CodeBleu commented on issue #109: URL: https://github.com/apache/cloudstack-terraform-provider/issues/109#issuecomment-2072362454
@rohityadavcloud Unfortunately the signature validation is still not working: `- Installed cloudstack/cloudstack v0.5.0. Signature validation was skipped due to the registry not containing GPG keys for this provider` I downloaded your public key and did a quick test, and get the following: ``` $ gpg --keyring ./tempkeyring.gpg --verify ~/Downloads/cloudstack-terraform-provider_0.5.0_SHA256SUMS.sig cs_pub_key.asc gpg: Signature made Tue 09 Apr 2024 03:23:08 AM EDT gpg: using RSA key 5ED1E1122DC5E8A4A45112C2484248210EE3D884 gpg: BAD signature from "Rohit Yadav (CODE SIGNING KEY) <bhais...@apache.org>" [unknown] ``` Is [this](https://github.com/opentofu/registry/pull/416/files) key the same key that was used to sign the SHA file? Maybe the SHA256SUMS file was updated when all the checksum stuff was being fixed, and the SHA256SUMS.sig just needs to be re-created/sign the SHA256SUMS file after those changes? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org