Dear 1Password CLI team,
I’m a co-maintainer for the
1password-cli package for 1Password CLI Beta on the Arch User Repository (AUR). Earlier today, a user of the AUR package has informed me that the 0.4.1 release packages for Linux on AgileBit’s site have changed since build #v41001 was released on 2018-05-10. I was able to confirm this.
The original checksums of the 0.4.1 Linux releases, as recorded by myself on 2018-05-15, were:
sha256sums_x86_64=('997676a84931b0206e9dcbb387bd58610d53272a961bc7f955c23debf8f7e474') sha256sums_i686=('334a5370f134bc904507d6142903d74c43fa240f70f28ad978bbc81cf6f36fd5') sha256sums_arm=('eded6146a8520dacee803c3b878a16694c5a95df6db4dea1ff2a017b4468d3f8')
As of 2018-06-03, the current checksums for the 0.4.1 Linux releases are:
sha256sums_x86_64=('22113980776ed26a0805e6d941fd7bb0a0f394cd0154c23f0de841a1caf68de9') sha256sums_i686=('d136d890f97351c050c9af3322aeb2b41a19e4983d5721cb7738e24464ba43fb') sha256sums_arm=('c7a712a25e0c67319c7f6181b4da4feee0028af6cd2100c1cf6a00f75fac6d7e')
Per good practice, the AUR package rely mainly on the GPG signature by AgileBits; only as an additional safety net does it check the SHA signatures of the downloaded binaries. The modified binaries are indeed signed by AgileBits, and the signatures are perfectly good. While I assume they are therefore probably 100 % safe to use, I was unable to find any accompanying release note, blog article, or bump of version number and date, which I personally feel is barely unusual enough to make me feel a little uneasy. It also has never happened before since I’ve started checking SHAs for all of AgileBits’s binary releases.
To that end, despite the perfectly good signature, allow me to ask just for good measure and reassurance:
Important clarification for other readers: The
1password-cli package is a community effort; it has no connection to AgileBits or the 1Password organization, and is not supported nor endorsed by either.
Thanks in advance and kind regards,
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Arch Linux
Sync Type: Not Provided