binaryape
commented
1 year ago When I run for i in {1..10}; do mdqt check ukfederation-metadata.xml --verbose --verify-with ./ukfederation.pem ; done 10/10 pass
When I run for i in {1..10}; do mdqt check /var/folders/2f/852dg3vs5q9_h79x9d6m_0jc0000gn/T/smeevf-1672860083-38895-c51v73 --verbose --verify-with ./ukfederation.pem ; done a few fails each time, maybe 8/10 pass
It's a copy of the same file, just in a temp dir.
When I run a Benchee test loadtesting mdqt as a backend, in a user home directory, some will sometimes fail, so there's still a failure chance when not in a temp directory, it just seems higher in the temp directory.
Running benchmarks for Smee revealed an unusual bug: about 3 in 7 runs to check the signatures of large metadata aggregate files will fail.
Failure seems more likely if loading XML files from a Mac /var/folders temp directory.
Loading the same files to simply validate the XML never fails, so it isn't an issue with loading the data correctly.
It appears to be an issue inside the
xmldsiglibrary, but possibly only on M/Arm Macs.It also might not happen for small (MDQ-style) metadata files.