Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3266

Allow mender-agent.pem location to be specified in mender.conf

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Days in progress:
      0

      Description

      In working on a project using Mender, I've found that Mender defaults to putting the client private key in the same folder with "mender-store" which seemingly needs to be read/write all the time.

      This default behavior leaves the client private key vulnerable to corruption or inconsistency when on a read/write partition in environments that may not allow for graceful shutdowns. Even with a robust journaling filesystem (which may not always be possible, depending on the application), there is always a chance for data corruption. If not on the filesystem layer, then even possibly at the FTL level for solid-state storage devices.

      Being able to specify mender-agent.pem location would resolve this.

       

      As an aside, another idiosyncrasy that I'm not sure deserves its own issue, is that upon 'mender -bootstrap' the application will remove "mender-agent.pem" (or at least not follow symlinks). This makes relocation of the file difficult as bootstrapping a system this way means creating the file, then moving it, then creating a symlink.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Kris Kris B
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel