I cannot install any version of terraform prior to 0.15.1
. When I try to install I get the following errors:
❯ tfenv install 0.12.2
Installing Terraform v0.12.2
Downloading release tarball from https://releases.hashicorp.com/terraform/0.12.2/terraform_0.12.2_darwin_amd64.zip
#=#=- # # #=O=# # # ######################################################################################################################################################################################################################################################### 100.0%
Downloading SHA hash file from https://releases.hashicorp.com/terraform/0.12.2/terraform_0.12.2_SHA256SUMS
Downloading SHA hash signature file from https://releases.hashicorp.com/terraform/0.12.2/terraform_0.12.2_SHA256SUMS.sig
▶ ERROR openpgp: signature made by unknown entity
SHA256SUMS signature does not match!
I do have keybase installed. Trying to install 0.15.1 I noticed I had some errors with their public key having changed. I ran keybase follow hashicorp
and I accepted the changes. I then ran keybase pgp pull
(I had noticed that in a few other issues on here) and tried again but to no avail. I have the most recent version of tfenv according to brew. I'm at a loss how to proceed.
This seems related to this: https://github.com/hashicorp/terraform/issues/28518
I can confirm, changing this line here: https://github.com/tfutils/tfenv/blob/master/libexec/tfenv-install#L156 to
download_signature() {
log 'info' "Downloading SHA hash signature file from ${version_url}/${shasums_name}.72D7468F.sig";
curlw -s -f \
-o "${download_tmp}/${shasums_name}.sig" \
"${version_url}/${shasums_name}.72D7468F.sig" \
&& log 'debug' "SHA256SUMS signature file downloaded successfully to ${download_tmp}/${shasums_name}.sig" \
|| log 'error' 'SHA256SUMS signature download failed';
};
fixed my issue and now is confirming signatures correctly.
Mind you this works for versions that are pre-0.15.1
. 0.15.1
and further will use the new key and the signature files will be located at the normal .sig
suffix.
I am using the use-gpgv
method of verification, and it seems like adding the current key from Security at HashiCorp to share/hashicorp-keys.pgp
with gpg --keyring share/hashicorp-keys.pgp --no-default-keyring --import
and that seems to have fixed the issue for me.
Hello,
I have fix this problem in Pull Request 257 (https://github.com/tfutils/tfenv/pull/257) but i wait validation by maintainers.
I have send an email at 2 maintainers but i don"t have answer.
I hope this PR will be quickly validate.
v2.2.1 released with this included.
I'm still getting these errors after updating tfenv to 2.2.1 via homebrew:
~/p/t/d/dev(⎈ |production-2457-us-west-2:argocd) czibolski ❯❯❯ tfenv install 0.12.31 master ✭ ✱
Installing Terraform v0.12.31
Downloading release tarball from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_darwin_amd64.zip
######################################################################################################################################################################################################################################################### 100.0%
Downloading SHA hash file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS
Downloading SHA hash signature file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS.sig
▶ INFO Identifying hashicorp
✔ <new> public key fingerprint: C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F
✖ <Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c> public key fingerprint: 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C
You last followed hashicorp on 2021-03-02 14:39:01 PST
✔ <followed> admin of DNS zone hashicorp.com: found TXT entry keybase-site-verification=a-iv8bbkw3LgvmnT-p1jJ7Com9O-5GrOyFClq2-0iRQ [cached 2021-04-30 12:27:13 PDT]
▶ WARNING Some proofs were revoked:
✖ <Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c>
▶ ERROR failed to identify "hashicorp": Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c; 1 followed proof failed
SHA256SUMS signature does not match!
~/p/t/d/dev(⎈ |production-2457-us-west-2:argocd) czibolski ❯❯❯ tfenv --version ⏎master ✭ ✱
tfenv 2.2.1
Ignore me. I had to trust the new key in keybase first.