Hi @jpl, I’ve followed your example (here), but I’m currently a bit stuck on Bitwarden system auth. Trying to unlock gives “an unexpected error has occured” popup (though it does unlock, strangely). Do I have to do something else with polkit policy file? Running that chcon command in live system also fails.
Looks like you found a better way to install Bitwarden than my hack to find the latest RPM on GitHub.
I haven’t seen the error popup you mentioned. I haven’t gotten around to working on it further, so I’m not even sure yet if it’s working with system auth, probably because I have it configured to only lock on restart. I also don’t know anything about the policy file or how important the chcon command is, sorry.
I suppose got it working just well enough for my uses and moved on, but I’m planning to get back to it as some point and turn it into a re-usable BlueBuild module. Let me know if you learn anything further and I can add any new steps to the module.
Looks like you found a better way to install Bitwarden than my hack to find the latest RPM on GitHub.
I actually tried your script, but for some reason local build failed with “read-only filesystem” during build.
Okay, I’ll see if I’d get any further on this.
Did you try to change where the RPM was being saved to? The environment inside the build steps isn’t really documented, and the only place I could find where the RPM file would be found was in root. I want to clean that up at some point.
Seeing as this is taking top spot in google search and there’s no definitive answer to this issue, I thought I’d chime in. I have tried both rpm-ostree install (layering) as well as custom build via bluebuild (preferred). However, in case of 1Password one issue always remained, browser extension and 1password always refused to talk to each other. Turns out it’s because of wrong UID/GID that is applied to 1password when built via bluebuild.
There’s a way topatch it manually via custom scripts, but thankfully ublue maintainers made a very simple way to install it correctly so that all features including fingerprint auth as well as browser extension work: bling | BlueBuild
In bluebuild recipe.yml you its as simple as this:
---
# yaml-language-server: $schema=https://schema.blue-build.org/recipe-v1.json
# image will be published to ghcr.io/<user>/<name>
name: template
# description will be included in the image's metadata
description: This is my personal OS image.
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/ublue-os/bluefin-dx
image-version: stable
# module configuration, executed in order
# you can include multiple instances of the same module
modules:
- type: files
files:
- source: system
destination: / # copies files/system/* (* means everything inside it) into your image's root folder /
- type: rpm-ostree
repos:
- https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo
optfix:
- brave.com
keys:
- https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
install:
- brave-browser
- type: bling
install:
- 1password
- type: signing # this sets up the proper policy & signing files for signed images to work fully
Just make sure to change base image to “distro” that you want it to base it off - bazzite/aurora/bluefin/silverblue-main etc.
This installs both Brave browser and 1password as system package. You can change Brave to any other browser of your choice of course.
As others mentioned bluebuild, if you still are unsure how to set it up, its pretty straightforward. Just follow this section in the docs How to set up a new repository | BlueBuild and then just edit recipe.yml in created github repository, check until build passes (you can watch it in github in same repository when you go to Github Actions tab) and when build passes, just rebase to your very own image as is described in your own repository’s README.md. That’s all.
Honestly I am a bit flabbergasted it took me so long to find working solution on google, even though its clearly documented in bluebuild docs, google failed to find it 
Anyway, I hope this helps someone to properly set up 1password on their immutable distros.
If anyone want to inspect what this bling does you can see it in ublue repo here:
github .com/blue-build/modules/blob/c0943c009d578214d8bd3d6f185a106420dc034e/modules/bling/installers/1password.sh (can’t post more than 2 links in a post so removethe space after github)
3 Likes