If you see an error like this:
The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>
Or like this:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>
It means that you still have an older version of the GPG key used to sign Yarn releases. The expiry date for this key was extended from 2020 to 2021. To get the updated key, run this:
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
This will likely be automated in the future.
re automation, the distributions usually have a -keyring
package that can be updated with newer keys, maybe you want to look into that? e.g. https://packages.debian.org/buster/debian-archive-keyring
@dario23 Yeah, that's what I've been meaning to do, however I just haven't gotten around to it. I think I could add a yarn-keyring package to our repo, add it as a dependency of the yarn package (to ensure everyone has it), and then update that package whenever we change the key.
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue
Thanks @alexcdot! That command relies on package repository maintainers uploading their public keys to the Ubuntu keyserver, but most do, so it's usually not an issue :)
Thank you! @alexcdot
Why there's nothing happens after _sudo apt-key add -_ command? I am waiting for several minutes already. Looks like the system is waiting for something...
@Shekelme It is waiting for input because you split the command. The command should be taken as it curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
Huge thanks, it helped now!
Should 1.22.0 be available for debian ?
@millette Oops, sorry, the auto-update script broke when the Yarn v1 site moved to classic.yarnpkg.com. I'll fix it and get 1.22.0 deployed!
@millette It should be available now: https://github.com/yarnpkg/releases/commit/3f7f2c766d64da64f41ff62d63c126112981ee63
Just tested on one of my test machines and it worked fine:
% sudo apt install yarn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
yarn
1 upgraded, 0 newly installed, 0 to remove and 323 not upgraded.
Need to get 891 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Get:1 http://dl.yarnpkg.com/debian stable/main amd64 yarn all 1.22.0-1 [891 kB]
Fetched 891 kB in 0s (2,328 kB/s)
Reading changelogs... Done
(Reading database ... 261276 files and directories currently installed.)
Preparing to unpack .../archives/yarn_1.22.0-1_all.deb ...
Unpacking yarn (1.22.0-1) over (1.21.1-1) ...
Setting up yarn (1.22.0-1) ...
15:19 daniel@vps03 /home/daniel
% yarn --version
1.22.0
Me too, thanks @Daniel15
I had the same issue with under Ubuntu under Windows 10
Linux AVPHR-3HD87Y2-L 4.4.0-17134-Microsoft #1130-Microsoft Thu Nov 07 15:21:00 PST 2019 x86_64 x86_64 x86_64 GNU/Linux.
Thanks @Daniel15
You're suggested solution resolved it.
Updated just fine with: curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
Closing this issue since it's been open for long enough.
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue
If @alexcdot 's recommended fix times out for you, try forcing hkp over port 80.
sudo apt-key adv --refresh-keys --keyserver hkp://keyserver.ubuntu.com:80
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue
That command works amazingly in AWS EC2 Ubuntu 18.04
ubuntu@demo:~$ sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
Executing: /tmp/apt-key-gpghome.yhsIc98R5A/gpg.1.sh --refresh-keys --keyserver keyserver.ubuntu.com
gpg: refreshing 6 keys from hkp://keyserver.ubuntu.com
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: key 871920D1991BC93C: "Ubuntu Archive Automatic Signing Key (2018) <[email protected]>" not changed
gpg: key D94AA3F0EFE21092: 2 duplicate signatures removed
gpg: key D94AA3F0EFE21092: 62 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>" 59 new signatures
gpg: key 3B4FE6ACC0B21F32: 21 signatures not checked due to missing keys
gpg: key 3B4FE6ACC0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <[email protected]>" 18 new signatures
gpg: key 4F4EA0AAE5267A6C: "Launchpad PPA for Ond艡ej Sur媒" not changed
gpg: key 4F4EA0AAE5267A6C: "Launchpad PPA for Ond艡ej Sur媒" not changed
gpg: key 1646B01B86E50310: 3 signatures not checked due to missing keys
gpg: key 1646B01B86E50310: "Yarn Packaging <[email protected]>" 5 new signatures
gpg: Total number processed: 6
gpg: unchanged: 3
gpg: new signatures: 82
Executing: /tmp/apt-key-gpghome.N4svD19CdM/gpg.1.sh --refresh-keys --keyserver keyserver.ubuntu.com:80
gpg: refreshing 11 keys from keyserver.ubuntu.com:80
gpg: keyserver refresh failed: No keyserver available
@joesixpack You either have connectivity issues to the Ubuntu keyserver, or it's down (eg. for maintenance). You could try using a different keyserver.
Came here because of that exact error message. Using Raspbian. Just tried @Daniel15's suggestion a few minutes ago and got the following (with & without sudo
):
:~ $ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.
Any suggestions?
@luisfrocha make sure you have the ca-certificates
package installed, otherwise all SSL/TLS connections will fail.
@Daniel15
:~ $ sudo apt install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20190110).
0 upgraded, 0 newly installed, 0 to remove and 60 not upgraded.
Well, I didn't want to, but I had to after all. I did the curl command, and added the -k
flag, which worked fine.
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue
this one worked for me. Thanks :)
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue
Thank You
I'm trying to install yarn and run into key issues as well.
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
gives me the following output:
gpg: invalid key resource URL '/tmp/apt-key-gpghome.gq2UKui5Xm/home:manuelschneid3r.asc.gpg'
gpg: keyblock resource '(null)': General error
gpg: key 76F1A20FF987672F: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 3B4FE6ACC0B21F32: 3 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: 3 signatures not checked due to missing keys
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: Total number processed: 17
gpg: skipped new keys: 17
A following sudo apt update && sudo apt install yarn
outputs
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
I also already tried sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
, but I got similar errors:
gpg: invalid key resource URL '/tmp/apt-key-gpghome.FtkPocMoE3/home:manuelschneid3r.asc.gpg'
gpg: keyblock resource '(null)': General error
gpg: key 76F1A20FF987672F: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 3B4FE6ACC0B21F32: 3 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: 3 signatures not checked due to missing keys
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: Total number processed: 16
gpg: skipped new keys: 16
I'd greatly appreciate any ideas what might go wrong, I don't have much experience with package managers and the suggestions above didn't seem to help.
UPDATE:
Apologies, it seems like the key-error came from another package rather than yarn. It installed just fine now!
@LukasSchaefer I don't think any of the GPG keys in that error are the Yarn GPG key. You may need to figure out what those keys are for and fix them.
What's the full output you get from sudo apt update
?
@Daniel15 Thanks for that hint. I totally missed that the key-error was coming from another package. After fixing this error, yarn installed just fine with the commands stated above.
Apologies for that!
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue
that work for me. thank you!
Fixed for me too, just took me some time to bother check for a solution. Thx!
Most helpful comment
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
also works to fix this issue for many different packages that have this issue