This release is a hotfix for an expired package signing key with no other changes. If you see the following error when running sudo apt update or sudo dnf check-update, you can install the latest package directly to resolve it:
The following signatures were invalid: EXPKEYSIG 17C4AE797B819BF4 Flox Security (release signing key) <security@flox.dev>
Debian/Ubuntu (DEB):
# For x86_64:
curl -fsSL -O https://downloads.flox.dev/by-env/stable/deb/flox-1.11.4.x86_64-linux.deb
sudo dpkg -i flox-1.11.4.x86_64-linux.deb# For aarch64 (ARM):
curl -fsSL -O https://downloads.flox.dev/by-env/stable/deb/flox-1.11.4.aarch64-linux.deb
sudo dpkg -i flox-1.11.4.aarch64-linux.debFedora/RHEL/Rocky (RPM):
First, find and remove the expired Flox signing key:
rpm -e gpg-pubkey-d89ee7d68a1ba21f4bf9a8f517c4ae797b819bf4-661ed2e2Note
This may return error: package gpg-pubkey-d89ee7d68a1ba21f4bf9a8f517c4ae797b819bf4-661ed2e2 is not installed; that message is expected and does not indicate a failure
Then import the updated signing key:
rpm --import https://downloads.flox.dev/by-env/stable/rpm/flox-archive-keyring.ascThen update Flox:
dnf update floxOnce installed, sudo apt update and sudo dnf check-update will no longer produce this error. If you have any issues or questions, you can reach us on our community slack.
Download Links
- DEB (x86_64-linux)
- DEB (aarch64-linux)
- RPM (x86_64-linux)
- RPM (aarch64-linux)
- OSX (x86_64-darwin)
- OSX (aarch64-darwin)
Note
You can find the SHA256 checksums for Flox 1.11.4 and SHA512 checksums for Flox 1.11.4 online.