From 0379531a69117752bf4bafa89438f0a2785886db Mon Sep 17 00:00:00 2001
From: Matteo Pologruto <m.pologruto@ext.arduino.cc>
Date: Wed, 5 Apr 2023 16:32:46 +0200
Subject: [PATCH] Issue a warning when the signature verification fails

---
 arduino/cores/packageindex/index.go | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/arduino/cores/packageindex/index.go b/arduino/cores/packageindex/index.go
index 45e572a0e32..7a94e2c4bc7 100644
--- a/arduino/cores/packageindex/index.go
+++ b/arduino/cores/packageindex/index.go
@@ -381,18 +381,22 @@ func LoadIndex(jsonIndexFile *paths.Path) (*Index, error) {
 	}
 
 	jsonSignatureFile := jsonIndexFile.Parent().Join(jsonIndexFile.Base() + ".sig")
-	trusted, _, err := security.VerifyArduinoDetachedSignature(jsonIndexFile, jsonSignatureFile)
-	if err != nil {
-		logrus.
-			WithField("index", jsonIndexFile).
-			WithField("signatureFile", jsonSignatureFile).
-			WithError(err).Infof("Checking signature")
+	if jsonSignatureFile.Exist() {
+		trusted, _, err := security.VerifyArduinoDetachedSignature(jsonIndexFile, jsonSignatureFile)
+		if err != nil {
+			logrus.
+				WithField("index", jsonIndexFile).
+				WithField("signatureFile", jsonSignatureFile).
+				WithError(err).Warnf("Checking signature")
+		} else {
+			logrus.
+				WithField("index", jsonIndexFile).
+				WithField("signatureFile", jsonSignatureFile).
+				WithField("trusted", trusted).Infof("Checking signature")
+			index.IsTrusted = trusted
+		}
 	} else {
-		logrus.
-			WithField("index", jsonIndexFile).
-			WithField("signatureFile", jsonSignatureFile).
-			WithField("trusted", trusted).Infof("Checking signature")
-		index.IsTrusted = trusted
+		logrus.WithField("index", jsonIndexFile).Infof("Missing signature file")
 	}
 	return &index, nil
 }