Package Cannot Be Verified Error

tiryns · September 26, 2025, 10:42pm

Hi All,

Can anyone advise me if this is likely a local error on my machine, or an error at the developer/repository/Discover Store end, or something else (like a transient network impact)? Just trying to figure out where to start with troubleshooting - do I raise it with 1Password, or as a Fedora bug, or is there something I should be doing myself first (e.g. clearing a cache, clearing repositories, doing a clean, etc)?

Current error as below (for 1Password), but previously had the same error with Brave Browser - the Brave one went away after a day or so after multiple reboots, and Brave updated. But this 1Password one has been showing for several days now, repeated attempts after rebooting or full restarts return the same result, and it’s blocking any system updates from installing (although other unique app updates seem to install okay around it, just the KDE Plasma & Fedora stuff won’t).

Invalid package file:

package 1password-8.11.10-1.x86_64 cannot be verified and repo 1password is GPG enabled:
/var/cache/PackageKit/42/metadata/1password-42-x86_64/packages/1password-8.11.10.x86_64.rpm could not be verified.
/var/cache/PackageKit/42/metadata/1password-42-x86_64/packages/1password-8.11.10.x86_64.rpm: digest: SIGNATURE: NOT OK

Thanks.

nonki · September 27, 2025, 1:04am

what’s the P.I.D.?

tiryns · September 27, 2025, 1:26am

Hi,

59043 I believe (that’s for the main “Discover” process - not aware if there’s a different named process in the back end calling the actual install routines) - but could be 2834? Edited terminal output below:

2834   \_ /usr/libexec/DiscoverNotifier --check-delay 20
59043  \_ /usr/bin/plasma-discover
137769         \_ /usr/bin/grep -i discover

nonki · September 27, 2025, 2:21am

How about your system time? Is it the correct time?

tiryns · September 27, 2025, 7:19am

Yes it is.

gobigobi66 · September 27, 2025, 7:44am

it means that the signature of the 1Password package does not match the GPG key installed on your system .

Why?

Old or missing GPG key – 1Password rotated their signing key, but your system still has the old one.
Corrupted package in the cache – the .rpm file got damaged during download.
Wrong repo config – your repo file may point to an outdated key.

Import the signature, clean dnf cache, reinstall the package

sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc
sudo dnf clean all
sudo dnf install 1password

tiryns · September 27, 2025, 7:58am

Yep that fixed it thanks - I suspected it was #1 or #2 you listed - it’s updated happily previous couple of weeks so wasn’t likely to be #3 - but wasn’t sure if clean, etc, was right action. Know now for next time.

Cheers.

Topic		Replies	Views
Signature verification failed for 1Password update on Fedora WS 41 Ask Fedora workstation , f41	7	1237	June 9, 2025
Technical details - update issue to your distribution's packagers Ask Fedora upgrades , packages	3	355	October 19, 2023
Can't update to fedora 40 Ask Fedora kde , kde-plasma	2	17974	May 2, 2024
Discover cannot update system packages if a GPG key has to be imported Ask Fedora kde , security , discover , dnf , f40	0	337	April 18, 2024
OpenPGP check for package "klassy-6.2.breeze6.2.1-10.2.x86_64" (/var/cache/libdnf5/home_paul4us-b9251e1f4b97dd77/packages/klassy-6.2.breeze6.2.1-10.2.x86_64.rpm) from repo "home_paul4us" has failed: Problem occurred when opening the package Ask Fedora	4	330	January 13, 2025

Package Cannot Be Verified Error

Related topics