This release is missing a couple of artifacts (the .msi/.rpm/.deb/.asc files); we're working on fixing this.

[dorianmariecom]

I see the release are missing artefacts, I was wondering if there was an issue tracking it.

This release is missing a couple of artifacts (the .msi/.rpm/.deb/.asc files); we're working on fixing this.

https://github.com/yarnpkg/yarn/releases

[MikeMcC399]

@arcanis

Each of the releases going back 6 months carries the warning

• https://github.com/yarnpkg/yarn/releases/tag/v1.22.20 Nov 14, 2023
• https://github.com/yarnpkg/yarn/releases/tag/v1.22.21 Nov 14. 2023
• https://github.com/yarnpkg/yarn/releases/tag/v1.22.22 Mar 9, 2024

Is there any expectation about when this might get fixed, at least for v1.22.22, the latest release?

[MikeMcC399]

The missing .asc files, containing PGP signatures, are a barrier to distributing these Yarn v1 releases through a Docker environment. Please let us know if there is still an intention to provide these files or if that is no longer expected to happen.

[Daniel15]

I'm not sure what's going on here and don't really work on Yarn any more, but I can manually rebuild these files if needed. Do you need both versions or just the most recent one?

Note that we don't have an active Authenticode certificate any more, so the MSI files will be unsigned.

[MikeMcC399]

@Daniel15

Thanks for responding! I don't want to speak for the original poster, but I would need only the PGP signature for the latest version:

Yarn 1.22.22

i.e. yarn-v1.22.22.tar.gz.asc

posted to the release location

https://github.com/yarnpkg/yarn/releases/download/v1.22.22/yarn-v1.22.22.tar.gz.asc

so it can be picked up by automated scripts using the URL

https://yarnpkg.com/downloads/1.22.22/yarn-v1.22.22.tar.gz.asc

[alvincrespo]

I'm running into this issue using cypress/factory:

4.968 + curl -fsSLO --compressed https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz
5.705 + curl -fsSLO --compressed https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz.asc
6.119 curl: (22) The requested URL returned error: 404 
6.136 child process exited with code 22
------
Dockerfile.cypress:1
--------------------
   1 | >>> FROM cypress/factory
   2 |     
   3 |     COPY . /opt/app
--------------------
ERROR: failed to solve: process "/bin/sh -c node /opt/installScripts/yarn/install-yarn-version.js ${YARN_VERSION}" did not complete successfully: exit code: 22

Visiting https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz is fine, but https://yarnpkg.com/downloads/1.22.21/yarn-v1.22.21.tar.gz.asc gives a 404.

[Daniel15]

For Yarn v1.22.22, I've uploaded everything except the Windows installer. Working on that now - The version of WiX I had on my personal PC wasn't compatible with whatever version Yarn is using.

For my future reference:

Build Debian/RPM:

yarn install
yarn build-dist
./dist/bin/yarn --version # Check the build works
yarn build-deb

Build Windows installer:

yarn install
yarn build-dist
./dist/bin/yarn --version # Check the build works
yarn build-win-installer

Sign with GPG:

gpg -u 23E7166788B63E1E --armor --output - --detach-sign yarn-v1.22.22.tar.gz > yarn-v1.22.22.tar.gz.asc
gpg --verify yarn-v1.22.22.tar.gz{.asc,} # Ensure the signature is valid 
# Repeat for each file

[Daniel15]

All artifacts have been uploaded for Yarn v1.22.22. @arcanis Please feel free to ping me when you want to cut a new release, and I can do this again. 😄