Skip to content

[skip-changelog] Issue a warning when the signature verification fails #2138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 7, 2023
Merged

[skip-changelog] Issue a warning when the signature verification fails #2138

merged 1 commit into from
Apr 7, 2023

Conversation

MatteoPologruto
Copy link
Contributor

Please check if the PR fulfills these requirements

See how to contribute

  • The PR has no duplicates (please search among the Pull Requests
    before creating one)
  • The PR follows
    our contributing guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • UPGRADING.md has been updated with a migration guide (for breaking changes)
  • configuration.schema.json updated if new parameters are added.

What kind of change does this PR introduce?

Code imperfection fix

What is the current behavior?

The verification of the signature on the package index fails silently.

What is the new behavior?

A warning is issued if the signature verification fails.

Does this PR introduce a breaking change, and is titled accordingly?

No

@MatteoPologruto MatteoPologruto added topic: code Related to content of the project itself type: imperfection Perceived defect in any part of project labels Apr 5, 2023
@MatteoPologruto MatteoPologruto self-assigned this Apr 5, 2023
@MatteoPologruto MatteoPologruto linked an issue Apr 5, 2023 that may be closed by this pull request
Package index signature verification fails silently #1661
Closed
@codecov
Copy link

codecov bot commented Apr 5, 2023

Codecov Report

Patch coverage: 60.00% and project coverage change: -0.03 ⚠️

Comparison is base (fe91ec6) 62.59% compared to head (0379531) 62.56%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2138      +/-   ##
==========================================
- Coverage   62.59%   62.56%   -0.03%     
==========================================
  Files         227      227              
  Lines       19533    19537       +4     
==========================================
- Hits        12226    12224       -2     
- Misses       6210     6214       +4     
- Partials     1097     1099       +2
Flag Coverage Δ
unit 62.56% <60.00%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
arduino/cores/packageindex/index.go 90.04% <60.00%> (-2.47%) ⬇️

... and 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@umbynos umbynos merged commit ea066cc into arduino:master Apr 7, 2023
@MatteoPologruto MatteoPologruto deleted the warn-signature-identification branch August 30, 2023 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmaglie cmaglie cmaglie approved these changes

@umbynos umbynos umbynos approved these changes

Assignees

@MatteoPologruto MatteoPologruto

Labels
topic: code Related to content of the project itself type: imperfection Perceived defect in any part of project
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Package index signature verification fails silently
3 participants
@MatteoPologruto @cmaglie @umbynos