1Password for Mac 6 5 5: Manual update required

SECURITY

Jeffrey Goldberg by Jeffrey Goldberg on

tl;dr

As a result of an expired provisioning profile and format change in the developer certificate, customers who downloaded 1Password for Mac directly from our site will need to manually update to the latest version. Those using 1Password from the Mac App Store are not affected.

For those who are interested, here are the events that conspired against us to make for an interesting Family Day weekend…

Fire at the office

I was out at the gym yesterday when I received a call from my wife. I thought she was calling about our belated Valentine’s dinner we had planned. Instead she rather alarmingly told me that “Sara called and said there is a fire at the office”.

Rushing home, I was expecting to hear that the hammocks and standing desks had gone up in flames. (Happily our servers are all virtual so I wasn’t too concerned). The “fire at the office” turned out to be a fire with 1Password for Mac. Customers were getting an error message when trying to start 1Password!

Fire at the office

I urgently gathered our Mac team who were enjoying their holiday weekend to figure out what happened. We quickly recreated the issue and found this error in the logs: Binary is improperly signed. This seemed very strange to me as this version was released back in 2016.

We knew our developer certificate was going to expire on Saturday, but thought nothing of it because we believed those were only necessary when publishing a new version. Apparently that’s not the case. In reality it had the unexpected side effect of causing macOS to refuse to launch 1Password properly.

New certificate, new format

We renewed our certificate and released 1Password 6.5.4 thinking all would be well. And that’s when the other shoe dropped. When we created the new certificate it had a new format for the Common Name.

While this sounds like an inconsequential change, our built-in installer goes to great lengths to validate that every 1Password update is actually 1Password. Since our installer did not recognize the new certificate format it refused to update.

No problem can’t be solved without yet another build, so we created 1Password 6.5.5 ?

Long story short, 1Password 6.5.5 is now available and solves all these problems. The only catch is it requires you to install it manually.

Moving forward

As you might imagine, we have a whole new level of understanding of the importance of expiring provisioning profiles and certificates. Our new certificate expires in 2022 but I can guarantee you we will be renewing it far before then.

I do apologize for the inconvenience and extra work that this will cause you. I am sure you had better things to do on your long weekend too. If you have any problems with this update please let us know.

I also want to take a quick moment to say “Thank You”. The understanding that I’ve seen from the 1Password community is overwhelming. You never cease to amaze me. It has truly been a humbling experience.

Having spent all Saturday fighting this fire, I still owe Brenda the dinner we were supposed to have had. After missing Valentine’s Day dinners two weeks in a row, I kind of wish the actual office had been on fire ?

Chief Defender Against the Dark Arts

Jeffrey Goldberg - Chief Defender Against the Dark Arts Jeffrey Goldberg - Chief Defender Against the Dark Arts

Tweet about this post

Continue Reading