Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 5fc8845

Browse files
authored
Use a more helpful message when a 'signature expired' error happens. (#2750)
1 parent 49c154a commit 5fc8845

File tree

3 files changed

+48
-27
lines changed

3 files changed

+48
-27
lines changed

‎internal/arduino/resources/resources_test.go‎

Lines changed: 38 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -131,29 +131,45 @@ func TestIndexDownloadAndSignatureWithinArchive(t *testing.T) {
131131
require.NoError(t, err)
132132
defer ln.Close()
133133
go server.Serve(ln)
134+
defer server.Close()
134135

135-
validIdxURL, err := url.Parse("http://" + ln.Addr().String() + "/valid/package_index.tar.bz2")
136-
require.NoError(t, err)
137-
idxResource := &IndexResource{URL: validIdxURL}
138-
destDir, err := paths.MkTempDir("", "")
139-
require.NoError(t, err)
140-
defer destDir.RemoveAll()
141-
err = idxResource.Download(ctx, destDir, func(curr *rpc.DownloadProgress) {}, downloader.GetDefaultConfig())
142-
require.NoError(t, err)
143-
require.True(t, destDir.Join("package_index.json").Exist())
144-
require.True(t, destDir.Join("package_index.json.sig").Exist())
145-
146-
invalidIdxURL, err := url.Parse("http://" + ln.Addr().String() + "/invalid/package_index.tar.bz2")
147-
require.NoError(t, err)
148-
invIdxResource := &IndexResource{URL: invalidIdxURL}
149-
invDestDir, err := paths.MkTempDir("", "")
150-
require.NoError(t, err)
151-
defer invDestDir.RemoveAll()
152-
err = invIdxResource.Download(ctx, invDestDir, func(curr *rpc.DownloadProgress) {}, downloader.GetDefaultConfig())
153-
require.Error(t, err)
154-
require.Contains(t, err.Error(), "invalid signature")
155-
require.False(t, invDestDir.Join("package_index.json").Exist())
156-
require.False(t, invDestDir.Join("package_index.json.sig").Exist())
136+
{
137+
validIdxURL, err := url.Parse("http://" + ln.Addr().String() + "/valid_signature_in_the_future/package_index.tar.bz2")
138+
require.NoError(t, err)
139+
idxResource := &IndexResource{URL: validIdxURL}
140+
destDir, err := paths.MkTempDir("", "")
141+
require.NoError(t, err)
142+
defer destDir.RemoveAll()
143+
err = idxResource.Download(ctx, destDir, func(curr *rpc.DownloadProgress) {}, downloader.GetDefaultConfig())
144+
require.ErrorContains(t, err, "is your system clock set correctly?")
145+
require.False(t, destDir.Join("package_index.json").Exist())
146+
require.False(t, destDir.Join("package_index.json.sig").Exist())
147+
}
148+
{
149+
validIdxURL, err := url.Parse("http://" + ln.Addr().String() + "/valid/package_index.tar.bz2")
150+
require.NoError(t, err)
151+
idxResource := &IndexResource{URL: validIdxURL}
152+
destDir, err := paths.MkTempDir("", "")
153+
require.NoError(t, err)
154+
defer destDir.RemoveAll()
155+
err = idxResource.Download(ctx, destDir, func(curr *rpc.DownloadProgress) {}, downloader.GetDefaultConfig())
156+
require.NoError(t, err)
157+
require.True(t, destDir.Join("package_index.json").Exist())
158+
require.True(t, destDir.Join("package_index.json.sig").Exist())
159+
}
160+
{
161+
invalidIdxURL, err := url.Parse("http://" + ln.Addr().String() + "/invalid/package_index.tar.bz2")
162+
require.NoError(t, err)
163+
invIdxResource := &IndexResource{URL: invalidIdxURL}
164+
invDestDir, err := paths.MkTempDir("", "")
165+
require.NoError(t, err)
166+
defer invDestDir.RemoveAll()
167+
err = invIdxResource.Download(ctx, invDestDir, func(curr *rpc.DownloadProgress) {}, downloader.GetDefaultConfig())
168+
require.Error(t, err)
169+
require.Contains(t, err.Error(), "invalid signature")
170+
require.False(t, invDestDir.Join("package_index.json").Exist())
171+
require.False(t, invDestDir.Join("package_index.json.sig").Exist())
172+
}
157173
}
158174

159175
func TestIndexFileName(t *testing.T) {
39.5 KB
Binary file not shown.

‎internal/arduino/security/signatures.go‎

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,14 @@
1616
package security
1717

1818
import (
19+
"bytes"
1920
"embed"
2021
"errors"
2122
"io"
2223
"os"
2324

2425
"github.com/ProtonMail/go-crypto/openpgp"
26+
pgperrors "github.com/ProtonMail/go-crypto/openpgp/errors"
2527
"github.com/arduino/arduino-cli/internal/i18n"
2628
"github.com/arduino/go-paths-helper"
2729
)
@@ -71,16 +73,19 @@ func VerifySignature(targetPath *paths.Path, signaturePath *paths.Path, arduinoK
7173
if err != nil {
7274
return false, nil, errors.New(i18n.Tr("retrieving Arduino public keys: %s", err))
7375
}
74-
target, err := targetPath.Open()
76+
target, err := targetPath.ReadFile()
7577
if err != nil {
7678
return false, nil, errors.New(i18n.Tr("opening target file: %s", err))
7779
}
78-
defer target.Close()
79-
signature, err := signaturePath.Open()
80+
signature, err := signaturePath.ReadFile()
8081
if err != nil {
8182
return false, nil, errors.New(i18n.Tr("opening signature file: %s", err))
8283
}
83-
defer signature.Close()
84-
signer, err := openpgp.CheckDetachedSignature(keyRing, target, signature, nil)
84+
signer, err := openpgp.CheckDetachedSignature(keyRing, bytes.NewBuffer(target), bytes.NewBuffer(signature), nil)
85+
86+
if errors.Is(err, pgperrors.ErrSignatureExpired) {
87+
err = errors.New(i18n.Tr("signature expired: is your system clock set correctly?"))
88+
}
89+
8590
return (signer != nil && err == nil), signer, err
8691
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /