arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-17 22:23:10 +03:00
Code Activity

Introducing GPG signature verification when loading main package_index file

Browse Source
This commit is contained in:
Federico Fissore
2015-04-30 11:17:27 +02:00
parent 804480ce53
commit cf1879f948
31 changed files with 1039 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
arduino-core/src/processing/app/BaseNoGui.java
View File

@ -1,5 +1,6 @@
package processing.app;
import cc.arduino.contributions.SignatureVerificationFailedException;
import cc.arduino.contributions.libraries.LibrariesIndexer;
import cc.arduino.contributions.packages.ContributedTool;
import cc.arduino.contributions.packages.ContributionsIndexer;
@ -581,6 +582,7 @@ public class BaseNoGui {
File defaultPackageJsonFile = new File(getContentFile("dist"), "package_index.json");
if (!indexFile.isFile() || (defaultPackageJsonFile.isFile() && defaultPackageJsonFile.lastModified() > indexFile.lastModified())) {
FileUtils.copyFile(defaultPackageJsonFile, indexFile);
FileUtils.copyFile(new File(getContentFile("dist"), "package_index.json.sig"), new File(indexFile.getParent(), "package_index.json.sig"));
} else if (!indexFile.isFile()) {
// Otherwise create an empty packages index
FileOutputStream out = null;
@ -594,7 +596,13 @@ public class BaseNoGui {
}
}
}
indexer.parseIndex();
try {
indexer.parseIndex();
} catch (SignatureVerificationFailedException e) {
indexFile.delete();
throw e;
}
indexer.syncWithFilesystem(getHardwareFolder());
packages = new HashMap<String, TargetPackage>();