Can't install any version of terraform < 0.15.1 due to openpgp errors

[dkolb]

I cannot install any version of terraform prior to 0.15.1. When I try to install I get the following errors:

❯ tfenv install 0.12.2
Installing Terraform v0.12.2
Downloading release tarball from https://releases.hashicorp.com/terraform/0.12.2/terraform_0.12.2_darwin_amd64.zip
#=#=-  #       #                                                                                                                                                                                                                                               #=O=#     #        #      ######################################################################################################################################################################################################################################################### 100.0%
Downloading SHA hash file from https://releases.hashicorp.com/terraform/0.12.2/terraform_0.12.2_SHA256SUMS
Downloading SHA hash signature file from https://releases.hashicorp.com/terraform/0.12.2/terraform_0.12.2_SHA256SUMS.sig
▶ ERROR openpgp: signature made by unknown entity
SHA256SUMS signature does not match!

I do have keybase installed. Trying to install 0.15.1 I noticed I had some errors with their public key having changed. I ran keybase follow hashicorp and I accepted the changes. I then ran keybase pgp pull (I had noticed that in a few other issues on here) and tried again but to no avail. I have the most recent version of tfenv according to brew. I'm at a loss how to proceed.

[dkolb]

This seems related to this: hashicorp/terraform#28518

I can confirm, changing this line here: https://github.com/tfutils/tfenv/blob/master/libexec/tfenv-install#L156 to

download_signature() {
  log 'info' "Downloading SHA hash signature file from ${version_url}/${shasums_name}.72D7468F.sig";
  curlw -s -f \
    -o "${download_tmp}/${shasums_name}.sig" \
    "${version_url}/${shasums_name}.72D7468F.sig" \
    && log 'debug' "SHA256SUMS signature file downloaded successfully to ${download_tmp}/${shasums_name}.sig" \
    || log 'error' 'SHA256SUMS signature download failed';
};

fixed my issue and now is confirming signatures correctly.

Mind you this works for versions that are pre-0.15.1. 0.15.1 and further will use the new key and the signature files will be located at the normal .sig suffix.

[douglaswth]

I am using the use-gpgv method of verification, and it seems like adding the current key from Security at HashiCorp to share/hashicorp-keys.pgp with gpg --keyring share/hashicorp-keys.pgp --no-default-keyring --import and that seems to have fixed the issue for me.

[Genesys05]

Hello,

I have fix this problem in Pull Request 257 (#257) but i wait validation by maintainers.

I have send an email at 2 maintainers but i don"t have answer.
I hope this PR will be quickly validate.

[Zordrak]

v2.2.1 released with this included.

[chancez]

I'm still getting these errors after updating tfenv to 2.2.1 via homebrew:

~/p/t/d/dev(⎈ |production-2457-us-west-2:argocd) czibolski ❯❯❯ tfenv install 0.12.31                                                                                                                                                                                                                                                                                                                                          master ✭ ✱
Installing Terraform v0.12.31
Downloading release tarball from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_darwin_amd64.zip
######################################################################################################################################################################################################################################################### 100.0%
Downloading SHA hash file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS
Downloading SHA hash signature file from https://releases.hashicorp.com/terraform/0.12.31/terraform_0.12.31_SHA256SUMS.sig
▶ INFO Identifying hashicorp
✔ <new> public key fingerprint: C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F
✖ <Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c> public key fingerprint: 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C
You last followed hashicorp on 2021-03-02 14:39:01 PST
✔ <followed> admin of DNS zone hashicorp.com: found TXT entry keybase-site-verification=a-iv8bbkw3LgvmnT-p1jJ7Com9O-5GrOyFClq2-0iRQ [cached 2021-04-30 12:27:13 PDT]
▶ WARNING Some proofs were revoked:
✖ <Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c>
▶ ERROR failed to identify "hashicorp": Deleted proof: 91a6e7f85d05c65630bef18951852d87348ffc4c; 1 followed proof failed
SHA256SUMS signature does not match!
~/p/t/d/dev(⎈ |production-2457-us-west-2:argocd) czibolski ❯❯❯ tfenv --version                                                                                                                                                                                                                                                                                                                                               ⏎master ✭ ✱
tfenv 2.2.1

[chancez]

Ignore me. I had to trust the new key in keybase first.