Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-2152

Mender client should log whether it verified artifact's digital signature

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Lowest
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.1, 1.7.0
    • Labels:
      None

      Description

      Currently there is no way for a developer to confirm that the mender client verified a downloaded artifact's digital signature. The log output looks the same whether there was no attempt to verify, or there was a successful verification. Add a log message so that the developer can inspect a deployment log and confirm that a bad signature would be rejected if attempted.

      Acceptance Criteria:

      • There must be no change in the logging or console output from the shared library mender-artifact, because it is used by code other than the mender client.
      • If the mender client approves a downloaded artifact without verifying the digital signature (for example, because it is not configured with any public key to do so), log an INFO message indicating such.
      • If the mender client approves a downloaded artifact after verifying a digital signature, log an INFO message indicating such.

        Attachments

          Activity

            People

            • Assignee:
              don_cross Don Cross
              Reporter:
              don_cross Don Cross
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel