bug: chalk hanging on chalking jar files with cosign

[indecisivedragon]

Description

Initially reported by @thc202, debugging with @miki725 and @indecisivedragon. @miki725 was unable to reproduce locally but I was.

Running chalk insert on a .jar file with cosign enabled results in chalk hanging, suspected cause is file descriptor issue on read but not sure exactly.

Impact

Chalking java projects is def broken, so holding up all the zap work. Also may be some bigger bugs in the underlying file descriptor code that we are passing around when we call cosign.

Steps to Reproduce

1. build chalk latest
2. run chalk setup to generate keypairs (+ copy down the password)
3. CHALK_PASSWORD=[password] ./chalk insert --trace --config-file=cosign.c4m test_zap/zap-2.15.0-SNAPSHOT.jar (or whatever .jar file you happen to have handy. The files that I tested against were too large to be uploaded to github so ping me on slack if you need them because slack doesn't care.
4. observe chalk hangs

Other Information

The arguments passed to cosign via chalk are:

trace: @["sign-blob", "--tlog-upload=false", "--yes", "--key", "chalk.key", "-"]

with blob:

trace: 72a4f5fb2eeaa82e24302ebe2d320a1f3016be091f7690f9e538a3a6755ca22f1514536cd37096634d9582923a094d543d9941da81b4858ca023c6a9b6fc3bfb

and default cosign location found in PATH. Calling cosign manually with this input does NOT cause cosign to fail or hang, so this is not a cosign error.

After some debugging, it looks like we are hanging somewhere in sb_operate_switchboard function in nimutils/c/switchboard.c, so this looks likely to be a nimutils error. The select statement seems to be returning a -1 with bad file descriptor error.