NotificationsYou must be signed in to change notification settings
Fork445
Star4.7k

Avoid`signature expired` error on index update, if the clock time is not set correctly.#2744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Closed

cmaglie wants to merge3 commits intoarduino:masterfromcmaglie:gpg_signature_in_the_future

Closed

Avoid`signature expired` error on index update, if the clock time is not set correctly.#2744

cmaglie wants to merge3 commits intoarduino:masterfromcmaglie:gpg_signature_in_the_future

Conversation

Copy link

Member

cmaglie commentedNov 7, 2024•
edited
Loading

Please check if the PR fulfills these requirements

Seehow to contribute

The PR has no duplicates (please search among thePull Requests
before creating one)
The PR follows
our contributing guidelines
Tests for the changes have been added (for bug fixes / features)
Docs have been added / updated (for bug fixes / features)
UPGRADING.md has been updated with a migration guide (for breaking changes)
configuration.schema.json updated if new parameters are added.

What kind of change does this PR introduce?

Some users reported spurious "expired signature" errors. After some investigation, we found that all of them had the wrong system date set on their machine, with a date set in the past. Even if the error says that the signature is "expired", it's a signature that is not yet valid (it will be in the future).
Since we cannot trust the system clock, we recheck the signature with a future date so we may avoid displaying a difficult-to-understand error to the user.

This PR will suppress the, apparently unrelated,signature expired error in such cases.

What is the current behavior?

An index update will trigger asignature expired error if the clock is set to a past date.

What is the new behavior?

If the clock is set to a past date, an index update will no longer trigger asignature expired error.

Does this PR introduce a breaking change, and istitled accordingly?

Other information

cmaglie added3 commits

November 7, 2024 17:55

Added unit-test

3f000e9

Use buffers in signature checks

420f6ef

Do not output 'signature expired' if the signature is valid in the fu…

8a17891

…ture

cmaglie self-assigned this

Nov 7, 2024

cmaglie added this to theArduino CLI v1.1.1 milestone

Nov 7, 2024

cmaglie added type: enhancement

Proposed improvement

topic: codeRelated to content of the project itself labels

Nov 7, 2024

cmaglie requested review fromMatteoPologruto,alessio-perugini andumbynos

November 7, 2024 17:44

Copy link

codecovbot commentedNov 7, 2024•
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.57%. Comparing base(49c154a) to head(8a17891).

Additional details and impacted files

@@            Coverage Diff             @@##           master    #2744      +/-   ##==========================================- Coverage   67.65%   67.57%   -0.09%==========================================  Files         237      237                Lines       22356    22367      +11     ==========================================- Hits        15126    15114      -12- Misses       6036     6063      +27+ Partials     1194     1190       -4