Currently there is no way for a developer to confirm that the mender client verified a downloaded artifact's digital signature. The log output looks the same whether there was no attempt to verify, or there was a successful verification. Add a log message so that the developer can inspect a deployment log and confirm that a bad signature would be rejected if attempted.
- There must be no change in the logging or console output from the shared library mender-artifact, because it is used by code other than the mender client.
- If the mender client approves a downloaded artifact without verifying the digital signature (for example, because it is not configured with any public key to do so), log an INFO message indicating such.
- If the mender client approves a downloaded artifact after verifying a digital signature, log an INFO message indicating such.