Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit de24c24

Browse files
committed
Do not fail abruptly if signature verification fails
If the package_index.json signature is not valid, a dialog box asking the user to "update" the index is shown instead of a java-exception (or an IDE not running if not started from terminal).
1 parent 842c35b commit de24c24

File tree

3 files changed

+17
-57
lines changed

3 files changed

+17
-57
lines changed

‎arduino-core/src/cc/arduino/contributions/SignatureVerificationFailedException.java

Lines changed: 0 additions & 46 deletions
This file was deleted.

‎arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,14 @@
3131

3232
import cc.arduino.Constants;
3333
import cc.arduino.contributions.DownloadableContribution;
34-
import cc.arduino.contributions.SignatureVerificationFailedException;
3534
import cc.arduino.contributions.SignatureVerifier;
3635
import com.fasterxml.jackson.core.JsonProcessingException;
3736
import com.fasterxml.jackson.databind.DeserializationFeature;
3837
import com.fasterxml.jackson.databind.ObjectMapper;
3938
import com.fasterxml.jackson.module.mrbean.MrBeanModule;
4039
import org.apache.commons.compress.utils.IOUtils;
40+
41+
import processing.app.BaseNoGui;
4142
import processing.app.Platform;
4243
import processing.app.PreferencesData;
4344
import processing.app.debug.TargetPackage;
@@ -86,15 +87,21 @@ public void parseIndex() throws Exception {
8687
File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
8788
if (defaultIndexFile.exists()) {
8889
// Check main index signature
89-
if (!signatureVerifier.isSigned(defaultIndexFile)) {
90-
if (PreferencesData.areInsecurePackagesAllowed()) {
91-
System.err.println(format(tr("Warning: forced trusting untrusted contributions")));
92-
} else {
93-
throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
94-
}
90+
if (signatureVerifier.isSigned(defaultIndexFile)) {
91+
mergeContributions(defaultIndexFile);
92+
} else if (PreferencesData.areInsecurePackagesAllowed()) {
93+
System.err.println(format(tr("Warning: forced trusting untrusted contributions")));
94+
mergeContributions(defaultIndexFile);
95+
} else {
96+
BaseNoGui
97+
.showWarning(Constants.DEFAULT_INDEX_FILE_NAME,
98+
tr("A package index has an invalid signature and needs to updated.\n"
99+
+ "Please open the Board Manager from the menu\n"
100+
+ "\n" //
101+
+ " Tools -> Board -> Board Manager\n"
102+
+ "\nto update it"),
103+
null);
95104
}
96-
97-
mergeContributions(defaultIndexFile);
98105
}
99106

100107
// Set main and bundled indexes as trusted

‎arduino-core/src/processing/app/BaseNoGui.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22

33
import cc.arduino.Constants;
44
import cc.arduino.contributions.GPGDetachedSignatureVerifier;
5-
import cc.arduino.contributions.SignatureVerificationFailedException;
65
import cc.arduino.contributions.VersionComparator;
76
import cc.arduino.contributions.libraries.LibrariesIndexer;
87
import cc.arduino.contributions.packages.ContributedPlatform;
@@ -482,7 +481,7 @@ static public void initPackages() throws Exception {
482481

483482
try {
484483
indexer.parseIndex();
485-
} catch (JsonProcessingException | SignatureVerificationFailedExceptione) {
484+
} catch (JsonProcessingException e) {
486485
File indexFile = indexer.getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
487486
File indexSignatureFile = indexer.getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME + ".sig");
488487
indexFile.delete();

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /