Closed bgshacklett closed 2 years ago
Umm, I can't reproduce this failure in my environment.
% TFLINT_LOG=debug tflint --init
02:19:47 config.go:105: [INFO] Load config: .tflint.hcl
02:19:47 config.go:324: [DEBUG] Config loaded
02:19:47 config.go:325: [DEBUG] Module: false
02:19:47 config.go:326: [DEBUG] Force: false
02:19:47 config.go:327: [DEBUG] IgnoreModules: map[string]bool{}
02:19:47 config.go:328: [DEBUG] Varfiles: []string{}
02:19:47 config.go:329: [DEBUG] Variables: []string{}
02:19:47 config.go:330: [DEBUG] DisabledByDefault: false
02:19:47 config.go:331: [DEBUG] Rules: map[string]*tflint.RuleConfig{}
02:19:47 config.go:332: [DEBUG] Plugins: map[string]*tflint.PluginConfig{"aws":(*tflint.PluginConfig)(0xc00038c
f80)}
Installing `aws` plugin...
02:19:47 install.go:80: [DEBUG] Mkdir plugin dir: /Users/watanabekazuma/.tflint.d/plugins/github.com/terraform-li
nters/tflint-ruleset-aws/0.7.0
02:19:47 install.go:153: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/rel
eases/tags/v0.7.0
02:19:48 install.go:160: [DEBUG] asset found: checksums.txt
02:19:48 install.go:160: [DEBUG] asset found: checksums.txt.sig
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_darwin_amd64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_darwin_arm64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_386.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_amd64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_arm.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_arm64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_386.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_amd64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_arm.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_arm64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_netbsd_386.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_netbsd_amd64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_netbsd_arm.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_386.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_amd64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_arm.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_arm64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_386.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_amd64.zip
02:19:48 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_arm.zip
02:19:48 install.go:90: [DEBUG] Download checksums.txt
02:19:48 install.go:176: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/assets/43504208
02:19:49 install.go:194: [DEBUG] Downloaded to /var/folders/ds/c5vrpyx94xv7xxzvrf9_qyx00000gn/T/tflint-download-temp-file-895313512
02:19:49 install.go:101: [DEBUG] Download checksums.txt.sig
02:19:49 install.go:176: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/assets/43504692
02:19:49 install.go:194: [DEBUG] Downloaded to /var/folders/ds/c5vrpyx94xv7xxzvrf9_qyx00000gn/T/tflint-download-temp-file-524633255
02:19:49 install.go:116: [DEBUG] Verified signature successfully
02:19:49 install.go:119: [DEBUG] Download tflint-ruleset-aws_darwin_amd64.zip
02:19:49 install.go:176: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/assets/43504240
02:19:51 install.go:194: [DEBUG] Downloaded to /var/folders/ds/c5vrpyx94xv7xxzvrf9_qyx00000gn/T/tflint-download-temp-file-216159706
02:19:51 install.go:135: [DEBUG] Matched checksum successfully
02:19:51 install.go:210: [DEBUG] file found in zip: tflint-ruleset-aws
02:19:54 install.go:141: [DEBUG] Installed /Users/watanabekazuma/.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.7.0/tflint-ruleset-aws successfully
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.7.0)
And the checksum of the zip file seems to match the expected output:
% shasum -a 256 ~/Downloads/tflint-ruleset-aws_darwin_amd64.zip
dc13dec45ed96e3e30d363015416bff1ac5b64334db2e24e66273418fd9d9bd8 /Users/watanabekazuma/Downloads/tflint-ruleset-aws_darwin_amd64.zip
It is possible that the downloaded file is actually corrupted.
FWIW, I'm still trying to isolate when and, ideally, how, this is happening. I'll report back when I have more data.
It seems that there is no update for a while, so I will close it. If you find the cause, open a new issue.
Having the same issue with newest version:
.tflint.hcl
:
plugin "aws" {
enabled = true
version = "0.8.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
tflint --init
output:
➜ TFLINT_LOG=debug tflint --init
16:17:01 config.go:105: [INFO] Load config: .tflint.hcl
16:17:01 config.go:324: [DEBUG] Config loaded
16:17:01 config.go:325: [DEBUG] Module: false
16:17:01 config.go:326: [DEBUG] Force: false
16:17:01 config.go:327: [DEBUG] IgnoreModules: map[string]bool{}
16:17:01 config.go:328: [DEBUG] Varfiles: []string{}
16:17:01 config.go:329: [DEBUG] Variables: []string{}
16:17:01 config.go:330: [DEBUG] DisabledByDefault: false
16:17:01 config.go:331: [DEBUG] Rules: map[string]*tflint.RuleConfig{}
16:17:01 config.go:332: [DEBUG] Plugins: map[string]*tflint.PluginConfig{"aws":(*tflint.PluginConfig)(0xc00096e300)}
Installing `aws` plugin...
