plugin/discovery: Add friendly gpg err msg

When GPG verification fails, display a helpful message to the user instead of the generic openpgp error.
hashicorp · Nov 16, 2018 · 14c9dd8 · 14c9dd8
1 parent 15f80dc
commit 14c9dd8
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/plugin/discovery/get.go b/plugin/discovery/get.go
@@ -27,6 +27,12 @@ import (
 
 const protocolVersionHeader = "x-terraform-protocol-version"
 
+const gpgVerificationError = `GPG signature verification error:
+Terraform was unable to verify the GPG signature of the downloaded provider
+files using the keys downloaded from the Terraform Registry. This may mean that
+the publisher of the provider removed the key it was signed with, or that the
+distributed files were changed after this version was released`
+
 var httpClient *http.Client
 
 var errVersionNotFound = errors.New("version not found")
@@ -369,13 +375,14 @@ func (i *ProviderInstaller) getProviderChecksum(urls *response.TerraformProvider
 	asciiArmor := urls.SigningKeys.GPGASCIIArmor()
 	signer, err := verifySig(shasums, signature, asciiArmor)
 	if err != nil {
-		return "", err
+		log.Printf("[ERROR] error verifying signature: %s", err)
+		return "", fmt.Errorf(gpgVerificationError)
 	}
 
 	// Display identity for GPG key which succeeded verifying the signature.
 	// This could also be used to display to the user with i.Ui.Info().
 	identities := []string{}
-	for k, _ := range signer.Identities {
+	for k := range signer.Identities {
 		identities = append(identities, k)
 	}
 	identity := strings.Join(identities, ", ")