when running apt update
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
You need to run
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
as per this page.
Had the same issue, not sure why the key suddenly changed.
Can repro:
$ sudo apt-get update && sudo apt-get install yarn
[...]
Err:6 https://dl.yarnpkg.com/debian stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
Get:12 http://security.ubuntu.com/ubuntu xenial-security/main Sources [91.3 kB]
Get:13 http://security.ubuntu.com/ubuntu xenial-security/universe Sources [43.1 kB]
Get:14 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [354 kB]
Get:15 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [169 kB]
Get:16 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [89.3 kB]
Fetched 2,886 kB in 3s (828 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
yarn is already the newest version (1.0.1-1).
[...]
See #4253.
Sorry about this! I'm not sure how to improve the process at the moment. The best practice is to rotate your signing keys periodically (eg. every year, or every two years), but I might need to get advice from other people that maintain package repositories to see how they handle it. Debian and Ubuntu both rotate their keys on each release, but that works well for those projects as they have a separate repo per release.
I solved the problem with the alternative installation script:
curl -o- -L https://yarnpkg.com/install.sh | bash
Then followed the suggestions in it.
the command curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
worked with a recent reappearing of the same issue:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
That is the most recent key, which was created today. You'll need to run
the curl | apt-key command again to re-load the key
Sent from my phone.
On Tue, Jan 1, 2019, 11:31 PM Im <[email protected] wrote:
the command curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo
apt-key add - worked with a recent reappearing of the same issue:W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/4505#issuecomment-450800492, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAFnHeknudaQWWPR_6159zsHU1-_pUWaks5u_GBGgaJpZM4PcxTL
.
For the benefit of everyone else who tries to search duckduckgo for "NO_PUBKEY 23E7166788B63E1E" I'll leave this comment here for discoverability. (Should help with for those who still use google as well, it was understandably just as clueless as DDG ;-)
You need to run
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
as per this page.
Had the same issue, not sure why the key suddenly changed.
For me, it was the best solution.
I’m running into this problem on Ubuntu 20.04 after adding the public key using
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
The error is:
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Most helpful comment
You need to run
as per this page.
Had the same issue, not sure why the key suddenly changed.