`corepack` problems (specially in CI)

1

It seems there's been a corepack armageddon these last hours: Newly published versions of package managers distributed from npm cannot be installed due to key id mismatch · Issue #612 · nodejs/corepack · GitHub

The error looks like:

C:\Program Files\nodejs\node_modules\corepack\dist\lib\corepack.cjs:21535
  if (key == null || signature == null) throw new Error(`Cannot find matching keyid: ${JSON.stringify({ signatures, keys })}`);
                                              ^

Error: Cannot find matching keyid: {"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEUCIQDlkgmNyZjT7KUY8AO6jH7Gs3fyiXG8nbTnuLbd8fOS2AIgXyJ6SaYhumMFzUYQAZPJGhsnlaD5N0X2MZsbG+eS/Xo="}],"keys":[{"expires":null,"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","key":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg=="}]}
    at verifySignature (C:\Program Files\nodejs\node_modules\corepack\dist\lib\corepack.cjs:21535:47)
    at installVersion (C:\Program Files\nodejs\node_modules\corepack\dist\lib\corepack.cjs:21882:7)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async Engine.ensurePackageManager (C:\Program Files\nodejs\node_modules\corepack\dist\lib\corepack.cjs:22316:32)
    at async Engine.executePackageManagerRequest (C:\Program Files\nodejs\node_modules\corepack\dist\lib\corepack.cjs:22416:25)
    at async Object.runMain (C:\Program Files\nodejs\node_modules\corepack\dist\lib\corepack.cjs:23102:5)        

Node.js v22.13.0

The workaround is to install latest corepack if you are hit by it (specially on CI):

npm i -g corepack@latest && corepack enable

As I see could be that this is unnecessary when they update a couple of versions here and there, but in case someone needs it today.

7 Likes
2

Thank you :blush:

3

This is making its way through Read The Docs builds as well for Volto:

4

How i needed this today, its been 5days of corepack war :sob: Thank you.

1 Like
5

@sneridagh I tried to fix it by your suggestion, but it did not help.

During CI on Github Action Frontend CI, I got the first error hit (some more similar later):

during code analysis -> Get pnpm store directory

0s
Run echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:21535
  if (key == null || signature == null) throw new Error(`Cannot find matching keyid: ${JSON.stringify({ signatures, keys })}`);
                                              ^

Error: Cannot find matching keyid: {"signatures":[{"sig":"MEYCIQDbcyRXEEpUvMj22WsicmOsvx+ctqHZv1vLScf3/247EAIhANfMkRDNAHdtTDNZ34BVH2z2z0Ef8o5VK4osH6ES9RHW","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"keys":[{"expires":null,"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","key":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg=="}]}
    at verifySignature (/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:21535:47)
    at fetchLatestStableVersion (/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:21553:5)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async fetchLatestStableVersion2 (/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:21672:14)
    at async Engine.getDefaultVersion (/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:22298:23)
    at async Engine.executePackageManagerRequest (/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:22396:47)
    at async Object.runMain (/opt/hostedtoolcache/node/22.13.1/x64/lib/node_modules/corepack/dist/lib/corepack.cjs:23102:5)

Node.js v22.13.1

On the dev machine I had corepack --version
0.29.4

I ran npm i -g corepack@latest && corepack enable on the dev machine and now have: corepack --version
0.31.0
pnpm --version
9.13.0

Since nothing changed locally to be commited to github the error on github remained.

I reran make install in the project root and
in devops

  • make server-setup,
  • make stack-deploy

But this does not help to make the Frontend CI image generation on github work, because nothing changed to be pushed.

What step I am missing?

FYI: other steps failing:

Setup pnpm cache

...
Error: Input required and not supplied: path

Linting

...
Error: Cannot find matching keyid: {"signatures":

i18n sync

...
Error: Cannot find matching keyid: {"signatures":

Unit Tests

...
Error: Cannot find matching keyid: {"signatures":
6

via @sneridagh :

on every occurrence (in CI too) of corepack enable you replace it with npm i -g corepack@latest && corepack enable . Also images [need to be] updated after that issue are required (18.8.2 at least)

How to fix the corepack issue in the CI workflow

  • The corepack enable command is present e.g. in the projects .github/workflows/frontend.yml around line 50 and then needs to be temporarily adjusted as described.
  • corepack enable was not found nowhere else in the workflows.

I tried it out and can confirm : Frontend CI image creation and Manual deployment went smooth afterwards.

Run Plone locally with a Docker stack

Remark: There is also an occurence as corepack enable pnpm in the frontend/Dockerfile at the end. I did not need to modify this since I run Plone locally without a Docker stack and my global run of npm i -g corepack@latest && corepack enable did the job for now.

Guess: -> You may need to fix it in frontend/Dockerfile as well, if you use Docker locally!

7

@acsr You made me realize we need to add the fix in cookieplone-templates: Add corepack workaround in more places by davisagli · Pull Request #162 · plone/cookieplone-templates · GitHub