Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-2152

Mender client should log whether it verified artifact's digital signature

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Lowest
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.2, 1.6.1, 1.7.0
    • Labels:
      None

      Description

      Currently there is no way for a developer to confirm that the mender client verified a downloaded artifact's digital signature. The log output looks the same whether there was no attempt to verify, or there was a successful verification. Add a log message so that the developer can inspect a deployment log and confirm that a bad signature would be rejected if attempted.

      Acceptance Criteria:

      • There must be no change in the logging or console output from the shared library mender-artifact, because it is used by code other than the mender client.
      • If the mender client approves a downloaded artifact without verifying the digital signature (for example, because it is not configured with any public key to do so), log an INFO message indicating such.
      • If the mender client approves a downloaded artifact after verifying a digital signature, log an INFO message indicating such.

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                don_cross Don Cross
                Reporter:
                don_cross Don Cross
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support

                    Summary Panel