Terraform: Terraform 0.11.13 (linux_amd64) SHASUM has changed

Very sorry to hear you encountered this issue @brainsik. We unfortunately pushed out new zip files (on March 12) after getting feedback that the Solaris binaries did not got uploaded properly during the initial upload. And while the build was done used the exact same commit SHA, the shasum of the zip files did indeed change.

We are sorry that this happened and that it caused issues in your workflow, as we agree that the shasum should not change after it is released. You can safely update the shasum in your Dockerfile now, it will not be changing again.

To be a bit more explicit, if a situation like this occurs again we plan to issue a new release and not re-issue a previous release.

Hi, this happened again recently. Instead of rebuilding a Docker image with 0.11.13, we upgraded to 0.11.14.

Can you share some logs to see what SHA's were used/expected? I expect they are the same SHA's that are reported in this issue, right?

No changes were made to any released versions after this incident, so if this indeed happened again with different SHA's, something fishy is going on that should be investigated.

If they are indeed the SHA's reported in this issue, you can safely ignore the warning and we should be good.

Our Dockerfile contains lines like:

ENV TERRAFORM_VERSION=0.11.13
ENV TERRAFORM_SHA256SUM=d57dd17c61a63073191503302ea44352ba7a274e2c7944c4b38b97477a347aa5

We're installing the linux_amd_64 release of Terraform after checking the download with the above hash.

According to the SHASUMS file at https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_SHA256SUMS (retrieved moments ago), the current hash for linux_amd_64 should be 5925cd4d81e7d8f42a0054df2aafd66e2ab7408dbed2bd748f0022cfe592f8d2

Those are indeed the same SHA's reported in this issue, so you can safely ignore this particular warning.

Fair, I thought we had fixed this months ago so I'm surprised it popped up again. Sorry to cause any alarm.

The SHA for 0.11.13 changed a couple of months ago after which this issue was opened. As discussed in the issue we acknowledge that it was a mistake to change the SHA (instead of releasing 0.11.14) and will make sure we will not change any new release SHA’s in the future.

That being said, this particular change is already made. So if you still used that old SHA and try to reuse it for a new download, you will still get this warning. There is, unfortunately, no sensible way to fix that for the already released SHA’s.

Hope this helps understanding the issue a bit better.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.