New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx> #2772
Comments
Can confirm that using |
I found a fix by adding
to my @carstendietrich any chance you could post a code snippet for your fix? Looks a bit cleaner than mine! |
Same here, quickfix suggested by @tommym9 solves the problem for now. Hope there will be an official fix/release for this soon. |
@tommym9 in my project I don't have any complex setup therefore I only rely on the So as a temporary fix I pretty much did the same as you, only that I needed to add the So my
Guess now we are waiting for an updated web-base image that already contains the latest yarn key. |
It's amazing that this happens every Feb 1. This is yarnpkg/yarn#6865 (and yarnpkg/yarn#7866 as mentioned above) and it just seems to be every single year. I guess I'll need to do a release. The two answers here are perfect. |
Maybe switch the way Yarn is installed. According to docs it is recommended to use NPM for installing Yarn globally: https://yarnpkg.com/getting-started/install That could avoid the yearly key issue 😁 |
I can definitely switch to the npm approach. Will that break people? |
The current shipping/installed version of yarn in the ddev web container is 1.22.5 - the npm approach will switch to yarn v2. |
I note that the problem in this issue probably only affects people who one way or another do an |
As far as I understand the docs this shouldn't be breaking. If you install yarn globally via NPM you get version 1.22.10.. If you want to use yarn v2 and all later versions you need to actively switch on a per-project basis via:
|
Thanks, yes, just installing via npm gets v1; I missed that part. I'll do a new v1.16.6 release and also fix it for v1.17 in drud/ddev-images#43 |
I've been meaning to fix it so that the Yarn key can be automatically renewed (eg by packaging it in a Debian package that the |
Thanks @Daniel15 - I'm changing this to use the npm installation technique. That will solve everything right? |
* Update key for replaced yarnpkg key, fixes #2772 * Backport changes to circleci build for makensis * Backport test changes that break on new windows docker * Remove staticrequired step so we don't use outdated golang container
Thanks so much for reporting this issue @tommym9 and @carstendietrich - ddev v1.16.6 and v1.17.0-alpha4 are building right now and will be available shortly. Please check to make sure they resolve your issues. |
Sure. It's only an issue with GPG signing. npm repositories are not signed at all, so there's no problem, in the same way that you can solve the issue of losing or breaking your keys by removing the lock from your front door :) |
Hi,
Doing a
ddev start
this morning and I've bumped into an issue that I'm struggling to fix.A Google of this and I've seen there is a fix: yarnpkg/yarn#7866
My problem is I'm not so hot on docker so I'm struggling to figure out where this fix needs to go.
Cheers
Tom
DDEV version: 1.16.5
Docker Dekstop: 3.0.4 (updated to 3.1.0 and no change)
MacBook Pro: Catalina 10.15.7
The text was updated successfully, but these errors were encountered: