after investigation it is perfectly reproduc...
Hello
I'm building a java CLI that wraps op for some operations.
The issue was first observed when running a native binary compiled with Graalvm, but after investigation it is perfectly reproducible using pure java (but not the system java for some reason).
Reproducing
- Ubuntu 20.04.1
- 1Password for Linux 8.7.3
- CLI 2.5.1 configured to support Biometric authentication as per https://developer.1password.com/docs/cli/get-started/#sign-in
- Sign up to the account with
op sign in, verify you can list your vaults:op vault ls. - create the following file and compile it with javac (
javac Op.java):
```
// Op.java
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
public class Op {
public static void main(String args[]) throws IOException {
List<String> commands = Arrays.asList("op", "vault", "ls");
call(commands);
}
private static Process call(List<String> args) throws IOException {
ProcessBuilder pb = new ProcessBuilder(args)
.redirectErrorStream(true)
.directory(new File(System.getProperty("user.dir")));
pb.inheritIO();
return execute(pb);
}
private static Process execute(ProcessBuilder pb) throws IOException {
var p = pb.start();
try {
p.waitFor();
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
return p;
}
}
```
- Run the compiled class with
java Op. If you are using the system java (installed withapt install ...) it should be a success, but if you are using a java that is not the system java you will see an issue. For instance, I managed to reproduce the issue running a java installed with https://asdf-vm.com/guide/getting-started.html. You will see something similar too:
[ERROR] 2022/07/18 12:34:12 connecting to desktop app: connection reset, make sure the CLI is correctly installed and CLI Biometric Unlock is enabled in the 1Password app
Looking into systemctl one can see:
Jul 18 12:46:13 *** polkitd(authority=local)[42243]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action com.1password.1Password.authorizeCLI for unix-process:36645:669364 [/opt/1Password/1password --enable-crashpad] (owned by unix-user:***)
and:
Jul 18 12:47:13 *** 1password.desktop[36645]: WARN 2022-07-18T12:47:13.840 tokio-runtime-worker(ThreadId(2)) [1P:foundation/op-sys-info/src/process_information/linux.rs:247] binary permission verification failed for /home/$USER/.asdf/installs/java/temurin-11.0.15+10/bin/java
The second line is also visible in 1password logs.
Additional notes
- This works ok on osX.
- I'm not set on whether the issue is on 1password client side (as it seems there is a check on the binary) or on Polkit side.
- The original issue was with a binary compiled with Graalvm, but the symptoms and logs are exactly the same with this minimal example. If needed I can build a minimal reproduction case with a Graalvm native binary though.
