feat(1password): update local copy of script

Containerfile

@@ -173,7 +173,7 @@ RUN /tmp/bat.sh
 RUN /tmp/delta.sh
 
 ### add 1password
-COPY --from=ghcr.io/briorg/bling:latest /modules/bling/installers/1password.sh /tmp/1password.sh
+#COPY --from=ghcr.io/briorg/bling:latest /modules/bling/installers/1password.sh /tmp/1password.sh
 RUN chmod +x /tmp/1password.sh && \
     ONEPASSWORD_RELEASE_CHANNEL=beta \
     GID_ONEPASSWORD=1500 \

scripts/1password.sh

@@ -1,6 +1,17 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 
-set -e
+set -ouex pipefail
+
+#### Variables
+
+# Can be "beta" or "stable"
+RELEASE_CHANNEL="${ONEPASSWORD_RELEASE_CHANNEL:-stable}"
+
+# Must be over 1000
+GID_ONEPASSWORD="${GID_ONEPASSWORD:-1500}"
+
+# Must be over 1000
+GID_ONEPASSWORDCLI="${GID_ONEPASSWORDCLI:-1600}"
 
 echo "Installing 1Password"
 
@@ -12,14 +23,26 @@ echo "Installing 1Password"
 # symbolic link /opt/1Password => /usr/lib/1Password upon
 # boot.
 
-ONEPASSWORD_RPM='https://downloads.1password.com/linux/rpm/beta/x86_64/1password-latest.rpm'
-
 # Prepare staging directory
 mkdir -p /var/opt # -p just in case it exists
 # for some reason...
 
-# Now let's install the package.
-rpm-ostree install "${ONEPASSWORD_RPM}"
+# Setup repo
+cat << EOF > /etc/yum.repos.d/1password.repo
+[1password]
+name=1Password ${RELEASE_CHANNEL^} Channel
+baseurl=https://downloads.1password.com/linux/rpm/${RELEASE_CHANNEL}/\$basearch
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://downloads.1password.com/linux/keys/1password.asc
+EOF
+
+# Import signing key
+rpm --import https://downloads.1password.com/linux/keys/1password.asc
+
+# Now let's install the packages.
+rpm-ostree install 1password 1password-cli
 
 # Clean up the yum repo (updates are baked into new images)
 rm /etc/yum.repos.d/1password.repo -f
@@ -55,8 +78,6 @@ chmod 4755 /usr/lib/1Password/chrome-sandbox
 # conflict with any real groups on the deployed system.
 # Normal user group GIDs on Fedora are sequential starting
 # at 1000, so let's skip ahead and set to something higher.
-GID_ONEPASSWORD="1500"
-GID_ONEPASSWORDCLI="1600"
 
 HELPER_PATH="/usr/lib/1Password/1Password-KeyringHelper"
 BROWSER_SUPPORT_PATH="/usr/lib/1Password/1Password-BrowserSupport"
@@ -72,38 +93,26 @@ chmod g+s "${HELPER_PATH}"
 chgrp "${GID_ONEPASSWORD}" "${BROWSER_SUPPORT_PATH}"
 chmod g+s "${BROWSER_SUPPORT_PATH}"
 
-# Dynamically create the required group via sysusers.d
+# onepassword-cli also needs its own group and setgid, like the other helpers.
+chgrp "${GID_ONEPASSWORDCLI}" /usr/bin/op
+chmod g+s /usr/bin/op
+
+# Dynamically create the required groups via sysusers.d
 # and set the GID based on the files we just chgrp'd
 cat >/usr/lib/sysusers.d/onepassword.conf <<EOF
 g onepassword ${GID_ONEPASSWORD}
 EOF
-# remove the sysusers.d entry created by onepassword's RPM.
-# It doesn't magically set the GID like we need it to.
+cat >/usr/lib/sysusers.d/onepassword-cli.conf <<EOF
+g onepassword-cli ${GID_ONEPASSWORDCLI}
+EOF
+
+# remove the sysusers.d entries created by onepassword RPMs.
+# They don't magically set the GID like we need them to.
 rm -f /usr/lib/sysusers.d/30-rpmostree-pkg-group-onepassword.conf
+rm -f /usr/lib/sysusers.d/30-rpmostree-pkg-group-onepassword-cli.conf
 
 # Register path symlink
 # We do this via tmpfiles.d so that it is created by the live system.
 cat >/usr/lib/tmpfiles.d/onepassword.conf <<EOF
 L  /opt/1Password  -  -  -  -  /usr/lib/1Password
-EOF
-
-# Then we install the 1password CLI binary as well
-
-cd "$(mktemp -d)"
-wget -q https://cache.agilebits.com/dist/1P/op2/pkg/v2.14.0/op_linux_amd64_v2.14.0.zip
-unzip op_linux_amd64_v2.14.0.zip
-
-mv op /usr/bin
-
-# it needs its own group and needs setgid, like the other helpers.
-#groupadd -g ${GID_ONEPASSWORDCLI} onepassword-cli
-chown root:${GID_ONEPASSWORDCLI} /usr/bin/op
-chmod g+s /usr/bin/op
-
-# Dynamically create the required group via sysusers.d
-# and set the GID based on the files we just chgrp'd
-cat >/usr/lib/sysusers.d/onepassword-cli.conf <<EOF
-g onepassword-cli ${GID_ONEPASSWORDCLI}
-EOF
-
-op --version
+EOF