Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature verification failed error and the arduino-fwuploader tool panics with ver 1.x.y #93

Closed
rsora opened this issue Jul 28, 2021 · 1 comment
Closed

Signature verification failed error and the arduino-fwuploader tool panics with ver 1.x.y #93

rsora opened this issue Jul 28, 2021 · 1 comment
Assignees
@per1234
Labels
architecture: arm Specific to ARM host architecture criticality: high Of high impact os: linux Specific to Linux operating system os: macos Specific to macOS operating system os: windows Specific to Windows operating system topic: security Related to the protection of user data

Comments

@rsora
Copy link
Contributor

rsora commented Jul 28, 2021
edited
Loading

Bug Report

Current behavior

I get Signature verification failed error and the arduino-fwuploader tool panics:

$ arduino-fwuploader firmware list
signature verification failed: index "https://downloads.arduino.cc/arduino-fwuploader/boards/module_firmware_index.json.gz" has an invalid signature
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8c162e]
goroutine 1 [running]:
github.com/arduino/arduino-fwuploader/cli/firmware.list(0x0, 0x0)
        /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/cli/firmware/list.go:66 +0x4e
github.com/arduino/arduino-fwuploader/cli/firmware.newListCommand.func1(0xc00027e280, 0xd89330, 0x0, 0x0)
        /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/cli/firmware/list.go:42 +0x39
github.com/spf13/cobra.(*Command).execute(0xc00027e280, 0xd89330, 0x0, 0x0, 0xc00027e280, 0xd89330)
        /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:856 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0xc0001cd680, 0x0, 0x0, 0xffffffff)
        /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
        /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897
main.main()
        /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/main.go:35 +0x3c

Expected behavior

I expect the tool to list correctly all the available firmware for the supported boards like:

$ arduino-fwuploader firmware list
Board                       FQBN                                Module     Version
Arduino MKR1000             arduino:samd:mkr1000                WINC1500   19.4.4 
Arduino MKR1000             arduino:samd:mkr1000                WINC1500   19.5.2 
Arduino MKR1000             arduino:samd:mkr1000                WINC1500   19.5.4 
Arduino MKR1000             arduino:samd:mkr1000                WINC1500 ✔ 19.6.1 
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.0.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.1.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.1  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.2  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.3  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.4  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.3.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.1  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.2  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.3  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.4  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.5  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.6  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA     ✔ 1.4.7  
Arduino NANO 33 IoT         arduino:samd:nano_33_iot            NINA       1.0.0  
[ ... ]

Environment

  • Updater version: arduino-fwuploader Version: 1.0.2 Commit: 1289a0c Date: 2021-07-28T10:29:45Z
  • OS and platform: All

Additional context

This issue is caused by a replace of the GPG keypair used to sign and verify the module_firmware_index.json that contains all the information related to the boards and their modules (see #90).
Unfortunately we had to replace the GPG keypair due to a private key leak that ended up to be published on an Arduino public facing data store
@rsora rsora added topic: security Related to the protection of user data architecture: arm Specific to ARM host architecture os: linux Specific to Linux operating system os: macos Specific to macOS operating system os: windows Specific to Windows operating system priority: high Resolution is a high priority labels Jul 28, 2021
@rsora
Copy link
Contributor Author

rsora commented Jul 28, 2021

This issue is solved in release 2.0.0 and newer (see #90)

@rsora rsora pinned this issue Jul 28, 2021
@rsora rsora added criticality: high Of high impact and removed priority: high Resolution is a high priority labels Nov 2, 2021
@per1234 per1234 assigned per1234 and unassigned umbynos Aug 24, 2023
@per1234 per1234 unpinned this issue Aug 24, 2023
@per1234 per1234 closed this as completed Aug 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@per1234 per1234

Labels
architecture: arm Specific to ARM host architecture criticality: high Of high impact os: linux Specific to Linux operating system os: macos Specific to macOS operating system os: windows Specific to Windows operating system topic: security Related to the protection of user data
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@per1234 @umbynos @rsora