Forum Discussion

1P_justin's avatar
1P_justin
Icon for 1Password Team rank1Password Team
2 months ago

Linux public key expiry update - action required for Arch Linux, Flatpak & RPM-based installs

Hello 1Password Community!

If you are a Linux user, you may have received an email from us last week stating that the public key that certifies updates for 1Password for Linux is expiring with a recommendation to update 1Password before May 16th to avoid future issues when updating the application.

Since sending the notice, we’ve determined that Arch Linux, Flatpak and RPM-based installs will not automatically receive the updated public key by updating 1Password and users will need to take additional action in order to update the public key.

Arch Linux

Arch Linux users will continue to be able to update 1Password but will see validation failures when manually validating a 1Password update beyond May 16th.

To update your key, run the following command:

curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import

Flatpak

Flatpak-based installs will require our updated .flatpakref file to be downloaded and installed.

First, replace the flatpak repo with the following command:

flatpak remote-delete onepassword-origin

Respond 'y' when asked if you want to remove flatpak. Then run:

flatpak install https://downloads.1password.com/linux/flatpak/1Password.flatpakref

While this will effectively reinstall 1Password, account and setting information will be preserved.

RPM

For RPM-based installs, you’ll first need to remove the existing key by running the following command:

$ sudo rpm -e gpg-pubkey-2012ea22-591e021e

Then, run the following command to download the updated key.

$ sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc

 

You can find more information regarding checking and updating the signing key here. If you have any questions, please feel free to drop a comment.

Thank you for using 1Password!

4 Replies

  • timsj's avatar
    timsj
    New Contributor

    For the RPM instructions, I was getting an error that the existing gpg key package was not installed. The existing key removal command is missing an 'e' at the end of the key id. So it should be:

    sudo rpm -e gpg-pubkey-2012ea22-591e021e

    Please confirm.

    • 1P_justin's avatar
      1P_justin
      Icon for 1Password Team rank1Password Team

      You are 100% right - I made a copy + paste error! Thank you so much. I've updated the post accordingly. :)

      • timsj's avatar
        timsj
        New Contributor

        Great, thanks. And just to confirm, after running the command for importing the updated key, should we be receiving what seems to be the same exact key? Here's the rpm -qi output of the 'new' key.