16:17:01 install.go:80: [DEBUG] Mkdir plugin dir: /Users/scott.lundgren/.tflint.d/plugins/github.com/terraform-linters/tflint-ruleset-aws/0.8.0
16:17:01 install.go:153: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/tags/v0.8.0
16:17:01 install.go:160: [DEBUG] asset found: checksums.txt
16:17:01 install.go:160: [DEBUG] asset found: checksums.txt.sig
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_darwin_amd64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_darwin_arm64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_386.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_amd64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_arm.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_freebsd_arm64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_386.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_amd64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_arm.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_linux_arm64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_netbsd_386.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_netbsd_amd64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_netbsd_arm.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_386.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_amd64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_arm.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_openbsd_arm64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_386.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_amd64.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_arm.zip
16:17:01 install.go:160: [DEBUG] asset found: tflint-ruleset-aws_windows_arm64.zip
16:17:01 install.go:90: [DEBUG] Download checksums.txt
16:17:01 install.go:176: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/assets/46653909
16:17:02 install.go:194: [DEBUG] Downloaded to /var/folders/sj/7kjnx3r961vfw9_2qmqp9c040000gp/T/tflint-download-temp-file-298348246
16:17:02 install.go:101: [DEBUG] Download checksums.txt.sig
16:17:02 install.go:176: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/assets/46654142
16:17:02 install.go:194: [DEBUG] Downloaded to /var/folders/sj/7kjnx3r961vfw9_2qmqp9c040000gp/T/tflint-download-temp-file-574295485
16:17:02 install.go:116: [DEBUG] Verified signature successfully
16:17:02 install.go:119: [DEBUG] Download tflint-ruleset-aws_darwin_amd64.zip
16:17:02 install.go:176: [DEBUG] Request to https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/assets/46653920
16:17:04 install.go:194: [DEBUG] Downloaded to /var/folders/sj/7kjnx3r961vfw9_2qmqp9c040000gp/T/tflint-download-temp-file-1782996149
Failed to install a plugin. An error occurred:
Error: Failed to verify checksums: Failed to match checksums: expected=d77dfae9e706f2193738fab1f78be7699c566b076241dfd69801aa8b2fd35c1f, actual=608ea4ef91a41bf621fd9f7e1f79254dd784dede5b21e21f3aa97bb42b825a94
Checksums don't match with manual fetch:
➜ curl -L https://github.com/terraform-linters/tflint-ruleset-aws/releases/download/v0.8.0/checksums.txt -s -o checksums.txt
➜ curl -L https://github.com/terraform-linters/tflint-ruleset-aws/releases/download/v0.8.0/tflint-ruleset-aws_darwin_amd64.zip -s -o tflint-ruleset-aws_darwin_amd64.zip
➜ grep darwin_amd checksums.txt
d77dfae9e706f2193738fab1f78be7699c566b076241dfd69801aa8b2fd35c1f tflint-ruleset-aws_darwin_amd64.zip
➜ shasum -a 256 tflint-ruleset-aws_darwin_amd64.zip
608ea4ef91a41bf621fd9f7e1f79254dd784dede5b21e21f3aa97bb42b825a94 tflint-ruleset-aws_darwin_amd64.zip
OS: MacOS Big Sur 11.6 (20G165) Model Identifier: MacBookPro16,1
Failed to verify checksums error
also occurs when .tflint.hcl
is set to version = "0.7.0"
as OP, and version = "0.7.2"
I'm still trying to narrow things down, but in my case, I believe it's related to security software installed on my machine. I've seen this with a few other packages now, as well.
Edit: I seem to be getting a unique checksum compared to your example:
❯ curl -L https://github.com/terraform-linters/tflint-ruleset-aws/releases/download/v0.8.0/checksums.txt -s -o checksums.txt
curl -L https://github.com/terraform-linters/tflint-ruleset-aws/releases/download/v0.8.0/tflint-ruleset-aws_darwin_amd64.zip -s -o tflint-ruleset-aws_darwin_amd64.zip
grep darwin_amd checksums.txt
shasum -a 256 tflint-ruleset-aws_darwin_amd64.zip
d77dfae9e706f2193738fab1f78be7699c566b076241dfd69801aa8b2fd35c1f tflint-ruleset-aws_darwin_amd64.zip
c19009917db156253f0a3d0a20fb4da32cea4b9c26c9dbdcefc21852e4bd2abc tflint-ruleset-aws_darwin_amd64.zip
This error is on my corporate machine that does have security software installed. I'll try on my home machine with no security software installed to see if there are different results.
My home machine (OS: MacOS Big Sur 11.6, Model Identifier: 12,1) didn't have this problem so it's definitely security software.
Reached out to corporate security (for anyone else that hits this thread as a search result), who confirmed the problem is caused by Netskope. Basically, it's unpacking the zips to inspect them, and then rezipping over the top of the archive so you end up with a slightly different compression ratio and so the hash fails. 😞
The solution is to ask your security team to allow your machine to not inspect the tflint ruleset packages.
Yes. It’s Netskope in my case, as well. Thank you for the update!
Netskope here, same error, may thanks for reporting this.
When following the directions in the README, I'm getting an error stating that there was a checksum mismatch.
.tflint.hcl
:tflint --init
output: