Running benchmarks for Smee revealed an unusual bug: about 3 in 7 runs to check the signatures of large metadata aggregate files will fail.

Failure seems more likely if loading XML files from a Mac /var/folders temp directory.

Loading the same files to simply validate the XML never fails, so it isn't an issue with loading the data correctly.

It appears to be an issue inside the xmldsig library, but possibly only on M/Arm Macs.

It also might not happen for small (MDQ-style) metadata files.

When I run for i in {1..10}; do mdqt check ukfederation-metadata.xml --verbose --verify-with ./ukfederation.pem ; done 10/10 pass

When I run for i in {1..10}; do mdqt check /var/folders/2f/852dg3vs5q9_h79x9d6m_0jc0000gn/T/smeevf-1672860083-38895-c51v73 --verbose --verify-with ./ukfederation.pem ; done a few fails each time, maybe 8/10 pass

It's a copy of the same file, just in a temp dir.

When I run a Benchee test loadtesting mdqt as a backend, in a user home directory, some will sometimes fail, so there's still a failure chance when not in a temp directory, it just seems higher in the temp directory.