From 066efdf94b55b3125b3d7aa5475ec370cb52117a Mon Sep 17 00:00:00 2001
From: Kaniska <kaniska244@github.com>
Date: Mon, 8 Sep 2025 16:56:52 +0000
Subject: [PATCH 1/2] [terraform] - Fix terraform installation in debian
 trixie(13)

---
 src/terraform/install.sh                      | 22 +++++++++----------
 test/terraform/install_in_ubuntu_trixie.sh    | 19 ++++++++++++++++
 .../install_in_ubuntu_trixie_sentinel.sh      | 22 +++++++++++++++++++
 test/terraform/scenarios.json                 | 16 ++++++++++++++
 4 files changed, 68 insertions(+), 11 deletions(-)
 create mode 100644 test/terraform/install_in_ubuntu_trixie.sh
 create mode 100644 test/terraform/install_in_ubuntu_trixie_sentinel.sh

diff --git a/src/terraform/install.sh b/src/terraform/install.sh
index b1d64c27b..999815a38 100755
--- a/src/terraform/install.sh
+++ b/src/terraform/install.sh
@@ -19,6 +19,8 @@ INSTALL_SENTINEL=${INSTALLSENTINEL:-false}
 INSTALL_TFSEC=${INSTALLTFSEC:-false}
 INSTALL_TERRAFORM_DOCS=${INSTALLTERRAFORMDOCS:-false}
 CUSTOM_DOWNLOAD_SERVER="${CUSTOMDOWNLOADSERVER:-""}"
+# This is because ubuntu noble and debian trixie don't support the old format of GPG keys and validation 
+NEW_GPG_CODENAMES="trixie noble"
 
 TERRAFORM_SHA256="${TERRAFORM_SHA256:-"automatic"}"
 TFLINT_SHA256="${TFLINT_SHA256:-"automatic"}"
@@ -50,13 +52,11 @@ if [ "$(id -u)" -ne 0 ]; then
     exit 1
 fi
 
-# Detect Ubuntu Noble and use new repo setup, else use legacy GPG logic
-IS_NOBLE=0
-if grep -qi 'ubuntu' /etc/os-release; then
-    . /etc/os-release
-    if [[ "$VERSION_CODENAME" == "noble" ]]; then
-        IS_NOBLE=1
-    fi
+# Detect Ubuntu Noble or Debian Trixie and use new repo setup, else use legacy GPG logic
+IS_GPG_NEW=0
+. /etc/os-release
+if [[ "${NEW_GPG_CODENAMES}" == *"${VERSION_CODENAME}"* ]]; then
+    IS_GPG_NEW=1
 fi
 
 # Get the list of GPG key servers that are reachable
@@ -112,7 +112,7 @@ receive_gpg_keys() {
     chmod 700 ${GNUPGHOME}
     
     # Special handling for HashiCorp GPG key on Ubuntu Noble
-    if [ "$IS_NOBLE" -eq 1 ] && [ "$keys" = "$TERRAFORM_GPG_KEY" ]; then
+    if [ "$IS_GPG_NEW" -eq 1 ] && [ "$keys" = "$TERRAFORM_GPG_KEY" ]; then
         echo "(*) Ubuntu Noble detected, using Keybase for HashiCorp GPG key import...."
         curl -fsSL https://keybase.io/hashicorp/pgp_keys.asc | gpg --import
         if ! gpg --list-keys "${TERRAFORM_GPG_KEY}" > /dev/null 2>&1; then
@@ -400,7 +400,7 @@ verify_signature() {
 
