From ed79acedcd731c22ab604e7c161ea64e0a47e38a Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Sun, 19 Mar 2023 19:09:57 -0400 Subject: [PATCH 1/5] feat: add 1password --- Containerfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Containerfile b/Containerfile index e24369af4fc..9a2cea49528 100644 --- a/Containerfile +++ b/Containerfile @@ -51,3 +51,15 @@ COPY --from=cgr.dev/chainguard/cosign:latest /usr/bin/cosign /usr/bin/cosign RUN curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.17.0/kind-$(uname)-amd64" RUN chmod +x ./kind RUN mv ./kind /usr/bin/kind + +# Install 1Password via Tarball +RUN curl -sSO https://downloads.1password.com/linux/tar/stable/x86_64/1password-latest.tar.gz && \ + tar -xf 1password-latest.tar.gz && \ + rm 1password-latest.tar.gz && \ + mkdir -p /usr/1Password && \ + mv 1password-*/* /usr/1Password && \ + sh /usr/libexec/1password-after-install.sh \ + && \ + rm -rf /var/* /tmp/* && \ + ostree container commit + From caf1d6f1d71777039c08519d9835ca7ac592cedb Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Sun, 19 Mar 2023 19:12:40 -0400 Subject: [PATCH 2/5] feat: add 1password integration script Co-authored-by: Robert --- usr/libexec/1password-after-install.sh | 58 ++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 usr/libexec/1password-after-install.sh diff --git a/usr/libexec/1password-after-install.sh b/usr/libexec/1password-after-install.sh new file mode 100644 index 00000000000..07f223c2d81 --- /dev/null +++ b/usr/libexec/1password-after-install.sh @@ -0,0 +1,58 @@ +#!/bin/sh +set -eu + +installFiles() { + CWD=$(pwd) + cd /usr/1Password/ + + # Fill in policy kit file with a list of (the first 10) human users of the system. + export POLICY_OWNERS + POLICY_OWNERS="$(cut -d: -f1,3 /etc/passwd | grep -E ':[0-9]{4}$' | cut -d: -f1 | head -n 10 | sed 's/^/unix-user:/' | tr '\n' ' ')" + eval "cat < ./com.1password.1Password.policy + + # Install policy kit file for system unlock + install -Dm0644 ./com.1password.1Password.policy -t /usr/share/polkit-1/actions/ + + # Install examples + install -Dm0644 ./resources/custom_allowed_browsers -t /usr/share/doc/1password/examples/ + + # chrome-sandbox requires the setuid bit to be specifically set. + # See https://github.com/electron/electron/issues/17972 + chmod 4755 ./chrome-sandbox + + GROUP_NAME="onepassword" + + # Setup the Core App Integration helper binary with the correct permissions and group + if [ ! "$(getent group "${GROUP_NAME}")" ]; then + groupadd "${GROUP_NAME}" + fi + + HELPER_PATH="./1Password-KeyringHelper" + BROWSER_SUPPORT_PATH="./1Password-BrowserSupport" + + chgrp "${GROUP_NAME}" $HELPER_PATH + # The binary requires setuid so it may interact with the Kernel keyring facilities + chmod u+s $HELPER_PATH + chmod g+s $HELPER_PATH + + # This gives no extra permissions to the binary. It only hardens it against environmental tampering. + chgrp "${GROUP_NAME}" $BROWSER_SUPPORT_PATH + chmod g+s $BROWSER_SUPPORT_PATH + + # Restore previous directory + cd "$CWD" + + # Register path symlink + ln -sf /usr/1Password/1password /usr/bin/1password +} + +if [ "$(id -u)" -ne 0 ]; then + echo "You must be running as root to run 1Password's post-installation process" + exit +fi + +installFiles + +exit 0 From 4ca62d1b2a3ae299ad25f423643a906342ac3da3 Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Sun, 19 Mar 2023 19:30:54 -0400 Subject: [PATCH 3/5] feat: add 1password desktop file --- usr/share/applications/1password.desktop | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 usr/share/applications/1password.desktop diff --git a/usr/share/applications/1password.desktop b/usr/share/applications/1password.desktop new file mode 100644 index 00000000000..38efbd17b15 --- /dev/null +++ b/usr/share/applications/1password.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=1Password +Exec=/opt/1Password/1password %U +Terminal=false +Type=Application +Icon=1password +StartupWMClass=1Password +Comment=Password manager and secure wallet +MimeType=x-scheme-handler/onepassword; +Categories=Office; From 28b90fcd624f3767f059d5afceff83d44a333f3d Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Sun, 19 Mar 2023 19:32:48 -0400 Subject: [PATCH 4/5] Update usr/share/applications/1password.desktop Co-authored-by: Robert --- usr/share/applications/1password.desktop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/share/applications/1password.desktop b/usr/share/applications/1password.desktop index 38efbd17b15..44d0209dbe3 100644 --- a/usr/share/applications/1password.desktop +++ b/usr/share/applications/1password.desktop @@ -1,6 +1,6 @@ [Desktop Entry] Name=1Password -Exec=/opt/1Password/1password %U +Exec=/usr/1Password/1password %U Terminal=false Type=Application Icon=1password From f12444704deeb9cbcec7f18cbc2f78f6570bcdf4 Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Sun, 19 Mar 2023 23:22:20 -0400 Subject: [PATCH 5/5] Update Containerfile Co-authored-by: Robert --- Containerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containerfile b/Containerfile index 9a2cea49528..970ba7f8877 100644 --- a/Containerfile +++ b/Containerfile @@ -58,6 +58,7 @@ RUN curl -sSO https://downloads.1password.com/linux/tar/stable/x86_64/1password- rm 1password-latest.tar.gz && \ mkdir -p /usr/1Password && \ mv 1password-*/* /usr/1Password && \ + cp -r /usr/1Password/resources/icons/* /usr/share/icons && \ sh /usr/libexec/1password-after-install.sh \ && \ rm -rf /var/* /tmp/* && \