Forum Discussion

Former Member's avatar
Former Member
3 years ago

1password-cli Linux Checksum Change

Hello!

I'm the current packager for 1password-cli on Arch Linux and https://aur.archlinux.org/packages/1password-cli#comment-874156 that the SHA256 hashes have changed for https://app-updates.agilebits.com/product_history/CLI2#v2050101. I have verified the hashes have indeed changed and the GPG signature is still perfectly valid. This has https://1password.community/discussion/91299/cli-binaries-changed-without-notice-signature-still-ok-though and was mentioned that it was due to an upgrade to AgileBits' build systems.

  • Was this an intentional change by 1password?
  • Since this is now at least the second time where the build has changed without a build number update, is this to be expected in the future?
  • Could AgileBits publish SHA256 hashes of the ZIP archives? The GPG signature is plenty good for verification, but for situations like this an official update would be appreciated.

Appreciate your time!
slurpee

Previous hashes for v2.5.1 as recorded on 2022-Jun-24:

sha256sums_x86_64=('c01a193c5c58f0cdc39a2ca7a377b71922fa22c6fb8b1f92f2eb7d8f47f52d77')
sha256sums_i686=('2a6778f45919fbad70b016d16b5f02d9c0833b7a69f1236401a039aeeb7b9d5d')
sha256sums_arm=('13263b157fee2d9e864599a262b8a4cc612e63253af83519db2e9a2f2541e8d7')
sha256sums_aarch64=('f015c1ebfc627c5e260890b7224e42f748d563e1af990c80428f9269c8178b2c')

Current hashes for v2.5.1 as tested on 2022-Jul-18:

sha256sums_x86_64=('1030b3a7007f236d08ae7b3094b41d61f1447f3490c23f613072742f58fe5928')
sha256sums_i686=('8b8578f7834d18e47a0bbe793ccdc5d03f71ccea6bdd3c66c006766b3ddb56a1')
sha256sums_arm=('d2849248d746de2f683d043784bfbe1a51615adbfe84918eaf6e2ac6b967fe67')
sha256sums_aarch64=('91f5615f98eb4bb29124d6317a3a7a5330c3415cf0f789aaaffbe5f353ee713a')

Important clarification for other readers: The 1password-cli package is a community effort; it has no connection to AgileBits or the 1Password organization, and is not supported nor endorsed by either.

1Password Version: 2.5.1
Extension Version: N/A
OS Version: Linux
Browser: N/A

linux

2 Replies

Sort By
  • Former Member's avatar
    Former Member
    3 years ago

    Hey @"Justin.Yoon_1P"!

    Appreciate your response - I've verified the binaries have been reverted to the previous version. The ZIP archives' checksums are different, but that's to be expected with ZIP (access dates and all that).

    I'll forward your message over to the AUR community and update the packaging as needed.

    Thanks again!
    slurpee

  • Former Member's avatar
    Former Member
    3 years ago

    Hey there @slurpee ,

    Thank you for bringing this up. While we were recently testing beta releases for the CLI, there was a period over the past weekend where 2.5.1 download links were inadvertently replaced with the beta binaries.

    We've since fixed the issue, as of 2022-Jul-18, and the hashes should be reverted to the originals (June 24th).