Missing RSA key ID 821C587A from the release team, keyserver changed

[pmontrasio]

I added a comment to Issue #40 about the missing key with id 821C587A.

The cause is that there is a new Node release team member with that key.
Furthermore they changed keyserver from ipv4.pool.sks-keyservers.net to pool.sks-keyservers.net.

A quick fix is to download the missing key with

gpg --keyserver pool.sks-keyservers.net --recv-keys 77984A986EBC2AA786BC0F66B01FBB92821C587A

but ~/.asdf/plugins/nodejs/bin/import-release-team-keyring should be updated with the commands at https://github.com/nodejs/node#release-team

[hubertlepicki]

I have got the same issue.

[hubertlepicki]

The fix is to update nodejs plugin, or all plugins:

asdf update-plugin --all

and then re-import the pgp keys:
bash ~/.asdf/plugins/nodejs/bin/import-release-team-keyring

[PaoloLaurenti]

The workaround works fine. Only a little clarification.
The command is not asdf update-plugin --all but it's asdf plugin-update --all .

[wangbus]

Why does this say: "WARNING: This key is not certified with a trusted signature!"

% asdf install nodejs 8.9.2
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4553    0  4553    0     0   8913      0 --:--:-- --:--:-- --:--:--  8927
gpg: Signature made Tue Dec  5 14:19:10 2017 PST
gpg:                using RSA key 77984A986EBC2AA786BC0F66B01FBB92821C587A
gpg: Good signature from "Gibson Fahnestock <gibfahn@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7798 4A98 6EBC 2AA7 86BC  0F66 B01F BB92 821C 587A
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 15.2M  100 15.2M    0     0  2786k      0  0:00:05  0:00:05 --:--:-- 3172k
node-v8.9.2-darwin-x64.tar.gz: OK

[drusepth]

The workaround above does not work for me.

$ gpg --list-keys | tail -n 6

pub   rsa4096 2016-10-07 [SC]
      77984A986EBC2AA786BC0F66B01FBB92821C587A
uid           [ unknown] Gibson Fahnestock <gibfahn@gmail.com>
sub   rsa4096 2016-10-07 [E]

$ asdf install nodejs 8.9.2
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4553    0  4553    0     0  28324      0 --:--:-- --:--:-- --:--:-- 28456
gpg: Signature made Tue Dec  5 16:19:10 2017 CST
gpg:                using RSA key 77984A986EBC2AA786BC0F66B01FBB92821C587A
gpg: Can't check signature: No public key
Authenticity of checksum file can not be assured! Please be sure to check the README of 
asdf-nodejs in case you did not yet bootstrap trust. If you already did that then that 
is the point to become SUSPICIOUS! There must be a reason why this is failing. If you 
are installing an older NodeJS version you might need to import OpenPGP keys of previous 
release managers. Exiting.

I've tried clearing all keys (deleting each one manually with gpg --delete-key until gpg --list-keys was empty) and reimporting (from both ipv4.pool. and pool., separately of course), but no solutions seem to be working. I'm on the latest asdf-nodejs as well.

$ asdf plugin-update nodejs
Updating nodejs...
Already up-to-date.

Guess I should also include this output:

$ bash ~/.asdf/plugins/nodejs/bin/import-release-team-keyring
gpg: key 7434390BDBE9B9C5: 2 signatures not checked due to missing keys
gpg: key 7434390BDBE9B9C5: "Colin Ihrig <cjihrig@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key 09FE44734EB7990E: 2 signatures not checked due to missing keys
gpg: key 09FE44734EB7990E: "Jeremiah Senkpiel <fishrock123@rocketmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key C97EC7A07EDE3FC1: 19 signatures not checked due to missing keys
gpg: key C97EC7A07EDE3FC1: "keybase.io/jasnell <jasnell@keybase.io>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key C273792F7D83545D: 2 signatures not checked due to missing keys
gpg: key C273792F7D83545D: "Rod Vagg <rod@vagg.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key E73BC641CC11F4C8: 12 signatures not checked due to missing keys
gpg: key E73BC641CC11F4C8: "Myles Borins <myles.borins@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key B63B535A4C206CA9: 4 signatures not checked due to missing keys
gpg: key B63B535A4C206CA9: "Evan Lucas <evanlucas@me.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key 23EFEFE93C4CFFFE: "Italo A. Casas <me@italoacasas.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key B01FBB92821C587A: "Gibson Fahnestock <gibfahn@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

[annieogrady]

@drusepth - any resolution?
i have the same issue.

[changalberto]

@drusepth I got the same issue... can't find a solution yet... please let me know if anyone has found a fix. Thanks

[drusepth]

No fix has been found. I switched to using n to manage my nodejs versions.

[RobinClowers]

I have no real idea why, but this fixed it for me:

rm -rf ~/.asdf/keyrings/nodejs
~/.asdf/plugins/nodejs/bin/import-release-team-keyring

[Stratus3D]

Can you all try the latest version? I think this has been fixed.

[wangbus]

@Stratus3D Just tried 8.11.3 & 10.7.0 and they both work flawlessly. Thanks!

[drusepth]

Seems to now be working for me as well. 👍

[Stratus3D]

We may eventually need to add a purge-release-team-keyring script to invoke rm -rf ~/.asdf/keyrings/nodejs if this becomes a problem again, but for now I don't think anything is needed.