Failed to update 1Password on Fedora 35 (GPG check FAILED)

Options
Furro
Furro
Community Member
edited November 2021 in Desktop betas (Mac, Windows, and Linux)

Hiya,

I just updated my system from Fedora 34 to Fedora 35 and when I tried to update my system I get the error that the keys don't match. When I initially tried to do it, dnf told me that there was a new key available and if I would accept that, which I did.

Please advice how to proceed.

I already tried to clear the package cache and try again. Full error message below and contents of the repo. Thank you.

GPG key at https://downloads.1password.com/linux/keys/1password.asc (0x2012EA22) is already installed
The GPG keys listed for the "1Password Stable Channel" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: 1password-8.4.0-1.x86_64
 GPG Keys are configured as: https://downloads.1password.com/linux/keys/1password.asc
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

Contents of the repo:

bat /etc/yum.repos.d/1password.repo
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: /etc/yum.repos.d/1password.repo
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ [1password]
   2   │ name="1Password Stable Channel"
   3   │ baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch
   4   │ enabled=1
   5   │ gpgcheck=1
   6   │ #repo_gpgcheck=1
   7   │ gpgkey="https://downloads.1password.com/linux/keys/1password.asc"
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

1Password Version: 8.3.0
Extension Version: Not Provided
OS Version: Fedora 35

Comments

  • basurerito
    basurerito
    Community Member
    Options

    Same here with Fedora 35.

  • Ben
    Ben
    Options

    Hi folks,

    I'm sorry for the trouble. We did recently make some minor adjustments to 1Password's GPG key, for the purpose of improving its compatibility with newer versions of Fedora and RPM. Please try running this command and then running the update:

    sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc

    I hope that helps!

    Ben

  • agustingomes
    agustingomes
    Community Member
    Options

    Thank you Ben, that did the trick for me.

  • Ben
    Ben
    Options

    Awesome; thanks for the update @agustingomes. :)

    Ben

  • basurerito
    basurerito
    Community Member
    Options

    @Ben works like a charm. Thank you :+1:

  • Ben
    Ben
    Options

    Thanks for letting me know @basurerito! :+1:

    Ben

  • Furro
    Furro
    Community Member
    Options

    That worked, thank you @Ben

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    On behalf of Ben, you are welcome :)

  • ptoal
    ptoal
    Community Member
    Options

    I know that most people don't understand GPG, or package signing and are happy to just disable this security feature, but when it comes to my password manager, this sets off a lot of warning bells. :)

    You may want to post a support article that explains the change and has some steps that will show people how to verify that the new key is valid. Given that a supply chain attack to something like 1password would be catastrophic, I think that it would be best if folks don't have to search the forums to find that "We did recently make some minor adjustments to 1Password's GPG key," :smile:

This discussion has been closed.