Package Details: 1password-cli 0.9.2-1

Git Clone URL: https://aur.archlinux.org/1password-cli.git (read-only, click to copy)
Package Base: 1password-cli
Description: 1Password command line tool
Upstream URL: https://app-updates.agilebits.com/product_history/CLI
Licenses: custom
Submitter: Sh4rk
Maintainer: slurpee
Last Packager: slurpee
Votes: 12
Popularity: 0.25
First Submitted: 2017-09-07 18:54
Last Updated: 2020-02-06 15:30

Pinned Comments

Auerhuhn commented on 2018-07-01 15:53

You may want to first import 1Password’s PGP code signing key:

gpg --recv-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

To confirm the key is legit, see this comment by 1Password’s Jeffrey Goldberg:

https://discussions.agilebits.com/discussion/comment/420654/#Comment_420654

Latest Comments

« First ‹ Previous 1 2 3 Next › Last »

mprom commented on 2018-06-15 11:13

The check() step of the PKGBUILD gives an error if you haven't set GPG up. Removing it from PKGBUILD seems to have worked.

Auerhuhn commented on 2018-06-04 15:27

According to AgileBits [1] the modification is legit. I have now updated the signatures and bumped the package to v0.4.1, pkgrel 2. See commit message for full details.

Thanks again @chopps for reporting!

[1] https://discussions.agilebits.com/discussion/comment/438011/#Comment_438011

Auerhuhn commented on 2018-06-03 14:34

@chopps Thanks for giving notice. I can confirm the SHAs of all three editions have changed ( not only amd64), and this definitely was not the case two weeks ago. This means someone may have changed the binaries on AgileBit’s server without bumping either of version number, build number, and release date.

Generally, this can be indicative of a compromised download. I recommend to always keep that in mind before you install anything that shows a checksum error. In this particular case though, the changed binaries are still signed by AgileBits, and my GPG says the signature is 100 % OK. Therefore I feel the package to be probably safe to use.

With all that said, I have reached out [1] to AgileBits and will wait for their response before I update the signatures in the PKGBUILD.

[1] https://discussions.agilebits.com/discussion/91299/cli-binaries-changed-without-notice-signature-still-ok-though

chopps commented on 2018-06-03 13:50

I'm getting a validation failure on the amd64 zip. I downloaded and checked the signature (and did a bit more work to actually trust the signature by finding a picture of the business card of the signer showing the fingerprint), and my zip file appears valid. My sha256sum for it is different from this PKGBUILD.

Auerhuhn commented on 2018-05-15 15:51

Bumped to v0.4.1. Thanks @dmeijboom for the heads up!

Auerhuhn commented on 2018-04-11 18:59

Thanks @betsu and @mattikus! Updated.

betsu commented on 2018-04-11 13:44

@Sh4rk I just update the package to v0.4.

--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Felix Seidel <felix@seidel.me>

 pkgname=1password-cli
-pkgver=0.3
+pkgver=0.4
 pkgrel=1
 pkgdesc="1Password command line tool"
 arch=('x86_64' 'i686' 'arm')
@@ -13,11 +13,12 @@ source_x86_64=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_amd
 source_i686=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_386_v$pkgver.zip")
 source_arm=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_arm_v$pkgver.zip")

-sha256sums_x86_64=('0e2416b56b00fdd7f970365ed8a7e2b6e38f5c5d2c94c1fd68a980bcfee1529a')
-sha256sums_i686=('598f767b3e914f137cb0e8a0acac1ad72625ad011aa9d6a2d1bf45216a6e8c97')
-sha256sums_arm=('c0f2e59e536685bd5c8b8ca70a4fd8bd4becef7eee93b8d733276066e37b8cb2')
+sha256sums_x86_64=('421ca41fa376a6a6bc8e314c83959872e4658c5fbd3a20c0bf83a50922326b0b')
+sha256sums_i686=('e0ac90259ec0e49b517ca2afd3122523553c98f186af2f1fa0dfa18a989f3d43')
+sha256sums_arm=('0c32633587325e3874c19ba5e6e658eb1ba8b3354c15c3c9da3f9d9ef849d8ca')

 check() {
+  gpg --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
   gpg --verify-files ${srcdir}/op.sig
 }

Auerhuhn commented on 2018-01-26 09:17

@Sh4rk You’re welcome, and thanks for applying the patch!

Sh4rk commented on 2018-01-26 05:45

@Auerhuhn thanks for the patch and sorry for the delay! You're a co-maintainer now. :)

Auerhuhn commented on 2018-01-25 21:55

@Sh4rk Would you mind updating the package, or perhaps adding me as a co-maintainer?

This package really needs updating; v0.1.1 doesn’t even work anymore against the current API. I’ve prepared a patch; feel free to use it:

--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Felix Seidel <felix@seidel.me>

 pkgname=1password-cli
-pkgver=0.1.1
+pkgver=0.2.1
 pkgrel=1
 pkgdesc="1Password command line tool"
 arch=('x86_64' 'i686' 'arm')
@@ -13,9 +13,9 @@ source_x86_64=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_amd
 source_i686=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_386_v$pkgver.zip")
 source_arm=("https://cache.agilebits.com/dist/1P/op/pkg/v$pkgver/op_linux_arm_v$pkgver.zip")

-sha256sums_x86_64=('6dc01dce5138f5ec8c6d6853fb22d02cfe1c0b0178f02754278d4dcac11f038b')
-sha256sums_i686=('b0edd3b2125e9bab79c7371b00f3356b37a073c65a9ca72c7b7984700e20a881')
-sha256sums_arm=('83aee44c19db20404d18bf2f1ce466294865b1f7a4f0e48bc0f925dc3dd3499d')
+sha256sums_x86_64=('3ba640545e32c94775534dfc8bf036398ad573d0f001492e7f1818e77d183b73')
+sha256sums_i686=('71fd9885d28346384dd7833552d7e0f149da0cbe774ad927ffceea8985a7dff0')
+sha256sums_arm=('b7cd9c03638ac2369db3b8f95cb2959642b219ed7938f6583561a6c5fc697c3d')

 check() {
   gpg --verify-files ${srcdir}/op.sig