1password-cli Linux Checksum Change
Hello!
I'm the current packager for 1password-cli
on Arch Linux and recently received a note from a user that the SHA256 hashes have changed for the v2.5.1 release. I have verified the hashes have indeed changed and the GPG signature is still perfectly valid. This has happened in the past and was mentioned that it was due to an upgrade to AgileBits' build systems.
- Was this an intentional change by 1password?
- Since this is now at least the second time where the build has changed without a build number update, is this to be expected in the future?
- Could AgileBits publish SHA256 hashes of the ZIP archives? The GPG signature is plenty good for verification, but for situations like this an official update would be appreciated.
Appreciate your time!
slurpee
Previous hashes for v2.5.1 as recorded on 2022-Jun-24:
sha256sums_x86_64=('c01a193c5c58f0cdc39a2ca7a377b71922fa22c6fb8b1f92f2eb7d8f47f52d77') sha256sums_i686=('2a6778f45919fbad70b016d16b5f02d9c0833b7a69f1236401a039aeeb7b9d5d') sha256sums_arm=('13263b157fee2d9e864599a262b8a4cc612e63253af83519db2e9a2f2541e8d7') sha256sums_aarch64=('f015c1ebfc627c5e260890b7224e42f748d563e1af990c80428f9269c8178b2c')
Current hashes for v2.5.1 as tested on 2022-Jul-18:
sha256sums_x86_64=('1030b3a7007f236d08ae7b3094b41d61f1447f3490c23f613072742f58fe5928') sha256sums_i686=('8b8578f7834d18e47a0bbe793ccdc5d03f71ccea6bdd3c66c006766b3ddb56a1') sha256sums_arm=('d2849248d746de2f683d043784bfbe1a51615adbfe84918eaf6e2ac6b967fe67') sha256sums_aarch64=('91f5615f98eb4bb29124d6317a3a7a5330c3415cf0f789aaaffbe5f353ee713a')
Important clarification for other readers: The 1password-cli
package is a community effort; it has no connection to AgileBits or the 1Password organization, and is not supported nor endorsed by either.
1Password Version: 2.5.1
Extension Version: N/A
OS Version: Linux
Browser: N/A
Comments
-
Hey there @slurpee ,
Thank you for bringing this up. While we were recently testing beta releases for the CLI, there was a period over the past weekend where 2.5.1 download links were inadvertently replaced with the beta binaries.
We've since fixed the issue, as of 2022-Jul-18, and the hashes should be reverted to the originals (June 24th).
0 -
Hey @Justin.Yoon_1P!
Appreciate your response - I've verified the binaries have been reverted to the previous version. The ZIP archives' checksums are different, but that's to be expected with ZIP (access dates and all that).
I'll forward your message over to the AUR community and update the packaging as needed.
Thanks again!
slurpee0