     receive_gpg_keys "$gpg_key"
     verify_result=$?
-    if [ $verify_result -ne 0 ] && [ "$IS_NOBLE" -eq 1 ]; then
+    if [ $verify_result -ne 0 ] && [ "$IS_GPG_NEW" -eq 1 ]; then
         echo "Skipping the gpg key validation for ubuntu noble as unable to import the key."
         return 1
     fi
@@ -429,7 +429,7 @@ fi
 if [ "${TERRAFORM_SHA256}" != "dev-mode" ]; then
     if [ "${TERRAFORM_SHA256}" = "automatic" ]; then
         # For Ubuntu Noble, try GPG verification but continue if it fails
-        if [ "$IS_NOBLE" -eq 1 ]; then
+        if [ "$IS_GPG_NEW" -eq 1 ]; then
             echo "(*) Ubuntu Noble detected - attempting GPG verification with fallback..."
             set +e
             sha256sums_url="${HASHICORP_RELEASES_URL}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS"
@@ -543,7 +543,7 @@ if [ "${INSTALL_SENTINEL}" = "true" ]; then
     if [ "${SENTINEL_SHA256}" != "dev-mode" ]; then
         if [ "${SENTINEL_SHA256}" = "automatic" ]; then
             # For Ubuntu Noble, try GPG verification but continue if it fails
-            if [ "$IS_NOBLE" -eq 1 ]; then
+            if [ "$IS_GPG_NEW" -eq 1 ]; then
                 echo "(*) Ubuntu Noble detected - attempting Sentinel GPG verification with fallback..."
                 set +e
                 sha256sums_url="${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS"
diff --git a/test/terraform/install_in_ubuntu_trixie.sh b/test/terraform/install_in_ubuntu_trixie.sh
new file mode 100644
index 000000000..9b03a3a60
--- /dev/null
+++ b/test/terraform/install_in_ubuntu_trixie.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+# Import test library
+source dev-container-features-test-lib
+
+# Check to make sure the user is vscode
+check "user is vscode" whoami | grep vscode
+
+# Check if terraform was installed correctly
+check "terraform installed" terraform --version
+
+check "tflint" tflint --version
+
+# Report results
+reportResults
+
+
diff --git a/test/terraform/install_in_ubuntu_trixie_sentinel.sh b/test/terraform/install_in_ubuntu_trixie_sentinel.sh
new file mode 100644
index 000000000..467106785
--- /dev/null
+++ b/test/terraform/install_in_ubuntu_trixie_sentinel.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+# Import test library for `check` command
+source dev-container-features-test-lib
+
+# Check to make sure the user is vscode
+check "user is vscode" whoami | grep vscode
+
+# Check if terraform was installed correctly
+check "terraform installed" terraform --version
+
+check "tflint" tflint --version
+
+# Sentinel specific tests
+check "sentinel" sentinel --version
+
+# Report result
+reportResults
+
+
diff --git a/test/terraform/scenarios.json b/test/terraform/scenarios.json
index 81945d042..09bb0f598 100644
--- a/test/terraform/scenarios.json
+++ b/test/terraform/scenarios.json
@@ -1,4 +1,20 @@
 {
+    "install_in_ubuntu_trixie": {
+        "image": "mcr.microsoft.com/devcontainers/base:trixie",
+        "features": {
+            "terraform": {
+                "version": "latest"
+            }
+        }
+    },
+    "install_in_ubuntu_trixie_sentinel": {
+        "image": "mcr.microsoft.com/devcontainers/base:trixie",
+        "features": {
+            "terraform": {
+                "installSentinel": true
+            }
+        }
+    },    
     "install_in_ubuntu_noble": {
         "image": "mcr.microsoft.com/devcontainers/base:noble",
         "features": {

From 720afa7060b9fd550a36a7ec39c18523e998f966 Mon Sep 17 00:00:00 2001
From: Kaniska <kaniska244@github.com>
Date: Mon, 8 Sep 2025 17:02:10 +0000
Subject: [PATCH 2/2] Version bump

---
 src/terraform/devcontainer-feature.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/terraform/devcontainer-feature.json b/src/terraform/devcontainer-feature.json
index ceee4979e..a72f18993 100644
--- a/src/terraform/devcontainer-feature.json
+++ b/src/terraform/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "terraform",
-    "version": "1.4.1",
+    "version": "1.4.2",
     "name": "Terraform, tflint, and TFGrunt",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/terraform",
     "description": "Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.",