[MEN-2802] mender-artifact validate does not validate signature - Northern.tech AS

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: (None)
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Kanban_Cleanup_2020_06_20
Labels:
- Client

Days in progress:
0

Description

The "mender-artifact validate" command returns success even though the Artifact is signed and it does not seem to check the signature.

My expectation was for it to fail unless I pass the "-k" option if the Artifact is signed. If the command is working as intended we should update the description what is validated when.

mender-artifact validate my-container-update-1.0-signed.mender 
Artifact file 'my-container-update-1.0-signed.mender' validated successfully
$ mender-artifact read my-container-update-1.0-signed.mender 
Mender artifact:
  Name: my-container-update-1.0
  Format: mender
  Version: 3
  Signature: signed; verification using provided key failed
  Compatible devices: '[my-device-type]'
  Provides group: 
  Depends on one of artifact(s): []
  Depends on one of group(s): []
  State scripts:
Updates:
    0:
    Type:   docker
    Provides: Nothing
    Depends: Nothing
    Metadata:
    {
      "containers": [
        "debian@sha256:e25b64a9cf82c72080074d6b1bba7329cdd752d51574971fd37731ed164f3345"
      ]
    }

Attachments

Issue Links

relates to

MEN-2155 Mender-artifact validate passes unsigned artifact when key specified

Done

Activity

People

Assignee:

Lluís Campos

Reporter:

Mirza Krak

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

24/Sep/19 10:27 AM

Updated:

29/Jun/20 8:32 PM

Resolved:

02/Oct/19 10:33 AM