CodeBleu commented on issue #109:
URL:
https://github.com/apache/cloudstack-terraform-provider/issues/109#issuecomment-2072362454
@rohityadavcloud
Unfortunately the signature validation is still not working:
`- Installed cloudstack/cloudstack v0.5.0. Signature validation was skipped
due to the registry not containing GPG keys for this provider`
I downloaded your public key and did a quick test, and get the following:
```
$ gpg --keyring ./tempkeyring.gpg --verify
~/Downloads/cloudstack-terraform-provider_0.5.0_SHA256SUMS.sig cs_pub_key.asc
gpg: Signature made Tue 09 Apr 2024 03:23:08 AM EDT
gpg: using RSA key 5ED1E1122DC5E8A4A45112C2484248210EE3D884
gpg: BAD signature from "Rohit Yadav (CODE SIGNING KEY)
<bhais...@apache.org>" [unknown]
```
Is [this](https://github.com/opentofu/registry/pull/416/files) key the same
key that was used to sign the SHA file?
Maybe the SHA256SUMS file was updated when all the checksum stuff was being
fixed, and the SHA256SUMS.sig just needs to be re-created/sign the SHA256SUMS
file after those changes?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
