Added flag to allow ignoring signature check on package_index.json

arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java

@@ -80,7 +80,7 @@ public ContributionsIndexer(File preferencesFolder, Platform platform, Signature
 
   public void parseIndex() throws Exception {
     File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
-    if (!signatureVerifier.isSigned(defaultIndexFile)) {
+    if (!PreferencesData.getBoolean("allow_insecure_packages") && !signatureVerifier.isSigned(defaultIndexFile)) {
       throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
     }
     index = parseIndex(defaultIndexFile);

build/shared/lib/preferences.txt

@@ -274,3 +274,10 @@ serial.debug_rate=9600
 
 # default chosen language (none for none)
 editor.languages.current = 
+
+# Debugging/Development Preferences
+# ---------------------------------
+
+# Disable signature check on packages_index.json, use only for
+# development/debugging purposes. Do not enable in production.
+#allow_insecure_packages=true