Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG errors for yarn repository on apt-get update #18

Closed
pboehm opened this issue Feb 4, 2021 · 3 comments
Closed

GPG errors for yarn repository on apt-get update #18

pboehm opened this issue Feb 4, 2021 · 3 comments

Comments

@pboehm
Copy link

pboehm commented Feb 4, 2021
edited
Loading

Hi,

thanks for your work on this really useful project!

I'm currently using the nikolaik/python-nodejs:python3.7-nodejs14 docker image in a CI step and with the latest version there are problems when installing additional packages via apt-get because the signature of the yarn repository release file is invalid or the signing key is expired (yarnpkg/yarn#7866).

$ docker run -it --rm nikolaik/python-nodejs:python3.7-nodejs14 bash -xc "apt-get update && apt-get install --no-install-recommends -y libspatialindex-dev"
+ apt-get update
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [121 kB]                                                                            
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]                                                                            
Get:4 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]                                            
Get:5 http://security.debian.org/debian-security buster/updates/main amd64 Packages [266 kB]                            
Get:6 https://deb.nodesource.com/node_14.x buster InRelease [4584 B]
Get:7 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Err:4 https://dl.yarnpkg.com/debian stable InRelease
  The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
Get:8 https://deb.nodesource.com/node_14.x buster/main amd64 Packages [766 B]
Get:9 http://deb.debian.org/debian buster-updates/main amd64 Packages [7848 B]
Reading package lists... Done                          
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

This probably affects all other debian based image variants. As a workaround I'm currently importing the gpg key manually before running apt-get update as yarnpkg/yarn#7866 (comment) suggests.
@nikolaik
Copy link
Owner

nikolaik commented Feb 4, 2021

It seems the expiry was updated here yarnpkg/releases@32e8cf6#diff-81d93757457f988523814ae0009837ae893f38d3fe123f2c37896f118b4c7804 and the image tag python3.7-nodejs14 was last rebuilt https://github.com/nikolaik/docker-python-nodejs/blame/master/versions.json#L255

Let's trigger a rebuild of all images then

@nikolaik
Copy link
Owner

nikolaik commented Feb 4, 2021

That did the trick it seems. Let me know if you still have issues 🤗

@nikolaik nikolaik closed this as completed Feb 4, 2021
@pboehm
Copy link
Author

pboehm commented Feb 4, 2021

Thank you, that solves the problem.

@mmyers5 mmyers5 mentioned this issue Jan 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nikolaik @pboehm