Tfenv: Can't install any version of terraform < 0.15.1 due to openpgp errors

This seems related to this: https://github.com/hashicorp/terraform/issues/28518

I can confirm, changing this line here: https://github.com/tfutils/tfenv/blob/master/libexec/tfenv-install#L156 to

download_signature() {
  log 'info' "Downloading SHA hash signature file from ${version_url}/${shasums_name}.72D7468F.sig";
  curlw -s -f \
    -o "${download_tmp}/${shasums_name}.sig" \
    "${version_url}/${shasums_name}.72D7468F.sig" \
    && log 'debug' "SHA256SUMS signature file downloaded successfully to ${download_tmp}/${shasums_name}.sig" \
    || log 'error' 'SHA256SUMS signature download failed';
};

fixed my issue and now is confirming signatures correctly.

Mind you this works for versions that are pre-0.15.1. 0.15.1 and further will use the new key and the signature files will be located at the normal .sig suffix.

I am using the use-gpgv method of verification, and it seems like adding the current key from Security at HashiCorp to share/hashicorp-keys.pgp with gpg --keyring share/hashicorp-keys.pgp --no-default-keyring --import and that seems to have fixed the issue for me.

Hello,

I have fix this problem in Pull Request 257 (https://github.com/tfutils/tfenv/pull/257) but i wait validation by maintainers.

I have send an email at 2 maintainers but i don"t have answer.
I hope this PR will be quickly validate.

v2.2.1 released with this included.

I'm still getting these errors after updating tfenv to 2.2.1 via homebrew:

~/p/t/d/dev(⎈ |production-2457-us-west-2:argocd) czibolski ❯❯❯ tfenv install 0.12.31                                                                                                                                                                                                                                                                                                                                          master ✭ ✱
Installing Terraform v0.12.31
Downloading release tarball from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_darwin_amd64.zip
######################################################################################################################################################################################################################################################### 100.0%
Downloading SHA hash file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS
Downloading SHA hash signature file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS.sig
▶ INFO Identifying hashicorp
✔ <new> public key fingerprint: C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F
✖ <Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c> public key fingerprint: 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C
You last followed hashicorp on 2021-03-02 14:39:01 PST
✔ <followed> admin of DNS zone hashicorp.com: found TXT entry keybase-site-verification=a-iv8bbkw3LgvmnT-p1jJ7Com9O-5GrOyFClq2-0iRQ [cached 2021-04-30 12:27:13 PDT]
▶ WARNING Some proofs were revoked:
✖ <Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c>
▶ ERROR failed to identify "hashicorp": Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c; 1 followed proof failed
SHA256SUMS signature does not match!
~/p/t/d/dev(⎈ |production-2457-us-west-2:argocd) czibolski ❯❯❯ tfenv --version                                                                                                                                                                                                                                                                                                                                               ⏎master ✭ ✱
tfenv 2.2.1

Ignore me. I had to trust the new key in keybase first.