dotfiles/run_onchange_fix_1password_socket_linux.sh.tmpl at main · marcus-crane/dotfiles · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{{- if (eq .chezmoi.os "linux") -}}
#!/usr/bin/env bash

set -euo pipefail

echo "Checking 1Password CLI integration..."

# Check if op CLI is installed
if ! command -v op &> /dev/null; then
    echo "1Password CLI (op) is not installed, skipping"
    exit 0
fi

OP_PATH=$(command -v op)

# Check if onepassword-cli group exists (required for desktop app integration)
if ! getent group onepassword-cli &> /dev/null; then
    echo "onepassword-cli group does not exist"
    echo "Install 1Password Desktop from the official package to create the group"
    exit 0
fi

# Check if user is in the onepassword-cli group
if ! groups | grep -q onepassword-cli; then
    echo "Adding user to 'onepassword-cli' group..."
    if command -v sudo &> /dev/null; then
        sudo usermod -aG onepassword-cli "$USER"
        echo "User added to 'onepassword-cli' group"
        echo "NOTE: You may need to log out and log back in for group changes to take effect"
    else
        echo "WARNING: sudo not available, cannot add user to group"
        exit 1
    fi
fi

# Fix op binary permissions for desktop app integration
# The op binary must be owned by onepassword-cli group with setgid bit
# This allows the desktop app to verify the CLI is trusted
OP_GROUP=$(stat -c '%G' "$OP_PATH")

if [[ "$OP_GROUP" != "onepassword-cli" ]]; then
    echo "Fixing op CLI group ownership ($OP_PATH)..."
    if command -v sudo &> /dev/null; then
        sudo chgrp onepassword-cli "$OP_PATH"
        echo "op CLI group ownership fixed"
    else
        echo "WARNING: sudo not available, cannot fix op permissions"
        exit 1
    fi
fi

# Check and set setgid bit (required for desktop app to trust the CLI)
if [[ ! -g "$OP_PATH" ]]; then
    echo "Setting setgid bit on op CLI..."
    if command -v sudo &> /dev/null; then
        sudo chmod g+s "$OP_PATH"
        echo "setgid bit set on op CLI"
    else
        echo "WARNING: sudo not available, cannot set setgid bit"
        exit 1
    fi
fi

# Verify the fix
if [[ $(stat -c '%G' "$OP_PATH") == "onepassword-cli" ]] && [[ -g "$OP_PATH" ]]; then
    echo "1Password CLI integration configured correctly"
else
    echo "WARNING: Could not verify op CLI permissions"
    exit 1
fi

{{ end -}}