Yarn: 纱线Debian密钥到期日期已更新(EXPKEYSIG 23E7166788B63E1E)

创建于 2020-02-02  ·  30评论  ·  资料来源: yarnpkg/yarn

如果看到这样的错误:

The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>

或像这样:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease  The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>

这意味着您仍然具有用于签署Yarn版本的GPG密钥的较旧版本。 该密钥的有效期从2020年延长到2021年。要获取更新的密钥,请运行以下命令:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -

将来可能会自动执行。

bug-distrib os-linux
资料来源
picture Daniel15
👍48969 🚀39 🎉39 😄11 👀6

最有用的评论

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

picture alexcdot 于 2020-02-15
👍169 🚀39 🎉2928 😕2

所有30条评论

重新自动化,发行版通常有一个-keyring软件包,可以使用较新的密钥进行更新,也许您想研究一下? 例如https://packages.debian.org/buster/debian-archive-keyring

dario23 picture dario23 于 2020-02-02
👍1

@ dario23是的,这就是我一直想做的事情,但是我还没有解决。 我想我可以在我们的仓库中添加一个yarn-keyring程序包,将其添加为yarn程序包的依赖项(以确保每个人都拥有它),然后在每次更改密钥时都更新该程序包。

Daniel15 picture Daniel15 于 2020-02-02
👍8

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

alexcdot picture alexcdot 于 2020-02-15
👍169 🚀39 🎉2928 😕2

谢谢@alexcdot! 该命令依赖于软件包存储库维护者将其公共密钥上传到Ubuntu密钥服务器,但是大多数这样做,因此通常不是问题:)

Daniel15 picture Daniel15 于 2020-02-17
👍3

谢谢! @alexcdot

jijothic picture jijothic 于 2020-02-21
👍1

为什么在_sudo apt-key add -_命令之后什么也没发生? 我已经等了几分钟了。 看起来系统正在等待某些东西...

image

Shekelme picture Shekelme 于 2020-02-26

@Shekelme因为您分割了命令,所以它正在等待输入。 该命令应为curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -

mschaaf picture mschaaf 于 2020-02-26
👍14

非常感谢,现在有所帮助!

Shekelme picture Shekelme 于 2020-02-26

应该为debian提供1.22.0吗?

millette picture millette 于 2020-02-26

@millette糟糕,很抱歉,当Yarn v1网站移至classic.yarnpkg.com时,自动更新脚本中断了。 我会修复它并部署1.22.0!

Daniel15 picture Daniel15 于 2020-02-27
1

@millette现在应该可用: https :

刚刚在我的一台测试机上进行了测试,效果很好:

% sudo apt install yarn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  yarn
1 upgraded, 0 newly installed, 0 to remove and 323 not upgraded.
Need to get 891 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Get:1 http://dl.yarnpkg.com/debian stable/main amd64 yarn all 1.22.0-1 [891 kB]
Fetched 891 kB in 0s (2,328 kB/s)
Reading changelogs... Done
(Reading database ... 261276 files and directories currently installed.)
Preparing to unpack .../archives/yarn_1.22.0-1_all.deb ...
Unpacking yarn (1.22.0-1) over (1.21.1-1) ...
Setting up yarn (1.22.0-1) ...

15:19 daniel<strong i="9">@vps03</strong> /home/daniel
% yarn --version
1.22.0
Daniel15 picture Daniel15 于 2020-02-27

我也是,谢谢@ Daniel15

millette picture millette 于 2020-02-27

我在Windows 10下的Ubuntu下遇到相同的问题
Linux AVPHR-3HD87Y2-L 4.4.0-17134-Microsoft#1130-Microsoft Thu Nov 07 15:21:00 PST 2019 x86_64 x86_64 x86_64 GNU / Linux。

谢谢@ Daniel15

建议您解决方案。

kfowlks picture kfowlks 于 2020-02-28

更新就好了:curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt键添加-

summersjc picture summersjc 于 2020-03-04
👍1

由于此问题已经开放了足够长的时间,因此请关闭该问题。

Daniel15 picture Daniel15 于 2020-03-05

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

如果@alexcdot的建议修复超时,请尝试通过端口80强制

sudo apt-key adv --refresh-keys --keyserver hkp://keyserver.ubuntu.com:80
jason-azze picture jason-azze 于 2020-03-11
👍2

