Skip to content

Package index signature verification fails silently #1661

New issue
New issue
Closed
#2138
Closed
Package index signature verification fails silently#1661
#2138
Assignees
MatteoPologruto
Labels
topic: codeRelated to content of the project itselftype: imperfectionPerceived defect in any part of project
@alranel

Description

@alranel
alranel
opened on Feb 14, 2022

It looks like the verification of the signature on the package index is failing:

 % arduino-cli core update-index --log-level info -v
INFO[0000] Using config file: /Users/alranel/Library/Arduino15/arduino-cli.yaml
INFO[0000] arduino-cli version 0.21.0
INFO[0000] Checking if CLI is Bundled into the IDE
INFO[0000] Adding libraries dir                          dir=/Users/alranel/Documents/Arduino/libraries location=user
INFO[0000] Executing `arduino-cli core update-index`
INFO[0000] URL: https://downloads.arduino.cc/packages/package_index.json
INFO[0000] Updating index                                url="https://downloads.arduino.cc/packages/package_index.json"
Updating index: package_index.json downloaded
Updating index: package_index.json.sig downloaded
INFO[0000] Checking signature                            error="opening signature file: open /var/folders/47/_57rjy4111jc7dfpgjmcc93w0000gp/T/170775452.sig: no such file or directory" index=/var/folders/47/_57rjy4111jc7dfpgjmcc93w0000gp/T/170775452 signatureFile=/var/folders/47/_57rjy4111jc7dfpgjmcc93w0000gp/T/170775452.sig

If this is an actual failure, shouldn't arduino-cli issue a stronger error or at least a warning?

Just for comparison, when updating the library index there's no information at all about signature verification:

% arduino-cli lib update-index --log-level info -v
INFO[0000] Using config file: /Users/alranel/Library/Arduino15/arduino-cli.yaml
INFO[0000] arduino-cli version 0.21.0
INFO[0000] Checking if CLI is Bundled into the IDE
INFO[0000] Adding libraries dir                          dir=/Users/alranel/Documents/Arduino/libraries location=user
INFO[0000] Executing `arduino-cli lib update-index`
INFO[0000] Updating libraries index
Updating index: library_index.json.gz downloaded
Updating index: library_index.json.sig downloaded

Metadata

Metadata

Assignees

Labels

topic: codeRelated to content of the project itselftype: imperfectionPerceived defect in any part of project

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions