Release 0.6.1 includes root-level file /vault-gpg-plugin.sha256sum

[jdelic]

Compare the file list of v0.5.0:

[vagrant@saltmaster ~]$ unzip -l linux_amd64-0.5.0.zip
Archive:  linux_amd64-0.5.0.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
       83  2021-12-29 19:23   linux_amd64.sha256sum
 25688745  2021-12-29 19:23   vault-gpg-plugin
---------                     -------
 25688828                     2 files

to the file list of 0.6.1:

[vagrant@saltmaster ~]$ unzip -l linux_amd64-0.6.1.zip
Archive:  linux_amd64-0.6.1.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
       83  2023-06-17 09:46   /vault-gpg-plugin.sha256sum
     1075  2023-06-17 09:38   LICENSE
     2098  2023-06-17 09:38   README.md
    13451  2023-06-17 09:38   docs/http-api.md
 20508672  2023-06-17 09:37   vault-gpg-plugin
---------                     -------
 20525379                     5 files

The root path included in the zip unfortunately wreaks havoc with my tooling as unzipping will fail because of missing write privileges and using -j will return an exit code != 0. But even if this didn't create mundane problems with my server automations, it's also just bad form :).

It would be great if you could find the time to create a release without the path. Thank you for the great plugin, though.

[LeSuisse]

Thanks for the report, this is now fixed in 0.6.2.

The root path included in the zip unfortunately wreaks havoc with my tooling as unzipping will fail because of missing write privileges and using -j will return an exit code != 0.

Note that you should probably consider fixing this: a malicious zip file could overwrite your .bashrc or .ssh/authorized_keys for example in a attempt to execute code/get access.