-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG error: https://dl.yarnpkg.com/debian stable InRelease NO_PUBKEY E074D16EB6FF4DE3 #4453
Comments
I'm having the same issue: # Added the key
root@a7b7b8f09d84:/# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 1646B01B86E50310
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.1YxGw8HlmN --no-auto-check-trustdb --trust-model always --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 1646B01B86E50310
gpg: requesting key 86E50310 from hkp server keyserver.ubuntu.com
gpg: key 86E50310: public key "Yarn Packaging <yarn@dan.cx>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
# Confirming the key exists
root@a7b7b8f09d84:/# apt-key list
/etc/apt/trusted.gpg
--------------------
pub 4096R/86E50310 2016-10-05
uid Yarn Packaging <yarn@dan.cx>
sub 4096R/D50AF136 2016-10-05
sub 4096R/9D41F3C3 2016-10-05 [expires: 2017-10-05]
sub 4096R/FD2497F5 2016-10-30
# Updated my sources
root@a7b7b8f09d84:/# echo 'deb https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list
# Updating package index fails
root@a7b7b8f09d84:/# apt-get update -y
Hit http://security.debian.org jessie/updates InRelease
Get:1 https://dl.yarnpkg.com stable InRelease [11.5 kB]
Get:2 http://security.debian.org jessie/updates/main amd64 Packages [546 kB]
Ign http://deb.debian.org jessie InRelease
Hit http://deb.debian.org jessie-updates InRelease
Hit http://deb.debian.org jessie Release.gpg
Ign https://dl.yarnpkg.com stable InRelease
Get:3 https://dl.yarnpkg.com stable/main amd64 Packages [5912 B]
Hit http://deb.debian.org jessie Release
Get:4 http://deb.debian.org jessie-updates/main amd64 Packages [23.1 kB]
Get:5 http://deb.debian.org jessie/main amd64 Packages [9063 kB]
Fetched 9649 kB in 5s (1618 kB/s)
Reading package lists... Done
W: GPG error: https://dl.yarnpkg.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3 |
confirmed. Same here. |
The signing key changed in yarnpkg/releases@d926b59 But that key isn't available (yet?) in keyservers.
To add the latest key: |
Doing |
Confirmed they fixed it. But this moring even readding it def. didn't work! I readded it in the morning and checked it now with ansible same server. ansible ad hoc command used: |
New key should be good until 2019-01-01 according to #4253 |
Sorry about this! I'm not sure how to improve the process at the moment, so I'll have to get some advice on it. The best practice is to rotate your signing keys periodically (eg. every year, or every two years), but I might need to get advice from other people that maintain package repositories to see how they handle it. Debian and Ubuntu both rotate their keys on each release, but that works well for those projects as they have a separate repo per release. |
@Daniel15, the deb-multimedia.org repository ships a Maybe you should get in contact with Christian Marillat ( |
This might be late to this "bug", but can you please:
Because without, the whole purpose of signed repositories is voided, as any hacker can provide the exact same information as you, but with some forged key. Thanks. PS: I think of some simple client procedure like following:
FYI: You are the only trustworthy source to authenticate the new key! So please provide some clear and secure upgrade path. Downloading the key from some "obscure" website (which might got hacked in the meanwhile, as |
@hilbix - I can do this, but is it actually necessary? The new key is a subkey under exactly the same master key as the old one, so there's already implicit trust between the two. Anyone that can sign a message using the key can also add a subkey. For future key rotations, I can post a Github issue containing the fingerprint of the new key, signed with the old one. Would that be sufficient?
