From 06825bf46db55b8e5c8771742b07b084fe55e88f Mon Sep 17 00:00:00 2001 From: Justin Campbell Date: Fri, 16 Nov 2018 16:32:31 -0500 Subject: [PATCH] plugin/discovery: Add friendly gpg err msg When GPG verification fails, display a helpful message to the user instead of the generic openpgp error. --- plugin/discovery/get.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/plugin/discovery/get.go b/plugin/discovery/get.go index 558a277ee..2f6ac1a91 100644 --- a/plugin/discovery/get.go +++ b/plugin/discovery/get.go @@ -27,6 +27,12 @@ import ( const protocolVersionHeader = "x-terraform-protocol-version" +const gpgVerificationError = `GPG signature verification error: +Terraform was unable to verify the GPG signature of the downloaded provider +files using the keys downloaded from the Terraform Registry. This may mean that +the publisher of the provider removed the key it was signed with, or that the +distributed files were changed after this version was released.` + var httpClient *http.Client var errVersionNotFound = errors.New("version not found") @@ -369,13 +375,14 @@ func (i *ProviderInstaller) getProviderChecksum(urls *response.TerraformProvider asciiArmor := urls.SigningKeys.GPGASCIIArmor() signer, err := verifySig(shasums, signature, asciiArmor) if err != nil { - return "", err + log.Printf("[ERROR] error verifying signature: %s", err) + return "", fmt.Errorf(gpgVerificationError) } // Display identity for GPG key which succeeded verifying the signature. // This could also be used to display to the user with i.Ui.Info(). identities := []string{} - for k, _ := range signer.Identities { + for k := range signer.Identities { identities = append(identities, k) } identity := strings.Join(identities, ", ")