Bad Goss sha256sum in generated verify.yml

[Tetragramato]

Issue Type

• Bug report

Molecule and Ansible details

ansible 2.7.1
  config file = None
  configured module search path = [u'/Users/vivienbrissat/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.15 (default, Sep 12 2018, 13:24:28) [GCC 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.1)]
molecule, version 2.19.0

Molecule installation method (one of):

• pip

Ansible installation method (one of):

• OS package (brew)

Detail any linters or test runners used:

Actual sha256sum in verify.yml when generated via molecule init --verifier-name goss

goss_version: v0.3.6
goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec
   

This does not work with molecule test since it's a bad sha256sum, and the playbook can't download Goss.

It seems that the sha256sum has changed

i found that 53dd1156ab66f2c4275fd847372e6329d895cfb2f0bcbec5f86c1c4df7236dde is the actual sha256sum for Goss v0.3.6 (i don't know why ^^).

When i change the checksum in the playbook verify.yml it works fine.

[decentral1se]

Changes in #1646 seem to have updated the SHA too. Seems like we do need to do this if we're dynamically downloading the binary but would be nice to avoid having this included due to maintenance issues like this being avoided. Should goss be vendored? Developers can validate it themselves once and then include the binary.

[Tetragramato]

Thanks, waiting for the merge then ^^

[decentral1se]

Done!