It's my understanding via the docs that if shasum is installed tfenv will use it to verify the downloaded SHA hash file. However, this doesn't seem to be the case below. Have I misinterpreted the docs below?
If shasum is present in the path, tfenv will verify the download against Hashicorp's published sha256 hash. If keybase is available in the path it will also verify the signature for those published hashes using Hashicorp's published public key.
root@65ed65f066cf:~# which shasum
/usr/bin/shasum
root@65ed65f066cf:~# shasum --version
6.02
root@65ed65f066cf:~# tfenv --version
tfenv 3.0.0
root@65ed65f066cf:~# tfenv use 1.3.0
No installed versions of terraform matched '1.3.0:^1.3.0$'. Trying to install a matching version since TFENV_AUTO_INSTALL=true
Installing Terraform v1.3.0
Downloading release tarball from https://releases.hashicorp.com/terraform/1.3.0/terraform_1.3.0_linux_amd64.zip
################################################################################################################################################################################################################################## 100.0%
Downloading SHA hash file from https://releases.hashicorp.com/terraform/1.3.0/terraform_1.3.0_SHA256SUMS
Not instructed to use Local PGP (/root/.tfenv/use-{gpgv,gnupg}) & No keybase install found, skipping OpenPGP signature verification
Archive: /tmp/tfenv_download.0JOhOj/terraform_1.3.0_linux_amd64.zip
inflating: /root/.tfenv/versions/1.3.0/terraform
Installation of terraform v1.3.0 successful. To make this your default version, run 'tfenv use 1.3.0'
Switching default version to v1.3.0
Default version (when not overridden by .terraform-version or TFENV_TERRAFORM_VERSION) is now: 1.3.0
It's my understanding via the docs that if
shasumis installed tfenv will use it to verify the downloaded SHA hash file. However, this doesn't seem to be the case below. Have I misinterpreted the docs below?