Skip to content

How to Resolve Yarn Key Expiration Date

Summary

I've run into this issue on a few different VMs and thought it was worth documenting.

There is an issue when running sudo apt update && sudo apt upgrade that causes the update/upgrade to fail because of expired key signatures related to Yarn.

What to Expect

This error may present itself in two different ways, which I'll list below:

The first possible error looks like this:

The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>

The second possible error looks like this:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>

W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>

How to Resolve

Seeing either of those errors means that you still have an older version of the GPG key used to sign Yarn releases. The expiry date for this key was extended from 2020 to 2021.

To get the updated key, run this:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -

References

https://github.com/yarnpkg/yarn/issues/7866