Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-2573

Signing an existing non-rootfs-image artifact breaks the artifact

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Higher
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.1.0, 2.0.1
    • Labels:
    • Days in progress:
      4

      Description

      As an example, take this:

      $ directory-artifact-gen -n test -t test -d /etc -o artifact.mender DIR
      
      Artifact artifact.mender generated successfully:
      Mender artifact:
        Name: test
        Format: mender
        Version: 3
        Signature: no signature
        Compatible devices: '[test]'
        Provides group: 
        Depends on one of artifact(s): []
        Depends on one of group(s): []
        State scripts:
      
      Updates:
          0:
          Type:   directory
          Provides: Nothing
          Depends: Nothing
          Metadata: Nothing
          Files:
            name:     update.tar
            size:     142448640
            modified: 2019-06-03 08:39:05 +0200 CEST
            checksum: 2b06ea661e609254ebe6c3e5e938395acb1ad59d24722f62019b2adeb570eb5c
          Files:
            name:     dest_dir
            size:     5
            modified: 2019-06-03 08:39:05 +0200 CEST
            checksum: ead5422085c3a0d3c789a8da58ff98b3769f4368d27f4847d5c7e313d4060099
      
      $ ./mender-artifact sign -k private.key artifact.mender 
      $ ./mender-artifact read -k public.key artifact.mender 
      
      Mender artifact:
        Name: test
        Format: mender
        Version: 3
        Signature: signed and verified correctly
        Compatible devices: '[test]'
        Provides group: 
        Depends on one of artifact(s): []
        Depends on one of group(s): []
        State scripts:
      
      Updates:
          0:
          Type:   rootfs-image
          Provides: Nothing
          Depends: Nothing
          Metadata: Nothing
          Files:
            name:     mender-repack870492498
            size:     0
            modified: 2019-06-03 08:39:38 +0200 CEST
            checksum: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      

      Note how the signing has destroyed the original contents of the artifact.

      Signing using the -k argument to the write command works, but unfortunately the module artifact generators in 2.0.0 have a bug where this argument can not be passed to mender-artifact, so it requires using the generator from 2.0.x.

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                a10040 Kristian Amlie
                Reporter:
                a10040 Kristian Amlie
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support

                    Summary Panel