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

该命令在AWS EC2 Ubuntu 18.04中非常有效

ubuntu<strong i="9">@demo</strong>:~$ sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
Executing: /tmp/apt-key-gpghome.yhsIc98R5A/gpg.1.sh --refresh-keys --keyserver keyserver.ubuntu.com
gpg: refreshing 6 keys from hkp://keyserver.ubuntu.com
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: key 871920D1991BC93C: "Ubuntu Archive Automatic Signing Key (2018) <[email protected]>" not changed
gpg: key D94AA3F0EFE21092: 2 duplicate signatures removed
gpg: key D94AA3F0EFE21092: 62 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>" 59 new signatures
gpg: key 3B4FE6ACC0B21F32: 21 signatures not checked due to missing keys
gpg: key 3B4FE6ACC0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <[email protected]>" 18 new signatures
gpg: key 4F4EA0AAE5267A6C: "Launchpad PPA for Ondřej Surý" not changed
gpg: key 4F4EA0AAE5267A6C: "Launchpad PPA for Ondřej Surý" not changed
gpg: key 1646B01B86E50310: 3 signatures not checked due to missing keys
gpg: key 1646B01B86E50310: "Yarn Packaging <[email protected]>" 5 new signatures
gpg: Total number processed: 6
gpg:              unchanged: 3
gpg:         new signatures: 82
aleon1220 picture aleon1220 于 2020-03-27 
Executing: /tmp/apt-key-gpghome.N4svD19CdM/gpg.1.sh --refresh-keys --keyserver keyserver.ubuntu.com:80
gpg: refreshing 11 keys from keyserver.ubuntu.com:80
gpg: keyserver refresh failed: No keyserver available
joesixpack picture joesixpack 于 2020-04-03

@joesixpack您可能与Ubuntu密钥服务器有连接问题,或者它已关闭(例如,出于维护目的)。 您可以尝试使用其他密钥服务器。

Daniel15 picture Daniel15 于 2020-04-03

由于确切的错误消息而来到这里。 使用Raspbian。 几分钟前刚刚尝试了@ Daniel15的建议,得到了以下内容(带有和不带有sudo ):

:~ $ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.

有什么建议?

luisfrocha picture luisfrocha 于 2020-04-07

@luisfrocha确保已安装ca-certificates软件包,否则所有SSL / TLS连接都将失败。

Daniel15 picture Daniel15 于 2020-04-07

@ Daniel15

:~ $ sudo apt install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20190110).
0 upgraded, 0 newly installed, 0 to remove and 60 not upgraded.
luisfrocha picture luisfrocha 于 2020-04-07

好吧,我不想,但毕竟我必须。 我执行了curl命令,并添加了-k标志,效果很好。

luisfrocha picture luisfrocha 于 2020-04-07

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

这个为我工作。 谢谢 :)

pshongwe picture pshongwe 于 2020-04-11

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

谢谢

ShahidDarbar picture ShahidDarbar 于 2020-04-20

我正在尝试安装yarn并遇到主要问题。
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -给了我以下输出:

gpg: invalid key resource URL '/tmp/apt-key-gpghome.gq2UKui5Xm/home:manuelschneid3r.asc.gpg'
gpg: keyblock resource '(null)': General error
gpg: key 76F1A20FF987672F: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 3B4FE6ACC0B21F32: 3 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: 3 signatures not checked due to missing keys
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: Total number processed: 17
gpg:       skipped new keys: 17

以下sudo apt update && sudo apt install yarn输出

W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

我也已经尝试过sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com ,但是我遇到了类似的错误:

gpg: invalid key resource URL '/tmp/apt-key-gpghome.FtkPocMoE3/home:manuelschneid3r.asc.gpg'
gpg: keyblock resource '(null)': General error
gpg: key 76F1A20FF987672F: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 1488EB46E192A257: 1 signature not checked due to a missing key
gpg: key 3B4FE6ACC0B21F32: 3 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: 3 signatures not checked due to missing keys
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: Total number processed: 16
gpg:       skipped new keys: 16

我非常感谢任何想法可能出什么问题,我在软件包管理器方面没有太多经验,并且上述建议似乎没有帮助。

更新:
抱歉,关键错误似乎来自另一个程序包而不是纱线。 现在安装就好了!

LukasSchaefer picture LukasSchaefer 于 2020-08-02
👍1

@LukasSchaefer我认为该错误中的任何GPG密钥都不是Yarn GPG密钥。 您可能需要弄清楚这些键的用途并进行修复。

您从sudo apt update获得的完整输出是多少?

Daniel15 picture Daniel15 于 2020-08-17

@ Daniel15感谢您的提示。 我完全错过了钥匙错误来自另一个程序包的问题。 纠正此错误后,按照上述命令安装好纱线。

抱歉!

LukasSchaefer picture LukasSchaefer 于 2020-08-17

sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com也可以解决许多存在此问题的软件包的问题

对我有用。 谢谢!

quangvv-1620 picture quangvv-1620 于 2020-10-14

我也已经解决了,只是花了我一些时间去检查解决方案。 谢谢!

jensbrak picture jensbrak 于 2020-11-04
🚀1
此页面是否有帮助?
0 / 5 - 0 等级

相关问题

NonPolynomial picture NonPolynomial  ·  3评论
sebmck picture sebmck  ·  3评论
mnpenner picture mnpenner  ·  3评论
baptistelebail picture baptistelebail  ·  3评论
torifat picture torifat  ·  3评论