Details
-
Type:
Bug
-
Status: Done
-
Priority:
(None)
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: Kanban_Cleanup_2020_06_20
-
Labels:
-
Sprint:MEN Sprint 96
-
Backlog:yes
-
Days in progress:0
Description
The "mender-artifact validate" command returns success even though the Artifact is signed and it does not seem to check the signature.
My expectation was for it to fail unless I pass the "-k" option if the Artifact is signed. If the command is working as intended we should update the description what is validated when.
mender-artifact validate my-container-update-1.0-signed.mender Artifact file 'my-container-update-1.0-signed.mender' validated successfully $ mender-artifact read my-container-update-1.0-signed.mender Mender artifact: Name: my-container-update-1.0 Format: mender Version: 3 Signature: signed; verification using provided key failed Compatible devices: '[my-device-type]' Provides group: Depends on one of artifact(s): [] Depends on one of group(s): [] State scripts: Updates: 0: Type: docker Provides: Nothing Depends: Nothing Metadata: { "containers": [ "debian@sha256:e25b64a9cf82c72080074d6b1bba7329cdd752d51574971fd37731ed164f3345" ] }
Attachments
Release management
Issue Links
- relates to
-
MEN-2155 Mender-artifact validate passes unsigned artifact when key specified
-
- Done
-