Closed dorianmariecom closed 1 month ago
@arcanis
Each of the releases going back 6 months carries the warning
Is there any expectation about when this might get fixed, at least for v1.22.22
, the latest release?
The missing .asc
files, containing PGP signatures, are a barrier to distributing these Yarn v1 releases through a Docker environment. Please let us know if there is still an intention to provide these files or if that is no longer expected to happen.
I'm not sure what's going on here and don't really work on Yarn any more, but I can manually rebuild these files if needed. Do you need both versions or just the most recent one?
Note that we don't have an active Authenticode certificate any more, so the MSI files will be unsigned.
@Daniel15
Thanks for responding! I don't want to speak for the original poster, but I would need only the PGP signature for the latest version:
Yarn 1.22.22
i.e. yarn-v1.22.22.tar.gz.asc
posted to the release location
https://github.com/yarnpkg/yarn/releases/download/v1.22.22/yarn-v1.22.22.tar.gz.asc
so it can be picked up by automated scripts using the URL
https://yarnpkg.com/downloads/1.22.22/yarn-v1.22.22.tar.gz.asc
I'm running into this issue using cypress/factory:
4.968 + curl -fsSLO --compressed https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz
5.705 + curl -fsSLO --compressed https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz.asc
6.119 curl: (22) The requested URL returned error: 404
6.136 child process exited with code 22
------
Dockerfile.cypress:1
--------------------
1 | >>> FROM cypress/factory
2 |
3 | COPY . /opt/app
--------------------
ERROR: failed to solve: process "/bin/sh -c node /opt/installScripts/yarn/install-yarn-version.js ${YARN_VERSION}" did not complete successfully: exit code: 22
Visiting https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz is fine, but https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz.asc gives a 404.
For Yarn v1.22.22, I've uploaded everything except the Windows installer. Working on that now - The version of WiX I had on my personal PC wasn't compatible with whatever version Yarn is using.
For my future reference:
Build Debian/RPM:
yarn install
yarn build-dist
./dist/bin/yarn --version # Check the build works
yarn build-deb
Build Windows installer:
yarn install
yarn build-dist
./dist/bin/yarn --version # Check the build works
yarn build-win-installer
Sign with GPG:
gpg -u 23E7166788B63E1E --armor --output - --detach-sign yarn-v1.22.22.tar.gz > yarn-v1.22.22.tar.gz.asc
gpg --verify yarn-v1.22.22.tar.gz{.asc,} # Ensure the signature is valid
# Repeat for each file
All artifacts have been uploaded for Yarn v1.22.22. @arcanis Please feel free to ping me when you want to cut a new release, and I can do this again. 😄
I see the release are missing artefacts, I was wondering if there was an issue tracking it.
https://github.com/yarnpkg/yarn/releases