What about loading it from a key server (like https://pgp.mit.edu)? You could do that if you prefer. |
Thank you for noting the SubKey-Feature of OpenPGP which I was not aware of until today. I now read about it from https://wiki.debian.org/Subkeys (Beware! Here be Dragons!) and I can agree, you are completely right in what you say. The new subkey can be authenticated by the master-key of the expired old subkey. But this is not very obvious (not to tell: Very well hidden in the most secret basement ever) for people, who know everything behind the Mathematics of PKI but so far nothing about GnuPG in special (is this only me in the entire universe?). For other, who want to know, too, here is what I came up for Debian after several hours of googling around and reading manuals about GPG and so on, but for no much avail. Hence I did trial and error, so beware again: Here be dragons, too! This solution:
First, get everything in a scratch directory:
Now verify it:
Check, that both fingerprints of the master key are the same (here If so, remove the old key and install the new one and commit
Now the issues of For me my question is answered, thank you very much ;) |
* Update dependency pinning to be slightly more restrictive * Update readme instructions * Add yarn GPG key manually See: yarnpkg/yarn#4453
To automatically refresh all current apt-secure repository PGP keys with the (as root or via
|
just an wget... it was fun...! thank you |
Because everyone is sick of yarnpkg/yarn#4453
I solved the problem with the alternative installation script: |
Latest keys are expired:
|
That's being tracked in #6865 |
Development Area(s) of Interest* Accelerated Computing Autonomous Machines Deep Learning Design & Visualization Game Development Self Driving Cars Smart Cities Virtual Reality Application Domain : - Image Classification - Facial Recognition - Action Recognition - Big Data - Natural Language Processing - Medical - Speech Recognition - Object Recognition - Machine Learning Algorithms/Research Deep Learning Framework * : - Caffe - Caffe2 - Chainer - CNTK(Microsoft Cognitive Toolkit) - Deeplearning4j - Keras - MATLAB - MxNet - TensorFlow - Theano - Torch/PyTorch TRELLO : https://trello.com/b/wKBiqfM7/data-scientist ### ROADMAP DATA SCIENTIST ### https://github.com/MrMimic/data-scientist-roadmap https://github.com/bulutyazilim/awesome-datascience REFF: https://www.petanikode.com/python-virtualenv/ TOOLS : MINICONDA ANACONDA # https://conda.io/docs/user-guide/install/linux.html, #https://github.com/danigunawan/Fullstack-Python-Django-Dev/blob/master/16_djangolevelone/dev%20tools/1.django%20level%20one.txt ENV : - PIP - VIRTUALENV DEEP LEARN : - YOLO - TENSORFLOW - OPENCV INSTALL PYTHON UBUNTU 16.04 ============================ sudo apt-get -y install python sudo apt-get -y install python3 which python ls -l /usr/bin/python 1. PIP REFF : https://www.rosehosting.com/blog/how-to-install-pip-on-ubuntu-16-04/ https://www.abiraf.com/blog/modules-python-yang-wajib-dimiliki---virtualenv-dan-pip https://www.petanikode.com/python-virtualenv/ sudo apt-get update && sudo apt-get -y upgrade sudo apt-get install python-pip pip -V # PY2 pip3 -V # PY3 pip search package_name pip install package_name pip uninstall package_name pip --help #ALTERNATE sudo easy_install pip # PY2 sudo easy_install pip3 # PY3 2. VIRTUAL ENV apt install virtualenv apt install python-virtualenv # PY 2 apt install python3-virtualenv # PY 3 # Alternate sudo pip install virtualenv # install ENV LEWAT PIP # Latest Version Beta No Stable sudo pip install https://github.com/pypa/virtualenv/tarball/develop # With Curl curl -O https://pypi.python.org/packages/source/v/virtualenv/virtualenv-X.X.tar.gz tar xvfz virtualenv-X.X.tar.gz cd virtualenv-X.X sudo python setup.py install # CEK VIRTUAL ENV which virtualenv virtualenv --version # Membuat Virtual ENV mkdir my-project cd my-project virtualenv my-env Saat kita mengetik perintah virtualenv my-env, virtualenv akan otomatis membuat lingkungan virtual dan direktori baru bernama my-env. my-project/ └── my-env/ ├── bin ├── include ├── lib ├── local └── pip-selfcheck.json # Aktifkan Virtual Env source my-env/bin/activate atau . my-env/bin/activate # install Flask With PIP pip install Flask flask --version jika error : . my-env/bin/activate # masuk dulu ke env agar flask bisa flask --version ######## DEEP LEARNING AND COMPUTER VISION ######### # Awesome Deep Learning (RECOGNITION) https://github.com/daicoolb/Awesome-Object-Detections https://github.com/amusi/awesome-object-detection https://github.com/kjw0612/awesome-deep-vision https://www.pyimagesearch.com # Video Analytics - Yolo # Realtime Object Detection Darknet - OpenFace # Face Recognition # REQUIRMENT SPEC DEEP LEARNING : - NVDIA GPU, Drivers - CUDA - cuDDN Libraries - Tensorflow - Darknet YOLO - Theano - Linux Ubuntu 16.04, 17.10, 18.04 - Keras - OpenCV - Raspberry + Camera ## INSTALL ENVIRONMENT DEEP LEARNING & COMPUTER VISION # INSTALL NVDIA + CUDA 9 UBUNTU 16.04 ON LAPTOP https://gist.github.com/zhanwenchen/e520767a409325d9961072f666815bb8#install-nvidia-graphics-driver-via-apt-get https://www.linuxsec.org/2018/05/cara-install-driver-nvidia-terbaru-di.html https://medium.com/@omar.merghany95/how-to-install-tensorflow-gpu-with-cuda-toolkit-9-0-and-cudnn-7-2-1-on-aws-ec2-ubuntu-16-04-c46b469a7358 https://medium.com/@yifanguo1129/install-cuda-9-0-and-cudnn-7-2-on-ubuntu-18-04-d9a7aeb89105 https://askubuntu.com/questions/967332/how-can-i-install-cuda-9-on-ubuntu-17-10 https://askubuntu.com/questions/995542/installing-cuda-8-on-ubuntu-16-unable-to-locate-package-cuda https://www.pyimagesearch.com/2017/09/27/setting-up-ubuntu-16-04-cuda-gpu-for-deep-learning-with-python/ https://www.pytorials.com/how-to-install-tensorflow-gpu-with-cuda-10-0-for-python-on-ubuntu/2/ http://www.advancedclustering.com/act_kb/installing-nvidia-drivers-rhel-centos-7/ # INSTALL ON CENTOS https://davidwpearson.wordpress.com/2017/12/21/installing-nvidias-cuda-9-1-on-fedora-27/ # INSTALL ON FEDORA https://ddkang.github.io/2018/11/05/installing-cuda.html http://security-plus-data-science.blogspot.com/2018/01/setting-up-cuda-9-on-fedora-27.html https://nicolas-bettenburg.com/2018-08-18-ubuntu-18-04-deep-learning-box/ https://qiita.com/ishizakiyu/items/bcf1b76f1f4f02b0ac57 Install CUDA 9.2, cuDNN 7.2.1, Anaconda and PyTorch on Ubuntu 16.04 : https://gist.github.com/kylemcdonald/3ae0b88a1bf91afc00ba441fe6823a17 - INSTALL DRIVER NVDIA (AUTOMATIS RECOMMENDED) sudo ubuntu-drivers autoinstall # akan menginstall CUDA AUTOMATIS - INSTALL DRIVER NVDIA MANUAL (MANUAL) ubuntu-drivers devices # CEK sudo apt install nvidia-driver-390 # 390 seri di ubuntu driver cek atau kadang 396 tergantung di pengeckan - INSTALL DRIVER NVDIA VERSI BETA (MANUAL) sudo add-apt-repository ppa:graphics-drivers/ppa ubuntu-drivers devices # CHECK KEMBALI # INSTALL ENV DEEP LEARNING https://github.com/heethesh/Computer-Vision-and-Deep-Learning-Setup - INSTALL CUDA TOOLKIT sudo apt install nvidia-cuda-toolkit nvcc --version - INSTALL TENSORFLOW ######## END DEEP LEARNING AND COMPUTER VISION ######### ######## DEEP LEARNING (CHATBOT) ######### ######## END DEEP LEARNING (CHATBOT) ######### ##### BIG DATA ##### - Hadoop ###### IMPROVISATION AND EXPLORE ###### ## YOLO EXPLORE ## # SUPERVISELY CLUSTER https://www.youtube.com/watch?v=el07zd4Dzsg # MEDIA STREAMING SERVER @ REFF AWESOME : https://github.com/topics/media-server https://github.com/Kickball/awesome-selfhosted https://github.com/ebu/awesome-broadcasting https://github.com/manuzhang/awesome-streaming @ List Media Server Streaming : ~ Comparison : https://en.wikipedia.org/wiki/Comparison_of_streaming_media_systems - wowza - kurento - red5 - nginxRTMP - Ant Media Server - OpenVidu - Jitsi - Flussonic - Kaltura - Node RTSP RTMP Server - https://github.com/R0GGER/mistserver - helixproduction - https://github.com/daniulive/SmarterStreaming - https://hackernoon.com/build-live-video-streaming-server-use-ffmpeg-nginx-rtmp-module-nodejs-82e1bb58949e @ Referensi Spec Server Streaming Yang Bagus - Low Latency WebRTC - Adaptive Bitrate - Hardware Encoding(GPU) - Cluster - Live Publishing to Periscope, Facebook & Youtube - All Community Edition Features - RTMP, RTSP, MP4, HLS - WebRTC to RTMP Adapter - Live Publishing To Periscope - 360 Degree Live & VoD Streams - Management Dashboard @ Adaptive Streaming With Nginx https://licson.net/post/setting-up-adaptive-streaming-with-nginx/ @ Tools : - Openbroadcaster - CasparCG # https://casparcgforum.org/t/simple-video-playout/61, #https://drive.google.com/drive/u/1/folders/12xcrh-LiAatzf6ppW4pyQthokhi55qSN - Wirecast - VLC - FFMPEG - handbrake # Transcoding @ Transcoding : - # How Streaming RTSP / RTMP on client side ex: vlc client with rtmpt://ipdaddress:port # POSTING IMAGE YOLO ON PHP INSERT DB https://stackoverflow.com/questions/45792720/cant-execute-yolo-darknet-from-php-exec-predictions-png-never-appears # MESSAGE QUEUE (ANTRIAN) - KAFKA - REDIS ## END YOLO EXPLORE ## ## ABSENCE FACE RECOGNITION ## https://github.com/topics/attendance-system https://github.com/yodist/face-recognition-lbph ## END ABSENCE FACE RECOGNITION ## ###### TROUBLE SHOOTING ###### 1. Pip is not working: ImportError: No module named 'pip._internal' REFF : https://askubuntu.com/questions/1025189/pip-is-not-working-importerror-no-module-named-pip-internal 2. GPG error: https://dl.yarnpkg.com/debian stable InRelease NO_PUBKEY E074D16EB6FF4DE3 #4453 yarnpkg/yarn#4453 - Solution : curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - ###### BENCHMARK PLATFORM ###### https://lewatmana.com/kota/jakarta-pusat/
The gpg key at the official site has been updated, just follow the commands below to add it. wget -O yarnpkg.gpg.pub https://dl.yarnpkg.com/debian/pubkey.gpg |
None of the solutions posted above work for me on
|
@zzvara That's a completely different repo (dl.bintray.com/sbt/) that's unrelated to Yarn. Speak to the owner of that repo. :) |
This is the second biggest embarrassment of my life probably. (However, the package still not found, I have to look into it some more.) |
I'm having a trouble with this on Ubuntu 16.04.6. |
@i-fail Please post the exact output. |
|
The error message literally tells you what's wrong :)
|
Thank you! That worked, but now I'm getting this error: |
@viktorku thank you! that was the only thing that worked for me. |
Yes, this is currently mentioned in #7866 which is (temporarily) pinned in the repo. |
@viktorku Thank you!! |
It's worked!! thks |
For anyone who saw this: I also encountered this problem on Windows 10 version 1909, wsl 1. |
Hi All,
We use ubuntu 18.04 |
Sorry @defigor, I was trying to bump the expiry date of the key and I think I hit https://dev.gnupg.org/T3194 (the exported key worked fine on Windows but not Linux). I'll re-export the public key, which should fix it. |
@defigor Can you please try it again? I just tested on a fresh virtual machine and the public key file looks good now. |
@Daniel15 it works now, many many thanks! |
Good day! Having issue. Trying to resolve.
|
resolved by
|
Also running into this issue in Codebuild using Ubuntu, and |
Actually |
See #7866 |
fails at apt-get update since this morning(European time) with:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Some index files failed to download. They have been ignored, or old ones used instead.
Tried readding the key from:
https://dl.yarnpkg.com/debian/pubkey.gpg
no change...
guess some key timedout or got thrown out.
OS:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
atm installed Package version:
dpkg -s yarn
Package: yarn
Status: install ok installed
Priority: optional
Section: devel
Installed-Size: 3824
Maintainer: Yarn Developers yarn@dan.cx
Architecture: all
Version: 1.0.1-1
Recommends: nodejs
Conflicts: nodejs (<< 4.0.0)
The text was updated successfully, but these errors were encountered: