Details
-
Type:
Task
-
Status: Open
-
Priority:
(None)
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:
-
Days in progress:0
Description
In working on a project using Mender, I've found that Mender defaults to putting the client private key in the same folder with "mender-store" which seemingly needs to be read/write all the time.
This default behavior leaves the client private key vulnerable to corruption or inconsistency when on a read/write partition in environments that may not allow for graceful shutdowns. Even with a robust journaling filesystem (which may not always be possible, depending on the application), there is always a chance for data corruption. If not on the filesystem layer, then even possibly at the FTL level for solid-state storage devices.
Being able to specify mender-agent.pem location would resolve this.
As an aside, another idiosyncrasy that I'm not sure deserves its own issue, is that upon 'mender -bootstrap' the application will remove "mender-agent.pem" (or at least not follow symlinks). This makes relocation of the file difficult as bootstrapping a system this way means creating the file, then moving it, then creating a symlink.