Forum Discussion
Failed to update 1Password on Fedora 35 (GPG check FAILED)
Hiya,
I just updated my system from Fedora 34 to Fedora 35 and when I tried to update my system I get the error that the keys don't match. When I initially tried to do it, dnf told me that there was a new key available and if I would accept that, which I did.
Please advice how to proceed.
I already tried to clear the package cache and try again. Full error message below and contents of the repo. Thank you.
GPG key at https://downloads.1password.com/linux/keys/1password.asc (0x2012EA22) is already installed
The GPG keys listed for the "1Password Stable Channel" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: 1password-8.4.0-1.x86_64
GPG Keys are configured as: https://downloads.1password.com/linux/keys/1password.asc
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
Contents of the repo:
bat /etc/yum.repos.d/1password.repo
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ File: /etc/yum.repos.d/1password.repo
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ [1password]
2 │ name="1Password Stable Channel"
3 │ baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch
4 │ enabled=1
5 │ gpgcheck=1
6 │ #repo_gpgcheck=1
7 │ gpgkey="https://downloads.1password.com/linux/keys/1password.asc"
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1Password Version: 8.3.0
Extension Version: Not Provided
OS Version: Fedora 35
9 Replies
I know that most people don't understand GPG, or package signing and are happy to just disable this security feature, but when it comes to my password manager, this sets off a lot of warning bells. :)
You may want to post a support article that explains the change and has some steps that will show people how to verify that the new key is valid. Given that a supply chain attack to something like 1password would be catastrophic, I think that it would be best if folks don't have to search the forums to find that "We did recently make some minor adjustments to 1Password's GPG key," :smile:
That worked, thank you 1P_Ben
1P_Ben1Password Team
Thanks for letting me know @basurerito! :+1:
Ben
1P_Ben works like a charm. Thank you :+1:
- 1P_Ben
Awesome; thanks for the update @agustingomes. :)
Ben
- 1P_Ben
Hi folks,
I'm sorry for the trouble. We did recently make some minor adjustments to 1Password's GPG key, for the purpose of improving its compatibility with newer versions of Fedora and RPM. Please try running this command and then running the update:
sudo rpm --import https://downloads.1password.com/linux/keys/1password.ascI hope that helps!
Ben
