Follow

noticed that the GPG key for the yarnpkg repository on my Mastodon servers expired and apt update was failing

curl -sS dl.yarnpkg.com/debian/pubkey.g | sudo apt-key add -

that's the command to get the new key and add it

@staticsafe Did they update the key by now (on Jan 1, it was still the old one in their repo...).

@galaxis yeah looks like they did, I pulled the new key and no more errors from apt

@galaxis maybe I should put a yearly cron job to update the key if it expires yearly like this 🤔

@staticsafe Yeah, looks like they're currently rolling a new subkey for each year:

> gpg --with-fingerprint pubkey.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096 2016-10-05 [SC]
uid Yarn Packaging <yarn@dan.cx>
sub rsa4096 2016-10-05 [E]
sub rsa4096 2016-10-05 [S] [expired: 2017-10-05]
sub rsa4096 2016-10-30 [S] [expired: 2019-01-01]
sub rsa4096 2017-09-10 [S] [expired: 2019-01-01]
sub rsa4096 2019-01-02 [S] [expires: 2020-02-02]

Sign in to participate in the conversation
Zombocom

staticsafe's personal Mastodon instance.