Closed walter-weinmann closed 2 years ago
I'm having this issue as well. Trying to install latest Yarn with asdf v.0.9.0 on macOS 10.15.7. I have been able to install multiple Elixir, Erlang, NodeJS, and Ruby packages with asdf but having an issue with Yarn. I had to install Yarn with npm. I have been able to add the Yarn asdf plugin but get this result when trying to install:
$ asdf install yarn latest
--2022-01-07 16:55:15-- https://classic.yarnpkg.com/downloads/1.22.17/yarn-v1.22.17.tar.gz
Resolving classic.yarnpkg.com... 2600:1f18:2489:8200:a007:6646:1f31:908c, 2604:a880:400:d0::1bdf:e001, 161.35.60.200, ...
Connecting to classic.yarnpkg.com|2600:1f18:2489:8200:a007:6646:1f31:908c|:443... connected.
ERROR: cannot verify classic.yarnpkg.com's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
Issued certificate has expired.
To connect to classic.yarnpkg.com insecurely, use `--no-check-certificate'.
Running asdf install yarn latest --no-check-certificate
gives me the same return.
Here are the outputs of some of my asdf environment commands:
$ asdf --version
v0.9.0
$ asdf list
elixir
1.13.1
1.8.0-otp-21
1.8.1-otp-21
1.8.2
erlang
21.3.8.24
23.3.4.4
24.1
nodejs
17.3.0
ruby
3.0.3
3.1.0
yarn
No versions installed
$ asdf current
elixir 1.13.1 /Users/*/.tool-versions
erlang 24.1 /Users/*/.tool-versions
nodejs 17.3.0 /Users/*/.tool-versions
ruby 3.1.0 ASDF_RUBY_VERSION environment variable
yarn ______ No version is set. Run "asdf <global|shell|local> yarn <version>"
The part confusing me most is that although I have successfully installed yarn through npm:
$ yarn --version
1.22.17
and I can run Yarn commands, and when I try to set the version with asdf it fails:
$ asdf global yarn 1.22.17
version 1.22.17 is not installed for yarn
I get this result when I run which
:
$ which yarn
/Users/*/.asdf/shims/yarn
I checked in the shims directory and there is indeed a Yarn binary there. Any ideas?
Let's Encrypt famously had an expiring root CA certificate recently. When there's a change in root CAs like that, there are a few factors involved in order for things to keep operating smoothly:
The proprietors of the new root CAs (that's Let's Encrypt!) need to have their CA certificates incorporated into the various sets of trust anchors (CA certificates) included in various OS distributions.
Users (that's us!) need to update our copies of those trust anchors (CA certificates) to be up-to-date with the one that has the shiny new CA(s).
Website operators (that's Yarn!) need to update their certificates to be signed by the shiny new CA. This happens organically as the old certificates expire and get replaced.
The most likely culprit here is (2). Make sure you've got the latest CA certificates in your system trust store.
I'm not sure if this matters or not, but I've never tried using latest
as the version. I wonder if this issue occurs only when trying to use that, as opposed to 1.22.17
.
Thanks for the information! I was able to fix this issue but through a different route. After a brew upgrade
I was updated to openssl@3 and my openssl symlinks were changed, and subsequent tries of asdf install yarn latest
gave me a different error:
dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
Referenced from: /usr/local/bin/wget
Reason: image not found
This Stack Overflow question did the trick for me and I can now install and switch between all versions of Yarn with asdf.
NB: asdf install plug-in latest
has worked for me with every plug in (and is working now with Yarn), and the original issue I was having was the same whether I ran that command or asdf install yarn 1.22.17
Yikes! Downgrading OpenSSL to a deprecated version is dangerous and I would definitely not recommend that. Even if it technically fixes the problem right now, it makes your system susceptible to current and future security vulnerabilities that the openssl team has not committed to support in backporting/patching.
https://www.openssl.org/source/
It seems like the problem is wget
which is used by this plugin by default, and which also needs to be updated after a major-version upgrade to openssl. With Homebrew managing some system-level packages and MacOS managing others, things can get really wonky in particular after OS upgrades.
If you didn't install wget
via Homebrew, I'd recommend upgrading openssl back to the latest supported version (v3) then brew install wget
, which should, in theory, get you into a healthy state where you're up-to-date and asdf plugins like this one which use wget are also working.
This did it for me! I appreciate your advice. The following chain of commands now has me smoothly installing yarn with openssl@3:
brew reinstall openssl@3
ln -sfn /usr/local/Cellar/openssl@3/3.0.1 /usr/local/opt/openssl
brew install wget
asdf install yarn [latest|1.22.17]
Much obliged, cheers!
Just sneaking in here to say that this also helped me with yarn 1.22.19. Thank you @msimonborg
None of the above worked for me.
I just ended up hacking ~/.asdf/plugins/yarn/bin/install
to add a --no-check-certificate
to all the wget
commands and comment out the ... gpg --verify ...
line.
That got yarn installed and I could move on with my life...
I was seeing the same issue today but the other suggestions didn't work for me.
For some reason (that I've not worked out) the ca-certificates
symlinks were broken in my brew install.
brew doctor
kind of hinted at this:
$ brew doctor
Warning: Broken symlinks were found. Remove them with `brew cleanup`:
/usr/local/etc/gnutls/cert.pem
/usr/local/etc/openssl@1.1/cert.pem
/usr/local/etc/openssl@3/cert.pem
brew reinstall ca-certificates
then re-running the asdf install
command worked for me. No changes to the plugin's code were required to get it working again so conflicts won't happen when the plugin is updated in the future. 🚀