Signature verification failed error and the arduino-fwuploader tool panics with ver 1.x.y

[rsora]

Bug Report

Current behavior

I get Signature verification failed error and the arduino-fwuploader tool panics:

$ arduino-fwuploader firmware list
signature verification failed: index "https://downloads.arduino.cc/arduino-fwuploader/boards/module_firmware_index.json.gz" has an invalid signature
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8c162e]
goroutine 1 [running]:
github.com/arduino/arduino-fwuploader/cli/firmware.list(0x0, 0x0)
        /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/cli/firmware/list.go:66 +0x4e
github.com/arduino/arduino-fwuploader/cli/firmware.newListCommand.func1(0xc00027e280, 0xd89330, 0x0, 0x0)
        /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/cli/firmware/list.go:42 +0x39
github.com/spf13/cobra.(*Command).execute(0xc00027e280, 0xd89330, 0x0, 0x0, 0xc00027e280, 0xd89330)
        /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:856 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0xc0001cd680, 0x0, 0x0, 0xffffffff)
        /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
        /home/umberto/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897
main.main()
        /home/umberto/Nextcloud/8tb/Lavoro/arduino-fwuploader/main.go:35 +0x3c

Expected behavior

I expect the tool to list correctly all the available firmware for the supported boards like:

$ arduino-fwuploader firmware list
Board                       FQBN                                Module     Version
Arduino MKR1000             arduino:samd:mkr1000                WINC1500   19.4.4 
Arduino MKR1000             arduino:samd:mkr1000                WINC1500   19.5.2 
Arduino MKR1000             arduino:samd:mkr1000                WINC1500   19.5.4 
Arduino MKR1000             arduino:samd:mkr1000                WINC1500 ✔ 19.6.1 
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.0.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.1.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.1  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.2  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.3  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.2.4  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.3.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.0  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.1  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.2  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.3  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.4  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.5  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA       1.4.6  
Arduino MKR WiFi 1010       arduino:samd:mkrwifi1010            NINA     ✔ 1.4.7  
Arduino NANO 33 IoT         arduino:samd:nano_33_iot            NINA       1.0.0  
[ ... ]

Environment

• Updater version: arduino-fwuploader Version: 1.0.2 Commit: 1289a0c Date: 2021-07-28T10:29:45Z
• OS and platform: All

Additional context

This issue is caused by a replace of the GPG keypair used to sign and verify the module_firmware_index.json that contains all the information related to the boards and their modules (see #90).
Unfortunately we had to replace the GPG keypair due to a private key leak that ended up to be published on an Arduino public facing data store

[rsora]

This issue is solved in release 2.0.0 and newer (see #90)