provider gpg key expired, all terraform deployments failing to init

[benoittoulme]

terraform init gives me this error:

[2023-10-04T19:30:15.334Z] │ Error: Failed to install provider

[2023-10-04T19:30:15.334Z] │ Error while installing splunk/splunk v1.4.22: error checking signature:

[2023-10-04T19:30:15.334Z] │ openpgp: key expired

[Update] The GPG key used to sign the provider build expired, but older version of terraform did not check for expiration date. terraform 1.6 does https://github.com/opentofu/opentofu/issues/673

Now that we understand the issue, we think that change may be reverted, as many providers are affected. Anyway, it would be good to get a new GPG key to sign the new builds as the current one is expired.

[yarv-dev]

This is the same for us. It is an incompatibility with version 1.6, which was released October 4th 2023. When we downgrade our image to use Terraform 1.5 it worked

[benoittoulme]

I should have tried this! Thanks. I did not realize I was using 1.6, setting the terraform version with tfswitch :) That's a good workaround.

[benoittoulme]

Here is the related terraform issue : https://github.com/hashicorp/terraform/issues/33984

"Based on my investigations, this may have been caused by this commit 1fe57d4. It appears that terraform wasn't checking whether or not the PGP signature was expired when using golang.org/x/crypto/openpgp but github.com/ProtonMail/go-crypto may be doing it automatically on-behalf of terraform."

[emillunde]

This is fixed in Terraform version 1.6.1.

[benoittoulme]

The GPG key is still expired :) tf 1.6.1 reverts some of the logic that failed when downloading a build for which the GPG key is expired.

The GPG key should still be updated ideally.