diff --git a/README.md b/README.md index 3fd5643..95200fb 100644 --- a/README.md +++ b/README.md @@ -20,10 +20,20 @@ mise plugin i yarn mise plugin up yarn ``` -# Development +## Development This repo has github workflows which check linting and formatting of code in `bin` folder. To lint code run `make lint` (note: requires `shellcheck` to be installed) To check formatting run `make format-check` (requires `shfmt` to be installed) and to format code run `make fmt` + +## yarn v1 missing signatures + +[Latest v1 releases](https://github.com/yarnpkg/yarn/releases/) (`1.22.22`, `1.22.21`, `1.22.20`) don't have signature files (`.asc`) which makes it impossible to install these versions (gpg signature verification doesn't pass). They say "we're working on fixing this" but issue persists since Nov 14, 2023 (release of 1.22.20) + +To be able to install those you can use `MISE_YARN_SKIP_GPG` env var + +```shell +MISE_YARN_SKIP_GPG=true mise install yarn@1.22.22 +``` diff --git a/bin/install b/bin/install index 91bb33c..cfe69c8 100755 --- a/bin/install +++ b/bin/install @@ -23,22 +23,26 @@ asdf_yarn_v1_download_wget() { # Download archive wget -O "yarn-v${ASDF_INSTALL_VERSION}.tar.gz" "https://classic.yarnpkg.com/downloads/${ASDF_INSTALL_VERSION}/yarn-v${ASDF_INSTALL_VERSION}.tar.gz" - # Download archive signature - wget -O "yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" "https://classic.yarnpkg.com/downloads/${ASDF_INSTALL_VERSION}/yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" + if [ -z ${MISE_YARN_SKIP_GPG+false} ]; then + # Download archive signature + wget -O "yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" "https://classic.yarnpkg.com/downloads/${ASDF_INSTALL_VERSION}/yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" - # Download and import signing key - wget -q -O - "https://dl.yarnpkg.com/debian/pubkey.gpg" | GNUPGHOME="$(asdf_yarn_v1_keyring)" gpg --import + # Download and import signing key + wget -q -O - "https://dl.yarnpkg.com/debian/pubkey.gpg" | GNUPGHOME="$(asdf_yarn_v1_keyring)" gpg --import + fi } asdf_yarn_v1_download_curl() { # Download archive curl -sSL -o "yarn-v${ASDF_INSTALL_VERSION}.tar.gz" "https://classic.yarnpkg.com/downloads/${ASDF_INSTALL_VERSION}/yarn-v${ASDF_INSTALL_VERSION}.tar.gz" - # Download archive signature - curl -sSL -o "yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" "https://classic.yarnpkg.com/downloads/${ASDF_INSTALL_VERSION}/yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" + if [ -z ${MISE_YARN_SKIP_GPG+false} ]; then + # Download archive signature + curl -sSL -o "yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" "https://classic.yarnpkg.com/downloads/${ASDF_INSTALL_VERSION}/yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" - # Download and import signing key - curl -sSL "https://dl.yarnpkg.com/debian/pubkey.gpg" | GNUPGHOME="$(asdf_yarn_v1_keyring)" gpg --import + #Download and import signing key + curl -sSL "https://dl.yarnpkg.com/debian/pubkey.gpg" | GNUPGHOME="$(asdf_yarn_v1_keyring)" gpg --import + fi } asdf_yarn_v1_download() { @@ -52,7 +56,11 @@ asdf_yarn_v1_download() { } asdf_yarn_v1_install() { - { [ -x "$(which tar)" ] && [ -x "$(which gpg)" ]; } || asdf_yarn_fail "Missing one or more of the following dependencies: tar, gpg" + [ -x "$(which tar)" ] || asdf_yarn_fail "Missing following dependency: tar" + + if [ -z ${MISE_YARN_SKIP_GPG+false} ]; then + [ -x "$(which gpg)" ] || asdf_yarn_fail "Missing following dependency: gpg" + fi local ASDF_YARN_DIR ASDF_YARN_DIR="$(mktemp -d -t asdf-yarn-XXXXXXX)" @@ -62,8 +70,10 @@ asdf_yarn_v1_install() { asdf_yarn_v1_download - # Verify archive signature - GNUPGHOME="$(asdf_yarn_v1_keyring)" gpg --verify "yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" "yarn-v${ASDF_INSTALL_VERSION}.tar.gz" + if [ -z ${MISE_YARN_SKIP_GPG+false} ]; then + # Verify archive signature + GNUPGHOME="$(asdf_yarn_v1_keyring)" gpg --verify "yarn-v${ASDF_INSTALL_VERSION}.tar.gz.asc" "yarn-v${ASDF_INSTALL_VERSION}.tar.gz" + fi # Extract archive tar xzf "yarn-v${ASDF_INSTALL_VERSION}.tar.gz" --strip-components=1 --no-same-owner