Forum Discussion
Linux public key expiry update - action required for Arch Linux, Flatpak & RPM-based installs
Hello 1Password Community!
If you are a Linux user, you may have received an email from us last week stating that the public key that certifies updates for 1Password for Linux is expiring with a recommendation to update 1Password before May 16th to avoid future issues when updating the application.
Since sending the notice, we’ve determined that Arch Linux, Flatpak and RPM-based installs will not automatically receive the updated public key by updating 1Password and users will need to take additional action in order to update the public key.
Arch Linux
Arch Linux users will continue to be able to update 1Password but will see validation failures when manually validating a 1Password update beyond May 16th.
To update your key, run the following command:
curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import
Flatpak
Flatpak-based installs will require our updated .flatpakref file to be downloaded and installed.
First, replace the flatpak repo with the following command:
flatpak remote-delete onepassword-origin
Respond 'y' when asked if you want to remove flatpak. Then run:
flatpak install https://downloads.1password.com/linux/flatpak/1Password.flatpakref
While this will effectively reinstall 1Password, account and setting information will be preserved.
RPM
For RPM-based installs, you’ll first need to remove the existing key by running the following command:
$ sudo rpm -e gpg-pubkey-2012ea22-591e021e
Then, run the following command to download the updated key.
$ sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc
You can find more information regarding checking and updating the signing key here. If you have any questions, please feel free to drop a comment.
Thank you for using 1Password!
4 Replies
- timsjNew Contributor
For the RPM instructions, I was getting an error that the existing gpg key package was not installed. The existing key removal command is missing an 'e' at the end of the key id. So it should be:
sudo rpm -e gpg-pubkey-2012ea22-591e021e
Please confirm.
- 1P_justin
1Password Team
You are 100% right - I made a copy + paste error! Thank you so much. I've updated the post accordingly. :)
- timsjNew Contributor
Great, thanks. And just to confirm, after running the command for importing the updated key, should we be receiving what seems to be the same exact key? Here's the rpm -qi output of the 'new' key.