[MEN-2152] Mender client should log whether it verified artifact's digital signature - Northern.tech AS

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: Lowest
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.6.1, 1.7.0
Labels:
None

Description

Currently there is no way for a developer to confirm that the mender client verified a downloaded artifact's digital signature. The log output looks the same whether there was no attempt to verify, or there was a successful verification. Add a log message so that the developer can inspect a deployment log and confirm that a bad signature would be rejected if attempted.

Acceptance Criteria:

There must be no change in the logging or console output from the shared library mender-artifact, because it is used by code other than the mender client.
If the mender client approves a downloaded artifact without verifying the digital signature (for example, because it is not configured with any public key to do so), log an INFO message indicating such.
If the mender client approves a downloaded artifact after verifying a digital signature, log an INFO message indicating such.

Attachments

Activity

People

Assignee:: Don Cross

Reporter:: Don Cross

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Sep/18 5:54 PM

Updated:: 23/Oct/19 10:55 AM

Resolved:: 26/Sep/18 6:02 PM