Updating the YARN GPG Key on a Ghost Droplet

Since the beginning of 2019, my DigitalOcean Ghost droplet started giving the following error whenever I ran the apt-update command:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1EW: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease  The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1EW: Some index files failed to download. They have been ignored, or old ones used instead.

After doing some research, I found that the yarn developer is following good security practices and updating their PUBKEY every two years. It is documentened in the GitHub issue 4253

This can be easily resolve by running the command:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s