YARN: An error occurred during the signature verification
Last updated: Apr 5, 2024
Reading time·3 min
# Table of Contents
- YARN: An error occurred during the signature verification
- Getting the error after uninstalling yarn on Ubuntu
# YARN: An error occurred during the signature verification
The article addresses the following two errors:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging
- The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging
The yarn error "An error occurred during the signature verification. The
repository is not updated and the previous index files will be used." occurs
when you have an older version of the GPG key used to sign yarn releases.
To solve the error, get the updated key by running the following command in your terminal.
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
In case you don't have curl installed, make sure to install it first.
sudo apt update sudo apt install curl curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
If the issue persists, try running the following command to get the updated key.
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
The command downloads the official yarn key directly from the Ubuntu keyserver.
If you got the error when using AWS Code Build, try to add the following command to your buildspec file.
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
Note that apt-key is deprecated if you use the long-term supported version of
Debian/Ubuntu.
In this case, you can run the following commands instead.
export YARNKEY=yarn-keyring.gpg curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo gpg --dearmour -o /usr/share/keyrings/$YARNKEY echo "deb [signed-by=/usr/share/keyrings/$YARNKEY] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
If you get the following error:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx W: Some index files failed to download. They have been ignored, or old ones used instead.
Open your terminal and run the following command.
sudo gpg --refresh-keys 23E7166788B63E1E
Note that 23E7166788B63E1E corresponds to the key signature from the error
message.
The --refresh-keys parameter requests updates from a keyserver for keys that
already exist on the local keyring.
The command will update your yarn key with the latest signatures.
If you get the error when using Docker, try to add the following command to your Dockerfile.
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg -o /usr/share/keyrings/yarn-keyring.asc \ && sed -i '1s;^deb;deb [signed-by=/usr/share/keyrings/yarn-keyring.asc];' /etc/apt/sources.list.d/yarn.list
If you are on Ubuntu 22.04+ and the error persists, try running the following command.
curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/yarn.gpg
If you still get the error, try to reinstall yarn from the official
repository.
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt update sudo apt install yarn
I've also written guides on:
# Getting the error after uninstalling yarn on Ubuntu
If you got the error after uninstalling YARN on Ubuntu by running the following commands.
sudo apt-get remove yarn && sudo apt-get purge yarn sudo apt remove--autoremove yarn
Then you have to run the following command.
rm /etc/apt/sources.list.d/yarn.list
The command will resolve the missing dependencies error.
# Additional Resources
You can learn more about the related topics by checking out the following tutorials:
