Added flag to allow ignoring signature check on package_index.json

arduino · Feb 24, 2016 · 14bcf1c · 14bcf1c
1 parent fe02dcb
commit 14bcf1c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java b/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java
@@ -78,7 +78,7 @@ public ContributionsIndexer(File preferencesFolder, Platform platform, Signature
 
   public void parseIndex() throws Exception {
     File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
-    if (!signatureVerifier.isSigned(defaultIndexFile)) {
+    if (!PreferencesData.getBoolean("allow_insecure_packages") && !signatureVerifier.isSigned(defaultIndexFile)) {
       throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
     }
     index = parseIndex(defaultIndexFile);

diff --git a/build/shared/lib/preferences.txt b/build/shared/lib/preferences.txt
@@ -274,3 +274,10 @@ serial.debug_rate=9600
 
 # default chosen language (none for none)
 editor.languages.current = 
+
+# Debugging/Development Preferences
+# ---------------------------------
+
+# Disable signature check on packages_index.json, use only for
+# development/debugging purposes. Do not enable in production.
+#allow_insecure_packages=true