Signature verification failed error and the arduino-fwuploader tool panics with ver 1.x.y #93
Description
Bug Report
Current behavior
I get Signature verification failed error and the arduino-fwuploader tool panics:
$ arduino-fwuploader firmware list signature verification failed: index "https://downloads.arduino.cc/arduino-fwuploader/boards/module_firmware_index.json.gz" has an invalid signature panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8c162e] goroutine 1 [running]: github.com/arduino/arduino-fwuploader/cli/firmware.list(0x0, 0x0) /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/cli/firmware/list.go:66 +0x4e github.com/arduino/arduino-fwuploader/cli/firmware.newListCommand.func1(0xc00027e280, 0xd89330, 0x0, 0x0) /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/cli/firmware/list.go:42 +0x39 github.com/spf13/cobra.(*Command).execute(0xc00027e280, 0xd89330, 0x0, 0x0, 0xc00027e280, 0xd89330) /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:856 +0x2c2 github.com/spf13/cobra.(*Command).ExecuteC(0xc0001cd680, 0x0, 0x0, 0xffffffff) /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x375 github.com/spf13/cobra.(*Command).Execute(...) /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897 main.main() /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/main.go:35 +0x3c Expected behavior
I expect the tool to list correctly all the available firmware for the supported boards like:
$ arduino-fwuploader firmware list Board FQBN Module Version Arduino MKR1000 arduino:samd:mkr1000 WINC1500 19.4.4 Arduino MKR1000 arduino:samd:mkr1000 WINC1500 19.5.2 Arduino MKR1000 arduino:samd:mkr1000 WINC1500 19.5.4 Arduino MKR1000 arduino:samd:mkr1000 WINC1500 ✔ 19.6.1 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.0.0 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.1.0 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.2.1 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.2.2 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.2.3 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.2.4 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.3.0 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.0 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.1 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.2 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.3 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.4 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.5 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA 1.4.6 Arduino MKR WiFi 1010 arduino:samd:mkrwifi1010 NINA ✔ 1.4.7 Arduino NANO 33 IoT arduino:samd:nano_33_iot NINA 1.0.0 [ ... ] Environment
- Updater version:
arduino-fwuploader Version: 1.0.2 Commit: 1289a0c Date: 2021-07-28T10:29:45Z - OS and platform: All
Additional context
This issue is caused by a replace of the GPG keypair used to sign and verify the module_firmware_index.json that contains all the information related to the boards and their modules (see #90).
Unfortunately we had to replace the GPG keypair due to a private key leak that ended up to be published on an Arduino public facing data store