Skip to content

Commit

Permalink
1password script
Browse files Browse the repository at this point in the history
  • Loading branch information
b- committed Oct 8, 2023
1 parent 81f7397 commit f6802c6
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
name: Build and Push Image
on:
push:
schedule:
- cron: '15 09 * * *' # 9:15am everyday
merge_group:
Expand Down
13 changes: 6 additions & 7 deletions scripts/1password.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,10 @@ ln -s /opt/1Password/1password /usr/bin/1password

# hacked from 1password-latest.tar.gz//after-install.sh

cd /usr/lib/1Password
# chrome-sandbox requires the setuid bit to be specifically set.
# See https://github.com/electron/electron/issues/17972
chmod 4755 ./chrome-sandbox
chmod 4755 /usr/lib/1Password/chrome-sandbox

GROUP_NAME="onepassword"
GID_OP="1500"
Expand All @@ -32,25 +33,23 @@ GID_OPCLI="1600"
# groupadd -K GID_MIN=1500 "${GROUP_NAME}"
# fi

HELPER_PATH="./1Password-KeyringHelper"
BROWSER_SUPPORT_PATH="./1Password-BrowserSupport"
HELPER_PATH="/usr/lib/1Password/1Password-KeyringHelper"
BROWSER_SUPPORT_PATH="/usr/lib/1Password/1Password-BrowserSupport"

chgrp "${GID_OP}" $HELPER_PATH
chgrp -R "${GID_OP}" /usr/lib/1Password
# The binary requires setuid so it may interact with the Kernel keyring facilities
chmod u+s $HELPER_PATH
chmod g+s $HELPER_PATH

# This gives no extra permissions to the binary. It only hardens it against environmental tampering.
chgrp "${GROUP_NAME}" $BROWSER_SUPPORT_PATH
chgrp "${GID_OP}" $BROWSER_SUPPORT_PATH
chmod g+s $BROWSER_SUPPORT_PATH

# Restore previous directory
cd "$CWD"

# Register path symlink
ln -s /usr/lib/1Password /opt/1Password
EOF
chmod +x /usr/bin/install-1password

# Then we install the 1password CLI binary as well

Expand Down

0 comments on commit f6802c6

Please sign in to comment.